Canadian CIOs juggle AI gains with shadow AI risks
Canadian chief information officers are reassessing their artificial intelligence strategies amid pressure for measurable returns and tighter controls on data and cloud use.
Senior technology leaders from major Canadian institutions met at Kyndryl Canada's CIO Expert Exchange earlier this fall. They discussed the pace of AI deployment, the risk of unsanctioned tools, and constraints linked to data and operational sovereignty.
Leaders cited findings from the Kyndryl Readiness Report. The report found that 60 per cent of respondents have already modified their cloud strategies due to geopolitical tensions. A larger group said their current cloud environments arose by accident rather than deliberate design.
Participants said these trends are reshaping long-term technology roadmaps. They expect AI adoption, cloud architecture, and sovereignty rules to remain tightly linked in future investment decisions.
Participants described a two-track approach to AI. Many organisations are starting with internal productivity improvements. They are then moving into AI features in customer-facing products and services as confidence grows.
One organisation reported gains in software engineering. It applied generative AI across its software development lifecycle and measured a net improvement of 15 per cent to 20 per cent from concept to production. It then reviewed the full workflow. Improvements in some steps created bottlenecks in others.
An academic institution is testing AI for student services. The institution expects AI tools to handle about 80 per cent of routine enquiries. Staff then focus on complex or sensitive issues. The institution is also setting safeguards to reduce the risk of incorrect information reaching students.
Governance and compliance teams are also adopting AI. Participants said AI-based summarisation tools have reduced the time spent on content analysis. One organisation now completes reviews of System and Operational Controls reports in hours, whereas the same work previously took weeks.
Shadow AI risk
Leaders expressed concern about "shadow AI". They used the term to describe unsanctioned or unmanaged AI tools inside their organisations.
One organisation used security monitoring to track outbound traffic. It found staff had accessed hundreds of unapproved AI websites. The IT team then blocked most of the sites.
Several organisations are now rolling out approved AI tools for staff. They are using products such as Copilot Studio and Power Automate in low-code environments. Executives said these tools support "citizen developer" projects.
Some companies are introducing staged decision rights for AI systems. One organisation deployed agentic AI that issued recommendations to human agents. The company tracked how often staff overrode the suggestions. It then adjusted the AI system's level of autonomy based on these results.
Compliance teams are also embedding AI in project management. One organisation uses AI tools to flag relevant policies within project workflows. Staff then receive early warnings about possible compliance issues before a breach occurs.
Data sovereignty tension
Cloud and data sovereignty emerged as a major constraint on AI projects. Many Canadian firms restrict data storage outside the country. Executives said they often lack affordable domestic alternatives that match global cloud providers.
Several participants said they were under pressure from business units that want access to the latest tools. New AI services typically launch first in the United States. Canadian organisations then face a trade-off. They either wait for local versions or place some data in foreign jurisdictions.
Executives also raised concerns about operational sovereignty. They said it is not enough for data to reside in a local data centre and want clear assurance about who can access or process that data.
Some organisations are responding by avoiding cloud use for their most sensitive workloads. They are investing in internal, isolated compute clusters housed within their own facilities.
