Skip to content
Analysis
The GenAI Paradox, Part 4: Shadow AI and the Singapore Model
Mar 30, 2026 - Ethan Seow

The GenAI Paradox, Part 4: Shadow AI and the Singapore Model

90% of workers use personal AI tools for work. Only 40% of companies have enterprise subscriptions. The governance gap is massive — and Singapore offers a counter-narrative.


This is Part 4 of a five-part series. Read Part 1: The Great Divide | Part 2: Boardroom Hope vs Operational Reality | Part 3: The Invisible Workforce Crisis | Part 5: Trust, Governance, and What Comes Next


Shadow AI: The Unsanctioned Enterprise OS

By 2025, “Shadow AI” has evolved from a security nuisance to a dominant, albeit unofficial, operating model within many enterprises.

Read structurally, Shadow AI is the GenAI Divide’s most honest symptom. Part 1 of this series drew the fault line: the 95% are buying the surface of AI — the fluent, universally cheap tool — while the 5% are investing in the substrate the surface runs on, the codified knowledge of how their business actually works and the human judgment that governs it. Shadow AI is what happens when the surface arrives faster than the substrate. The tools are free, instant, and good; the governance that should sit underneath them does not exist yet. So employees reach for the surface on their own, and the organisation’s codified knowledge starts leaking out the side door, one prompt at a time.

The Scale of Shadow Usage

MIT Project NANDA’s research indicates that while only 40% of companies have officially purchased enterprise LLM subscriptions, over 90% of workers report using personal AI tools for work tasks.

Productivity over Policy. Employees, under pressure to meet targets, bypass corporate restrictions to use consumer-grade tools (Claude, ChatGPT, Gemini) which they find superior to “brittle” internal tools. This creates a “productivity paradox” where following security policy actively harms job performance.

Risky Behaviours. Common shadow behaviours include pasting sensitive customer data, legal contracts, and source code into public models, creating massive data exfiltration risks. Each of those pastes is an unsanctioned act of codification — an employee quietly externalising a slice of the institution into a tool the institution does not control. They are building private, ungoverned stores of “how we really do it” inside a public model: shadow vaults, assembled by the people closest to the work, sitting entirely outside any line of sight. The instinct is sound — the work genuinely is faster — but the codified asset that should be the organisation’s moat is being deposited where it can neither be protected nor reused.

The Governance Response: Ban vs Enable

Organisations are split on how to handle this.

The Failure of Bans. Draconian bans have largely failed, as employees simply switch to personal devices.

The “Enable” Strategy. Forward-thinking organisations are shifting to an “enable and govern” strategy — providing secure, internal “sandbox” environments and establishing clear usage policies rather than prohibition. The goal is to bring shadow usage into the light where it can be monitored.

This is the governance challenge at the heart of the Sovereign Command framework: the choice is not between allowing AI and banning it. The choice is between governed AI and ungoverned AI. Banning it does not eliminate usage — it eliminates visibility.

The reason a ban cannot win is the deeper logic underneath the divide. The capability employees are reaching for is the surface — the commoditised, free-and-instant part of AI — and you cannot price below free, nor police it back behind the firewall once it exists. The thing actually worth defending was never the tool; it was the institution’s codified knowledge and the human judgment that governs it. So the work of governance is not to stop the surface. It is to draw a bright line through every shadow deposit: the codified store — the processes, the data, the worked examples — can hold and even execute the rules the business has deliberately encoded, but it must never be allowed to judge the calls no one encoded. An ungoverned chatbot blurs exactly that line. An employee pastes a contract, accepts a fluent answer, and ships it; the loop closes on the model’s own un-codified judgment with no one able to defend the decision after the fact. “Enable and govern” works because it moves the codification inside — turning a thousand private shadow vaults into one institutional store the business owns, monitors, and can stand behind — while keeping the judgment, and the accountability, with the humans who can answer for it. The Vault can decide; it must never judge.

Security Implications

The rise of Shadow AI has introduced new threat vectors — and they sharpen as the same tools move from answering to acting.

Indirect Prompt Injection. Browser-based AI tools are vulnerable to attacks where malicious instructions hidden in websites are read and executed by the AI assistant, compromising internal systems without the user’s knowledge. This is the autonomy problem in miniature: the moment an AI assistant does not merely suggest but reads, plans, and acts on the user’s behalf, an attacker no longer has to compromise the human — only the content the agent ingests. The same property that makes the tool productive — that it acts — is the property the adversary exploits. As organisations grant their assistants more reach, the cost of a wrong, unverified, autonomous action rises faster than the convenience it buys.

This is the side of AI the productivity story leaves out. AI is not only the tool the workforce wields; it is also the weapon adversaries wield back — injection against the org’s own agents, AI-crafted phishing, deepfake voice and video. The capacity that defends against all three is the same irreducibly human capacity that creates value in the first place: a person who can verify a fluent-but-wrong output, supply the context the model lacks, and own the consequence when an autonomous action goes wrong. Shadow AI removes exactly that person from the loop — which is why it is both a productivity gain and a security hole, cut from one cloth.

