Inside many companies, the first people to adopt artificial intelligence were not the chief information officers. They were salespeople drafting proposals, marketers testing copy, engineers asking for code help, analysts summarizing documents, and junior staff trying to turn a messy meeting into a clean report. Since 2023, generative AI has entered the workplace faster than the approval forms designed to govern it.
That speed created a new opening. Employees began pasting confidential information, customer data, design documents, contracts, strategy notes, and unfinished plans into AI services that the company had not approved. This is the new corporate risk now called shadow AI.
On May 12, 2026, Dai Nippon Printing, DNP, announced that it had invested in Tokyo-based Folta and formed a capital and business alliance. The investment took place on April 24. Folta provides a secure-browser service that controls and monitors generative-AI use through web browsers in real time. DNP plans to combine Folta’s technology with its own security services.
The interesting part is what Folta is not. It is not trying to build the largest AI model. It is not selling a flashy chatbot, an image generator, or a semiconductor dream. Folta is focused on the gate through which enterprise AI actually enters the office: the browser, the prompt box, the employee’s hand. In 2026, that small interface has become one of the most important battlefields in corporate AI.
What DNP announced, and why it matters
According to DNP, Folta specializes in security technology for shadow AI: employee use of AI services that the company cannot fully see or manage. Folta’s secure-browser service controls and monitors generative-AI use through the browser in real time. DNP says the investment will help companies reduce information-leakage risk while still using generative AI safely.
The alliance has two main pieces. First, DNP and Folta will jointly sell the secure-browser service for shadow-AI countermeasures. Second, they will strengthen the analysis and monitoring functions based on data collected by the secure browser and expand the service beyond browsers to generative-AI applications more broadly.
DNP also emphasized its experience monitoring and operating more than 45,000 information terminals. That detail matters. DNP is not looking at Folta only as a financial investor. It is looking from the position of a large enterprise that understands the messy reality of corporate endpoints, logs, users, and security operations.
What is shadow AI?
Shadow AI is the use of AI tools by employees or departments without formal approval or oversight from IT and security teams. It is the successor to shadow IT, the earlier problem of employees using unauthorized SaaS tools, cloud drives, chat apps, or devices. Shadow AI is related, but more dangerous in some ways, because AI tools do not merely store data. They process it, summarize it, transform it, infer from it, and may send it to external models or third-party systems.
From the employee’s perspective, the motive is often innocent. The worker wants to finish a report faster, polish an email, summarize a long meeting, create a proposal, or brainstorm new ideas. Generative AI is useful. That is exactly why employees adopt it before the official company tool is ready.
The problem is the gap between the speed of convenience and the speed of governance. Workers want to use AI today. IT, legal, security, procurement, and compliance teams need time to evaluate risks, contracts, data handling, and training. During that gap, the company loses sight of who is using which AI service and what data is being entered.
A very DNP kind of investment
DNP was founded in 1894 as a printing company. But modern DNP should not be understood only as a company of paper and ink. Printing has always been an information industry: copying, protecting, distributing, authenticating, and managing information. Over time, that has expanded into cards, packaging, imaging, business-process outsourcing, digital marketing, authentication, and cybersecurity.
Seen that way, DNP’s investment in Folta is not surprising. A company built around information handling is moving toward one of the newest information-leakage surfaces of the AI age. In the past, the worry was who carried out printed documents. Later, it became who uploaded files to cloud services. Now the question is what an employee pastes into a generative-AI prompt.
Information is no longer only something stored in a file. It flows through questions, prompts, summaries, corrections, generated answers, and AI-assisted drafts. Companies that can make those flows visible have a new role to play in enterprise security.
AI governance in 2026: from policy to operations
Japan has been building guidance for safe AI use. The AI Guidelines for Business Ver. 1.2, published on March 31, 2026, present unified principles for AI governance and ask businesses to recognize AI risks and take voluntary countermeasures across the AI lifecycle.
