The Signal
In one 30-day window, the same decision surfaced across wildly different industries. A public library. An auto dealer. A hospital. A law firm. Two universities. A global consumer-goods maker. More than a dozen member companies, sharing almost nothing except this: each is trying to govern AI its own people are already running.
The old question was whether to allow AI. Members have moved past it. Now they are shopping for a way to see it, control it, and put guardrails on the agents. Some want to inventory shadow AI. Some want access controls on regulated data. Some want limits on what an agent can do on its own.
Here is the tell: no two members named the same vendor. The demand is loud, and the default answer does not exist yet. This is a category with buyers running ahead of its winners.
From the Network
"We have an issue with AI and shadow IT, and also with specific uses of AI in approved tools. It seems impossible to control."
"We have done a lot of AI exploring, and it has created a lot of headaches. The university wants to begin to actively manage and control the AI and data plane."
"AI workloads are very messy in the ecosystem. It would be ideal to gain better control and visibility over them."
Three leaders, three unrelated industries, one gap. The AI is already inside, and no one can see all of it.
Top Open Priorities This Week
Two raw asks pulled directly from member submissions in the last 14 days, unedited:
"It is out of control. I have just started researching AI governance vendors! Everyone using anything they want. We have written policies but unable to really implement! Very little visibility! We have to implement something soon!"
"This is a growing concern in our organization, as we do not currently have insight into non-approved AI tools."
Both leaders wrote the policy. Neither can enforce it. That gap, a written rule with no visibility behind it, is what the whole network is now trying to buy its way out of.
Member Spotlight: Nitin Agarwal, Wayne Memorial Hospital
Nitin is exactly the buyer this week's Signal describes: a hospital CIO weighing how much AI to safely enable. In a category with no default vendor, his test for who to trust is simple, and he put it plainly in his DoGood member spotlight: "I want partners that are willing to go in as much as we are. They're not a contract. They're my partners."
The Context
The headlines are catching up to what the network already knew. A BlackFog survey of 2,000 enterprise workers found that 49% have adopted AI tools without approval. More than half wired those tools straight into company systems on their own.
The part that should stop a CISO cold: this is not a junior-staff habit. Roughly two-thirds of C-suite and senior leaders were fine with shadow AI, and plenty use it themselves. The unapproved-AI problem members are racing to govern runs right through the executive floor.
Bottom Line: Shadow AI is not a workforce discipline problem. It is a visibility problem that reaches the top of the org chart, which is exactly why "just write a policy" has stopped working.
What to Do About It
Run a shadow-AI inventory before you shop for a governance tool. Pull 30 days of egress logs and SSO grants, then flag every AI domain and OAuth app your people already use. Start the list with your own leadership team, because that is where the data says the biggest blind spot sits.
The CXO Brief is powered by the DoGood network, 5,000+ IT leaders sharing what they are actually working on.
Know a CIO who needs this? Forward it and they can subscribe here.
Enterprise IT leader at a $100M+ company? Apply to join DoGood.
