For Saudi audit, law & professional firms
Your staff are already using ChatGPT on client work — what should a Saudi firm do about shadow AI?
Assume it's already happening: staff commonly use personal ChatGPT accounts for client work because it makes them faster, not because they're careless. Banning it doesn't stop the behavior — it just pushes the work onto personal phones where the firm has zero visibility. The fix is a sanctioned in-house alternative that is as convenient as ChatGPT but automatically keeps sensitive client data on the firm's own hardware, with every use logged.
What "shadow AI" actually means at your firm
Shadow AI is any AI tool your staff use for work that your firm never evaluated, approved, or even knows about. In practice, at most Saudi audit, accounting, and law firms today, this means a senior associate pasting a client's draft financial statement into their personal ChatGPT account to tidy up the wording, or a junior lawyer running a contract through a free AI tool for a quick second opinion before a partner reviews it. Nobody involved thinks they are doing anything wrong. They are trying to finish the work faster, and consumer AI tools are, for many tasks, genuinely good at that.
This is not a hypothetical risk. Independent workplace surveys, in Saudi Arabia and internationally, have repeatedly found that a large share of employees use AI tools their employer has not sanctioned, often specifically because approved alternatives are slower, more restrictive, or simply don't exist. If your firm has not deliberately rolled out an approved AI tool, it is reasonable to assume some of your staff are already using an unapproved one on real client material.
Why banning ChatGPT doesn't solve anything
The instinctive response — block ChatGPT on the office network, add a line to the employee handbook, send a stern email — feels like governance, but it usually just moves the problem out of sight. Staff who found AI useful before the ban will keep using it, only now on their personal phone over their personal mobile data, completely outside the firm's network, device management, and monitoring. The firm hasn't reduced its exposure; it has surrendered any ability to see it.
A ban only works if the alternative to breaking it is a worse work experience than not using AI at all — and for most knowledge work today, that isn't true. Telling a time-pressured associate "don't use AI" doesn't change what's on their desk; it just changes whether you know how they got through it.
What actually leaks when staff use consumer AI tools
The risk in a professional-services firm is rarely a dramatic hack. It's the ordinary content of a prompt. When someone pastes text into a consumer AI tool to summarize, rewrite, or analyze it, that text can include:
- Client names alongside financial figures, salaries, or account balances
- National ID, Iqama, IBAN, or commercial registration numbers copied straight out of a document
- Unreleased draft audit findings, legal opinions, or advisory reports
- Full contract text, including commercially sensitive terms and pricing
- Internal notes about a client's disputes, weaknesses, or wrongdoing
None of this requires malicious intent. It's simply what a normal day's work looks like when it's summarized, rewritten, or drafted with AI assistance. The exposure is that this content leaves the firm's control and sits inside a consumer account and vendor infrastructure the firm has no visibility into, no contract governing, and no way to audit — which is precisely the kind of exposure that raises PDPL and client-confidentiality questions.
How to find out what's happening in your firm today
Before deciding on a policy, find out what is actually happening. This works better as fact-finding than as an investigation:
- Ask directly, without blame: a short, honest conversation ("are you using ChatGPT or similar tools for client work, and for what?") usually gets a truthful answer, because most staff don't think they're doing anything wrong.
- Run an anonymous survey: people are more candid when the question isn't tied to their name, and you'll get a more realistic picture of how widespread the practice is.
- Check expense reports and corporate card statements for AI subscription charges — well-known AI vendors show up as recognizable line items.
- Ask IT to review firm-network traffic to major AI providers, where that's technically and legally feasible.
The constructive fix: a sanctioned path staff will actually use
A policy document alone cannot stop shadow AI, because a policy can't classify what's inside a prompt before someone hits send — a person has to make that judgment call every single time, under deadline pressure, and eventually someone will get it wrong. What works is giving staff an approved tool that is at least as convenient as what they're already using, with the sensitive-data judgment call handled automatically rather than left to individual discretion in the moment.
Concretely, that means: every prompt is checked for the kind of client-identifying and financial information listed above before it goes anywhere; prompts that don't contain that kind of information can still be answered by a capable AI model, because most day-to-day work genuinely isn't sensitive; and staff don't have to stop and decide which category their question falls into — the system does that classification for them, consistently, every time.
From invisible risk to managed capability
Once AI use happens on a sanctioned, monitored path instead of on personal phones, it stops being a risk you can't see and becomes a capability you can manage: you know which tools are in use, you have a record that a given piece of work went through an AI system, and you can show a client, an auditor, or a regulator what your firm's actual practice is — rather than hoping nothing was ever pasted somewhere it shouldn't have been.
This is the problem Ithbat is built to solve. It installs on hardware your firm already owns and classifies every prompt before it is processed: prompts containing Saudi-sensitive data — national ID or Iqama numbers, IBAN, VAT or commercial-registration numbers, client financial records, and related sensitive terms in Arabic or English — are kept and answered on your own hardware and are never offered to any cloud provider. Everyday, non-sensitive prompts can still be routed to a frontier AI model on your firm's own account, so staff keep the speed they've come to expect. Every inference produces a tamper-evident, hash-chained record, so you have a real answer the next time someone asks what your firm's staff are actually doing with AI.