Unsanctioned AI usage ‘really is the biggest invisible threat that our clients have today with their data,’ says AI consultant West McDonald.
Even though the industry is already several years into the AI boom initiated by tools such as ChatGPT and Microsoft CoPilot, countless organizations remain unequipped to combat unsanctioned AI usage, AI consultant West McDonald said Monday.
Speaking at XChange Security 2025, McDonald said that many organizations continue to lack AI usage policies and have taken no steps to help enable employees with using safer versions of popular GenAI tools.
[Related: Basic Cyberattacks Are Putting SMBs Out Of Business: Expert]
Meanwhile, unsanctioned usage of AI tools — known as “shadow AI” — has seen explosive growth and led to significant exposure of sensitive data, according to McDonald, founder of AI business consultancy GoWest.ai.
“It really is the biggest invisible threat that our clients have today with their data,” McDonald told MSP and MSSP executives during XChange Security 2025, which is hosted by CRN parent The Channel Company and is being held this week in Frisco, Texas.
As a result, MSPs have massive opportunities right now to “really take advantage of this and find out ways you can start to help your clients to actually mitigate shadow AI,” he said.
“Most people do not have their compliances in place,” McDonald said. “They have no idea where to start from security, and that’s where each and everyone in this room comes in to be able to help them.”
For the many organizations that are looking to MSPs for guidance around shadow AI, education for their users around safe AI usage should be a top priority, said Theron McLarty, founder and CEO of Atlanta-based Skout Advisory.
“I think it’s helpful to teach people, or remind them, to keep a healthy distrust [of AI] — and to let that be kind of their guiding principle for how they employ the AI,” McLarty said.
However, this mentality probably describes a small percentage of the AI-using population right now, and “there’s a much bigger population of users that don’t have that healthy distrust,” he said. Additionally, “there are also just the users that aren’t even aware of how they can really use AI.”
For those latter two groups, significant education around AI usage is needed “now and probably for the next several years,” McLarty said.
More Control Over AI
Another area where MSPs can play a key role is around advising clients to invest in paid “team” versions of tools such as ChatGPT, McDonald said.
Such versions do not use data for training and can offer encryption and admin controls as well. It’s an investment that “really gives you much more control and flexibility,” he said.
“People say, ‘It’s expensive,’” McDonald said. “If it’s $20 or $25 a user per month, it is the best peace of mind and productivity that you can ever get for your clients. In my mind, it is not expensive.”
Other major areas for MSPs include helping organizations to properly configure tools such as Microsoft Copilot with the correct permissions boundaries, as well as assisting on written AI usage policies, which should be specific to each organization, he said.
Ultimately, “there’s a huge opportunity for everyone in this room to start looking at how you can help your clients with AI — from security, to opportunities, to workflows,” McDonald said. “There are so many ways that you can help them — and they trust you to help them.”