For Saudi audit, law & professional firms

Your staff are already using ChatGPT on client work — what should a Saudi firm do about shadow AI?

Ithbat guide·Arabic-first·Built in Saudi Arabia
Quick answer

Assume it's already happening: staff commonly use personal ChatGPT accounts for client work because it makes them faster, not because they're careless. Banning it doesn't stop the behavior — it just pushes the work onto personal phones where the firm has zero visibility. The fix is a sanctioned in-house alternative that is as convenient as ChatGPT but automatically keeps sensitive client data on the firm's own hardware, with every use logged.

What "shadow AI" actually means at your firm

Shadow AI is any AI tool your staff use for work that your firm never evaluated, approved, or even knows about. In practice, at most Saudi audit, accounting, and law firms today, this means a senior associate pasting a client's draft financial statement into their personal ChatGPT account to tidy up the wording, or a junior lawyer running a contract through a free AI tool for a quick second opinion before a partner reviews it. Nobody involved thinks they are doing anything wrong. They are trying to finish the work faster, and consumer AI tools are, for many tasks, genuinely good at that.

This is not a hypothetical risk. Independent workplace surveys, in Saudi Arabia and internationally, have repeatedly found that a large share of employees use AI tools their employer has not sanctioned, often specifically because approved alternatives are slower, more restrictive, or simply don't exist. If your firm has not deliberately rolled out an approved AI tool, it is reasonable to assume some of your staff are already using an unapproved one on real client material.

Why banning ChatGPT doesn't solve anything

The instinctive response — block ChatGPT on the office network, add a line to the employee handbook, send a stern email — feels like governance, but it usually just moves the problem out of sight. Staff who found AI useful before the ban will keep using it, only now on their personal phone over their personal mobile data, completely outside the firm's network, device management, and monitoring. The firm hasn't reduced its exposure; it has surrendered any ability to see it.

A ban only works if the alternative to breaking it is a worse work experience than not using AI at all — and for most knowledge work today, that isn't true. Telling a time-pressured associate "don't use AI" doesn't change what's on their desk; it just changes whether you know how they got through it.

What actually leaks when staff use consumer AI tools

The risk in a professional-services firm is rarely a dramatic hack. It's the ordinary content of a prompt. When someone pastes text into a consumer AI tool to summarize, rewrite, or analyze it, that text can include:

None of this requires malicious intent. It's simply what a normal day's work looks like when it's summarized, rewritten, or drafted with AI assistance. The exposure is that this content leaves the firm's control and sits inside a consumer account and vendor infrastructure the firm has no visibility into, no contract governing, and no way to audit — which is precisely the kind of exposure that raises PDPL and client-confidentiality questions.

How to find out what's happening in your firm today

Before deciding on a policy, find out what is actually happening. This works better as fact-finding than as an investigation:

The goal of this step isn't to catch anyone out — it's to size the problem honestly so you can design a sanctioned alternative that people will actually switch to.

The constructive fix: a sanctioned path staff will actually use

A policy document alone cannot stop shadow AI, because a policy can't classify what's inside a prompt before someone hits send — a person has to make that judgment call every single time, under deadline pressure, and eventually someone will get it wrong. What works is giving staff an approved tool that is at least as convenient as what they're already using, with the sensitive-data judgment call handled automatically rather than left to individual discretion in the moment.

Concretely, that means: every prompt is checked for the kind of client-identifying and financial information listed above before it goes anywhere; prompts that don't contain that kind of information can still be answered by a capable AI model, because most day-to-day work genuinely isn't sensitive; and staff don't have to stop and decide which category their question falls into — the system does that classification for them, consistently, every time.

From invisible risk to managed capability

Once AI use happens on a sanctioned, monitored path instead of on personal phones, it stops being a risk you can't see and becomes a capability you can manage: you know which tools are in use, you have a record that a given piece of work went through an AI system, and you can show a client, an auditor, or a regulator what your firm's actual practice is — rather than hoping nothing was ever pasted somewhere it shouldn't have been.

This is the problem Ithbat is built to solve. It installs on hardware your firm already owns and classifies every prompt before it is processed: prompts containing Saudi-sensitive data — national ID or Iqama numbers, IBAN, VAT or commercial-registration numbers, client financial records, and related sensitive terms in Arabic or English — are kept and answered on your own hardware and are never offered to any cloud provider. Everyday, non-sensitive prompts can still be routed to a frontier AI model on your firm's own account, so staff keep the speed they've come to expect. Every inference produces a tamper-evident, hash-chained record, so you have a real answer the next time someone asks what your firm's staff are actually doing with AI.

Frequently asked questions

What exactly is "shadow AI" in a professional services firm?
Shadow AI is any AI tool — most commonly a personal ChatGPT, Gemini, or similar account — that staff use for real work without the firm's knowledge or approval. It becomes a real risk specifically when that work involves client names, financial data, or confidential documents, because that content leaves the firm's control entirely.
Should we just block ChatGPT on the office network and add it to our AI policy?
A network block or policy line rarely stops the behavior — it usually just pushes it onto staff's personal phones and mobile data, where the firm has no visibility at all. A written policy still matters, but it needs to be paired with a sanctioned tool people will actually prefer to use.
What kind of client information is actually at risk when staff use consumer AI tools?
The risk is usually in the ordinary content of a prompt: client names next to financial figures, national ID or Iqama numbers, IBAN or commercial registration numbers, draft audit findings or legal opinions, and full contract text. None of it requires bad intent — it's simply what a normal prompt looks like when someone is summarizing or drafting real client work.
How do we find out how much of this is already happening at our firm?
Ask staff directly and without blame, run a short anonymous survey, and check expense reports or corporate card statements for AI subscription charges. Most employees will be candid, because they don't think using AI to work faster is wrong — which is largely true, given they haven't been offered anything better.
What does a "sanctioned path" actually look like in practice?
It's an approved AI tool that is at least as convenient as what staff already use, but where sensitive client data is automatically identified and kept off any cloud provider — without staff having to decide, prompt by prompt, what counts as sensitive. Ithbat implements this by classifying every prompt before it's processed and keeping anything Saudi-sensitive on the firm's own hardware, while routing routine, non-sensitive work to a frontier AI model when useful.

See where your firm stands — in 60 seconds

Take the free self-check to see your client-confidentiality exposure band instantly. No sign-up needed to see your result.