When a fast-scaling digital bank began seeing widespread employee adoption of generative AI tools like ChatGPT and Gemini, their security team faced a growing dilemma: how do you protect sensitive data without shutting down innovation?

Despite having a mature security stack — including SIEM, DLP, CASB, and MDM - the team lacked clear visibility into how AI was being used, especially when accessed through personal accounts on corporate devices. Risky behaviours, like copying internal code into AI tools or reusing passwords across unmonitored SaaS apps, weren’t being detected in real time. And even when alerts were triggered, the signal-to-noise ratio was poor — overwhelming the SecOps team and eroding trust in the data.

The bank needed a new approach: not just another tool to block usage, but a smarter, more nuanced way to 

From Risk to Resilience: Enabling GenAI Without Fear

By deploying our secure AI usage enablement platform, the bank was able to quickly gain visibility and control over employee AI behaviour - without slowing productivity.

The first step was understanding who was using AI, how, and where. Our platform provided real-time telemetry on prompt-level activity, flagging use of generative AI tools via personal accounts on corporate machines - a major data loss vector that existing tools couldn’t see.

Next, the security team created role-based policies. Sets of employees from specific departments licensed to use Gemini were placed in an “approved” group, while unlicensed users remained under stricter monitoring. This conditional logic allowed the platform to suppress noise and 

, while still escalating the risks that truly mattered.

Rather than punishing users or forcing them to work around controls, the bank used real-time browser nudges to guide behaviour at the moment of risk. If someone tried to paste source code into an AI tool, for example, a discreet message explained the risk and offered a course-correct.

Over the first month, the platform delivered more than 

, helping employees learn what was safe and what wasn’t, without slowing them down.

In parallel, the platform’s SaaS visibility layer surfaced several AI-enabled tools that had been adopted organically across the business. In one instance, more than 100 employees had accessed a new AI-powered productivity app that wasn’t part of the approved stack. The security team received an alert before the tool gained deeper traction, allowing them to assess the risk and take appropriate action - all within a few days, rather than weeks.

In just a few weeks, the bank saw tangible results:

Buoyed by the early success, the bank is now planning to expand deployment across customer support and operations, and introduce deeper integrations into their security tech stack. 

Their journey reflects a broader shift happening across the industry: from blocking AI to 

enabling it — responsibly, safely, and at scale

Want to understand how Culture AI can help your business? Book a call with our team

See how a high-growth digital bank protected sensitive data while enabling safe GenAI adoption across the enterprise. Faced with growing employee use of tools like ChatGPT and Gemini, the bank’s security team needed more than traditional DLP or SIEM. They lacked visibility into shadow AI usage, especially via personal accounts, and were overwhelmed by noisy alerts.

By partnering with CultureAI, the bank deployed a secure AI usage enablement platform that delivered real-time visibility, contextual nudges, and role-based risk policies — without blocking tools or slowing teams down. Within weeks, they reduced shadow AI usage by 80%, eliminated false positives, improved SaaS discovery time by 70%, and delivered over 2,000 just-in-time behavioural interventions.

This case study highlights how modern security teams can manage AI risk without creating friction -  by shifting from control to enablement and building trust with employees.

How a Digital Bank Reduced Shadow AI Risk by 80% - Without Blocking Innovation

How a Digital Bank Reduced Shadow AI Risk by 80% - Without Blocking Innovation

Recommended for you

The Back Room Problem: Why Most Organisations Lack AI Data Visibility

A story of Criminal GPTs, DeepFakes, Data Breaches, AI Malware, and Agentic Sleeper Agents

Scattered Spider and DragonForce: A Case Study in Human-Centric Cyber Threats