In the United States, the NIST AI Risk Management Framework has given organizations a structure for managing AI-related risks. In Europe, the EU AI Act entered into force on August 1, 2024, and is scheduled to become fully applicable on August 2, 2026, with exceptions and phase-ins. Around the world, AI is moving from experimental tool to governed business infrastructure.
But guidelines do not stop an employee from pasting sensitive text into a browser. Writing a policy and observing actual work are different things. That is where companies like Folta become important. They turn governance from a declaration into operations: detection, warning, control, logging, analysis, and improvement at the point of use.
The browser as the battlefield
For many companies, generative-AI use begins in a web browser. An employee opens an AI service, uploads a file, pastes a paragraph, asks for a summary, and copies back the answer. Traditional network monitoring or ordinary logs may not capture the business context of what is happening in that moment.
Browser-level control is powerful because it sits close to actual behavior. Which AI service was accessed? What kind of input was attempted? Did the prompt contain confidential-looking information? Should the system allow, warn, mask, or block the action? The answer cannot always be a blunt ban. Companies want the productivity of AI without uncontrolled data leakage.
This is why the DNP-Folta announcement uses the language of safe business use. If a company simply prohibits AI, employees may use it anyway. The more practical path is to keep the usefulness while bringing the activity back into a visible, governable environment.
Timeline: from shadow IT to shadow AI
| Period | Meaning |
|---|---|
| 1990s–2000s | PCs, email, and the internet move corporate information management from paper to digital systems. |
| 2010s | SaaS, cloud storage, and smartphones create the shadow-IT problem of unauthorized tools. |
| 2022 | ChatGPT brings generative AI into the hands of ordinary employees. |
| 2024 | The EU AI Act enters into force and Japan formalizes business AI guidance. |
| 2026 | DNP invests in Folta, showing that shadow-AI control is becoming a concrete enterprise-security market. |
Folta’s opening: a small company targets a large-company pain point
For a smaller company like Folta, enterprise AI governance is a large opportunity. Big companies want the productivity of AI, but they do not want uncontrolled information leakage. They want employees to innovate, but they also need to know what data is leaving the company and where it is going. Legal, security, IT, HR, and business units all see the risk from different angles.
In this market, the intelligence of the AI model is only part of the story. Deployment, integration, logs, dashboards, audit trails, policy design, employee warnings, and operational improvement matter just as much. DNP may give Folta distribution, credibility, and experience with large-scale security operations. Folta may give DNP a faster route into a new category of AI-era security service.
Japanese companies are often described as cautious adopters of new technology. But caution is not the same as refusal. When a credible governance layer appears, adoption can accelerate. Folta’s bet is that safe AI use will become the condition that allows broad AI use.
Japan.co.jp view
This is not the flashiest AI story of the July 7 edition. That is why it may be one of the most important. The AI economy is not only about the biggest model, the fastest chip, or the smartest robot. It is also about the boring control layers that let real companies use AI without losing control of their data.
If AI models are engines, companies like Folta are building the brakes, mirrors, seat belts, and dashboard warning lights. That may not sound glamorous. But without them, most enterprises will not be comfortable driving very far.
DNP’s bet on Folta is a bet on the institution around AI, not merely the technology of AI. Japan’s AI revolution is not only happening in robotics labs, data centers, and chip factories. It is also happening in the small moment before an employee pastes a confidential sentence into a browser window.
Reader takeaways
| Question | Answer |
|---|---|
| What happened? | DNP invested in Folta and formed a capital and business alliance. |
| What does Folta provide? | A secure-browser service that controls and monitors generative-AI use through web browsers in real time. |
| Why does it matter? | Employees may use unapproved AI tools and enter sensitive company data, creating shadow-AI risk. |
| What does DNP want? | To combine Folta’s browser-level control with DNP’s security services and build new AI-era offerings. |
| What is the bigger meaning? | AI governance is moving from written policy to operational control at the point of use. |
Sources and references
This article draws on DNP’s official release, PR TIMES, and public AI-governance references.
