Proprietary intelligence is leaving your building through two doors. The front door you chose. The back door, nobody installed.
Your colleague would never hand a USB stick to a stranger on the street. She angles her laptop screen away from the person on the train. She'd be horrified if someone rifled through the papers on her desk.
Last Tuesday she pasted your company's entire Q1 board pack into a Chinese-hosted AI to help write the executive summary.
She's not careless. She just doesn't think of a chat window as a place.
Whilst governments argue about compute policy, the real sovereignty question is playing out at the level of the individual prompt. Proprietary intelligence is leaving your building through two doors.
The front door is your enterprise AI contract - sanctioned, governed by data residency terms buried in a procurement pack signed on a Friday afternoon. Worth auditing. But at least it's a door you chose to open.
The back door is more interesting. Nobody installed it.
A new generation of Chinese frontier models - free, browser-based, competitive with the best Western systems on coding and reasoning - is one tab away from every employee you have. When your colleague uses one to draft a sensitive client email, that data may end up on servers in China, under a National Intelligence Law that can require cooperation with state intelligence work [1].
This isn't a China problem in isolation. US-hosted providers sit under the CLOUD Act; European ones under their own disclosure regimes [2]. Every jurisdiction is a jurisdiction. The question isn't whether your data is exposed - it's whose exposure you consciously chose.
The back door is the one nobody chose. And it's not espionage. It's convenience.
The same instinct that drove personal Gmail for work in 2009 and unsanctioned Dropbox in 2014. Shadow IT, shadow SaaS, and now shadow AI. But the cargo has changed. And so has the scale. Microsoft now puts the share of AI users bringing their own tools to work at 78% [3]. Netskope clocks the average organisation uploading 8GB a month to generative AI - a thirty-fold jump in a year, half of it on tools the company hasn't sanctioned or even detected [4]. IBM traces breaches in one in five organisations to shadow AI, with IP carrying the highest cost per record [5]. Samsung famously banned ChatGPT after engineers pasted source code into it [6]. The data was already gone.
In 2014, the risk was a spreadsheet in the wrong folder. In 2026, it's the composite picture that emerges when hundreds of employees feed fragments of your operation into systems you haven't audited. No single prompt matters. But the mosaic - pricing logic, client relationships, competitive positioning - is worth more than any document someone could photograph on a train.
It's not a leak. It's a distillation.
What separates this from previous shadow IT cycles is that the person doing it feels responsible, not reckless. She's trying to do better work. She has no idea she just sent your margin structure to a jurisdiction whose obligations she hasn't considered. The colleague who'd never leave a confidential file on a park bench is uploading its contents to a server she can't locate, governed by laws she's never read.
Sovereignty isn't lost in one dramatic act. It's distilled away - through a thousand well-intentioned prompts, by people who'd never dream of being careless with company secrets.
That's the sieve.
We work with organisations to better understand and win in the new agentic AI era. We look forward to working with you. Get in touch.
Notes
[1] National Intelligence Law of the People's Republic of China, Article 7 (passed June 2017, amended April 2018), requires organisations to "support, assist in, and cooperate with" state intelligence work. Translation: China Law Translate. https://www.chinalawtranslate.com/en/national-intelligence-law-of-the-p-r-c-2017/
[2] Clarifying Lawful Overseas Use of Data Act (CLOUD Act), Pub. L. 115–141, Division V (March 2018). US Department of Justice, CLOUD Act Resources: https://www.justice.gov/criminal/cloud-act-resources Congressional Research Service, Cross-Border Data Sharing Under the CLOUD Act (R45173): https://www.congress.gov/crs-product/R45173
[3] Microsoft and LinkedIn, 2024 Work Trend Index Annual Report: AI at Work Is Here. Now Comes the Hard Part (May 2024). https://www.microsoft.com/en-us/worklab/work-trend-index/ai-at-work-is-here-now-comes-the-hard-part
[4] Netskope Threat Labs, Cloud and Threat Report: Generative AI 2025: https://www.netskope.com/resources/cloud-and-threat-reports/cloud-and-threat-report-generative-ai-2025 Netskope Threat Labs, Cloud and Threat Report: Shadow AI and Agentic AI 2025: https://www.netskope.com/resources/cloud-and-threat-reports/cloud-and-threat-report-shadow-ai-and-agentic-ai-2025
[5] IBM and Ponemon Institute, Cost of a Data Breach Report 2025 (July 2025): https://www.ibm.com/reports/data-breach IBM Newsroom, "IBM Report: 13% Of Organizations Reported Breaches of AI Models or Applications…" (July 30, 2025): https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls
[6] Mark Gurman, Bloomberg (May 2023); Cyber Security Hub, "Samsung employees allegedly leak data via ChatGPT" (April 2023): https://www.cshub.com/data/news/iotw-samsung-employees-allegedly-leak-proprietary-information-via-chatgpt Samsung subsequently banned generative AI tools company-wide; see Forbes, May 2023: https://www.forbes.com/sites/siladityaray/2023/05/02/samsung-bans-chatgpt-and-other-chatbots-for-employees-after-sensitive-code-leak/
Elliot Ronald is the Founding Partner of Lion Strategy, a strategy consultancy working with boards and executives on AI sovereignty and the agentic age.