Public AI isn’t your biggest AI risk per se.
Shadow AI is.
The AI Readiness in Procurement report 2026 from Procurement Tactics and Suplari says procurement teams are using AI constantly - but the organisationss behind them aren’t remotely set up to control it.

Here’s what jumped out:
47% of procurers use AI every working day
58% use it 4+ days/week
Only 17% of companies have an enforced AI policy
The dominant tools are general-purpose public models: ChatGPT/GPT-4 (62%), Microsoft Copilot (61%), Gemini (36%), Claude (19%)
Only 8% use AI that’s actually integrated into their procurement platform.

That’s the epitome of Shadow AI: high adoption, low visibility, zero defensibility, zero data security.

Exactly the problem I called out in my recent Shadow AI article - https://lnkd.in/d_BmQzPY

People paste in emails, contracts, notes, client data because it’s fast
Then you get the risks that actually bite: confidentiality/data leakage (GDPR + trust), hallucinations/confident errors, and no audit trail = no defence

Procurement is sitting on the most sensitive commercial data in the business: supplier pricing, bids, contract terms, negotiation strategy.

If your team is using public AI tools without policy, logging, and controls, you don’t have “innovation”, you have an uninsurable governance gap.

If you missed my Shadow AI checklist, it’s the practical fix:
Write a 1-page AI policy
Create a “Never Paste” list
Provide an approved alternative (or Shadow AI will win)
Make verification mandatory on regulated/contractual work

Procurement isn’t “behind on AI”.
Procurement is already using AI - just in the least controllable way possible.