Data Leakage. IBM’s 2025 Cost of a Data Breach Report found that breaches involving shadow AI had longer detection lifecycles and higher costs, averaging an extra $670,000 per breach ($4.63 million total versus the $3.96 million global average). Shadow AI was a factor in 20% of all studied breaches.


The Singapore Model

Singapore provides a compelling counter-narrative to the fragmented US approach, utilising state power to bridge the gap between AI ambition and reality.

The “Super-Connector” State

A Morgan Stanley survey cited by Singapore’s Economic Development Board reports a 70% AI adoption rate among companies surveyed — significantly higher than global averages. However, this figure skews toward large and leading enterprises. Official IMDA statistics present a more nuanced picture: 62.5% adoption among large enterprises, but only 14.5% among SMEs. The government acts as a “super-connector,” facilitating partnerships between local SMEs and technology providers including Google, Microsoft, and AWS.

Enterprise Compute Initiative (ECI). This programme heavily subsidises the cost of AI adoption, helping companies build in-house AI capabilities and “Centres of Excellence.” The phrasing matters. A Centre of Excellence is not a procurement line — it is the structural answer to the substrate problem. Done well, it is the institution that codifies the organisation’s knowledge inside the org and develops the humans who govern it: a hub of deep capability that distributes literacy outward to the rest of the business, measured by how much capability it has moved out, not how much it hoards. That is the difference between governing the GenAI Divide and decorating it. The failure mode is the inverse — a central team that runs demos and owns the budget while the operating model never changes — and subsidising compute does not, by itself, prevent it.

AI Trailblazers. Initiatives like this provide “sandboxes” for companies to experiment with AI, de-risking the pilot phase. This is the “enable and govern” instinct applied at national scale: rather than letting capability arrive as a thousand private shadow vaults, the state pulls experimentation into a supervised space where the codification happens in the open and can be retained.

The “Bilingual Talent” Imperative

Singapore is aggressively addressing the talent gap by pushing for “bilingual” talent — professionals fluent in both a specific domain (MedTech, Finance, Legal) and AI engineering. A Bain & Company / APACMed study originally estimated that less than 10% of the regional workforce in MedTech met this criteria — a figure the government has since adopted as a broader benchmark. The state is investing heavily to close this gap through the National AI Impact Programme and sector-specific upskilling initiatives.

“Bilingual” is the right diagnosis under a more precise name: the bottleneck is the Translator — the person who can stand in the domain and in the technology at once, turn a messy business requirement into something an AI system can actually do, and judge whether the fluent output is sound or merely plausible. That capacity is exactly the substrate the surface cannot supply. It cannot be bought off the shelf, because the half that’s scarce — the earned, domain-specific judgment — is precisely the half AI has not commoditised. Crucially, it is also not purely an engineering skill: it is faster to take a mid-career domain expert and build the AI fluency on top of their existing judgment than to take a fresh engineer and grow a decade of domain substrate from scratch. That is why the durable way to close the gap is not to outsource the capability but to transfer it — to build it inside the organisation and inside the person, so the institution keeps the moat rather than renting it. Subsidy and curriculum are the on-ramp; the substrate still has to be forged.

SME Challenges

Despite state support, Singaporean SMEs still face hurdles. High costs, lack of internal expertise, and cybersecurity concerns remain barriers. Singapore Business Federation surveys show that while large enterprises are confident, SMEs struggle with the “knowledge gap” and the financial burden of licensing and upskilling.

The Singapore model is not directly replicable in larger or more decentralised economies. But it demonstrates that state-level coordination — connecting enterprises with providers, subsidising the pilot-to-production transition, and investing in the talent pipeline — can measurably accelerate the move from the 95% to the 5%.

What it does not do — what no subsidy can do — is buy the substrate for you. The state can lower the cost of the surface, build the sandboxes, and seed the talent pipeline; whether an organisation crosses the divide still turns on whether it does the harder, slower work the money only makes possible: codifying its own knowledge inside its own walls, and growing the people who can govern it. Shadow AI and the Singapore Model are the same lesson read from two ends. Shadow AI shows what happens when the surface arrives and the substrate is absent — capability leaks out, ungoverned. Singapore shows what it takes to pull it back in. Either way, the move from the 95% to the 5% is not a procurement decision. It is a governance one — which is where Part 5 turns next.

About the Author

Ethan Seow is a Centre for AI Leadership Co-Founder and Cybersecurity Expert. He is ISACA Singapore’s 2023 Infosec Leader, ISC2 2023 APAC Rising Star Professional in Cybersecurity, TEDx and Black Hat Asia speaker, educator, culture hacker and entrepreneur with over 13 years in entrepreneurship, training and education.

This is Part 4 of a five-part series. Continue to Part 5: Trust, Governance, and What Comes Next.