BYO-LLM is already happening in organizations today. If you’re not expanding your ITAM strategy to include AI tools, you’re missing a critical piece of the risk management puzzle.
Large Language Models (LLMs) aren’t just the future—they’re already transforming how we work. From streamlining research to automating routine tasks, LLMs like ChatGPT, Claude, and Gemini have gone from niche tools to everyday work companions. But this surge in adoption is happening faster than most organizations can govern it—and we’re now facing a new wave of risk reminiscent of a familiar problem — shadow IT.
Across industries, employees are bringing their own LLMs to work, often without the knowledge—or approval—of their IT teams. This “Bring Your Own LLM” (BYO-LLM) trend is reviving the same challenges that emerged during the early days of personal device use and unsanctioned cloud apps in the workplace. It’s time for organizations to ask, “Do we know what tools our people are using, what data they’re exposing, and how to rein it all in?”
History repeats itself
The story is a familiar one. Employees eager to work faster or more efficiently start experimenting with consumer tools that aren’t officially vetted or secured. In the past, it was cloud storage and file-sharing platforms. Today, it’s Generative AI.
The twist? LLMs don’t just store data—they learn from it. That means an employee pasting confidential information into a chatbot may be unintentionally feeding sensitive corporate data into a public model, with no control over how that information is stored, reused, or even surfaced again in future queries by someone else.
We’ve already seen the consequences. Many public companies have already restricted employee use of Generative AI tools following high-profile incidents of data exposure. Government agencies are also sounding the alarm. New York recently banned certain AI apps from state devices due to data privacy and surveillance concerns.
Yet bans alone are rarely effective—especially in a bring-your-own-device (BYOD) world where employees can easily access public tools through personal smartphones or laptops.
See also: 4 Tips for Addressing the Lurking Threats of Shadow AI
Why ITAM is a solution
This is where IT Asset Management (ITAM) plays a critical but often overlooked role. Traditional ITAM has focused on tracking physical and digital assets and software licenses, as well as ensuring compliance. However, as the nature of work changes, ITAM must evolve, too, into a strategic control point for managing and mitigating emerging risks like BYO-LLM.
Here’s how ITAM can help tackle this new frontier:
Visibility Into What’s Being Used—and Where: If you can’t see it, you can’t secure it. Modern ITAM platforms can provide granular visibility into software usage across the organization, including unsanctioned tools accessed from corporate or personal devices. By identifying LLM access patterns and usage trends early, organizations can stay ahead of risk before it becomes a breach.
Policy Enforcement Through Inventory and Controls: ITAM systems can help enforce guardrails by tracking authorized vs. unauthorized applications, automating license compliance, and flagging anomalous behavior. Whether you’re setting limits on public AI tool usage or guiding employees toward secure alternatives, ITAM acts as a digital control tower.
Audit-Ready Governance: Regulatory frameworks are catching up with AI adoption—and organizations need documentation to prove they’re managing risk appropriately. ITAM provides the foundation for audit readiness, allowing teams to show what assets exist and how they’re monitored, governed, and retired over time.
A smarter approach
The answer isn’t to stop employees from using LLMs—it’s to empower them to use AI safely and responsibly. Just as IT leaders once transitioned from blocking cloud services to offering secure alternatives, today’s leaders must do the same with generative AI.
BYO-LLM is not a fringe issue—it’s already happening in your organization whether you’ve sanctioned it or not. The question isn’t if your employees will use AI but whether your systems are prepared to manage it safely.
If you’re not expanding your ITAM strategy to include AI tools, you’re missing a critical piece of the risk management puzzle. Now is the time to modernize your ITAM practices—to gain visibility, enforce accountability, and build the foundation for safe AI enablement across your organization.
LLMs are here to stay. Let’s make sure your asset management practices are ready for them.
