Shadow AI Newsletter

Don’t Click That! December ’25

Blog
December 17, 2025
by

by robstevenson

Shadow AI Newsletter
Editor’s note: Below you’ll find the December edition of Productiv’s monthly Shadow AI Newsletter: Don’t Click That! If you don’t want to wait, sign up below to get it right in your inbox. That way, you won’t be that guy breaking news two weeks late. One email, once per month.

Greetings and welcome back to Don’t Click That! A Shadow AI newsletter about everything you’re accountable for but never approved.

If your boss thought shadow AI would blow over, you can let them know the hype continues. This issue covers governance frameworks, board‑level risks, and the good ol’ fashioned SMS scam that ruined your fave LLM’s Turkey Day.  Let’s get to it.

That Whole OpenAI/MixPanel Thing

This Thanksgiving, we’re thankful for employees who complete security awareness training. A gratitude not shared by OpenAI & Mixpanel, who confirmed a nasty little leak caused not by a sophisticated AI social engineering campaign, but a classic smishing. Everything old is new again, hopefully for you that means vintage cardigans and not your new marketer clicking dodgy WhatsApp links.

Notes from the AI Underground

Shadow AI is real, you need to balance AI risk & reward, an AI Council is the only way. Shout out to Delinea’s CEO for re-iterating the point I keep hearing our sales team making. I’m sharing this post for it’s wall of resources re: AI standards & policies, penned by the type of organizations who think about that sort of thing.

Resources? Sounds Long. Can’t an LLM do it for me?

Probably.  If you’re not sure where to start with your AI Governance approach, let the LLMs scope the problem. Here’s a bunch of prompts to kick-start the operation. Just keep your PII to yourself, you little freak.

Make it More Succinct

Got you. Here’s an even more condensed kick-start: a breezy 7-pillared checklist to ensure visibility, control, and alignment. When your CEO slacks you at midnight with a “what’s our AI governance model?” you’ll want to have something to say besides “shrug emoji”. 

‘No’ Means ‘How’

Jeff Crume, you did it again you absolute legend. IBM Security’s CTO & reluctant long-form influencer riffs on “Just Say No” AI policy, and how that merely drives the behavior underground. There’s a better way, and Jeff is all over it. 

That does it for December. We’ll see you in ’26 with our trademark blend of fear-mongering and practical solution-pandering.

OK, fine. One more for the road:

For Your Bedtime Wind-Down Routine:

About Productiv:

Productiv is the IT operating system to manage your entire SaaS and AI ecosystem. It centralizes visibility into your tech stack, so CIOs and IT leaders can confidently set strategy, optimize renewals, and empower employees.

Learn more today
TAGS

Related Blog Posts

AI Governance Framework
FEATURED POST

14 LLM Prompts to Jumpstart Your AI Governance Framework

FEATURED POST

Introducing AI Visibility Views: Find Your AI Starting Line

AI Review Tags
FEATURED POST

New in AI Visibility: Prioritize In-Use Apps, Reveal Crucial Context, Codify AI Governance.

Related Resources

Shadow AI Sprawl
FEATURED POST
eBooks

AI is Sprawling. Accountability Isn’t.

FEATURED POST
eBooks

From Mystery to Managed: AI Governance Checklist

FEATURED POST
Videos

Let’s talk about SaaS: Shadow AI in NYC