Shadow AI: the enterprise risk hiding in plain sight
Shadow AI: the enterprise risk hiding in plain sight

TLDR
→ 81% of employees and 88% of security leaders use unapproved AI tools. Shadow AI is systemic, not exceptional. It is what happens when approved alternatives do not meet employee needs. → Unlike shadow IT, shadow AI actively moves data to third-party servers for processing. The risk is not just unauthorized access. It is data leaving your control through the tools employees use to do their jobs. → Enforcement-only approaches consistently fail. 45% of workers find workarounds when tools are blocked. Organizations that provided approved alternatives instead saw unauthorized use drop by 89%. → Shadow AI now accounts for 20% of enterprise data breaches, at an average cost of $4.63 million per incident. Only 37% of organizations have policies to detect or manage it. → Effective governance combines approved alternatives employees actually want to use, operational policies that guide rather than prohibit, and behavioral analytics on approved tools that surface risk signals before they become incidents.
The employees in your organization who are most enthusiastic about AI are probably not waiting for IT to approve anything.
81% of employees and 88% of security leaders report using unapproved AI tools. This is not a fringe behavior. It is the default. Employees paste customer data into ChatGPT to draft emails. They upload financial documents to AI summarizers. They use coding assistants that send proprietary source code to third-party servers. They do it because it works, and because approved alternatives either do not exist or do not meet their needs. Cybersecurity Dive
This is shadow AI. And unlike most enterprise security problems, it is not being driven by bad actors. It is being driven by people trying to do their jobs well.
What shadow AI actually is
Shadow AI is the use of AI tools that process enterprise data outside the boundaries of organizational governance. It is broader than unauthorized chatbot use. It includes code assistants used through personal accounts, AI-powered browser extensions, open-source models run locally on company devices, and AI features embedded in SaaS applications that activate without IT awareness.
The critical distinction from traditional shadow IT is what happens to the data. When an employee uses an unauthorized file-sharing app, they store data outside your systems. When they use an unauthorized AI tool, they actively send that data to a third-party model for processing. The data moves. According to Cisco's 2025 study, 46% of organizations reported internal data leaks through AI tools, data that flowed out through employee prompts rather than traditional exfiltration methods. CIO
The Samsung case is the most cited illustration: engineers pasted proprietary semiconductor designs into ChatGPT to debug code, inadvertently making trade secrets part of an external dataset. But this type of incident happens at smaller scale across most large organizations every day. A financial analyst uploads a spreadsheet containing customer records. A lawyer shares a confidential contract for summarization. An HR team member uploads personnel files. Each person is trying to work more efficiently. The data has left your control in each case.
Why enforcement-only approaches fail
The conventional enterprise response to shadow AI has been to block it. Prohibit unapproved tools. Restrict access. Punish violations.
This does not work. 45% of workers find workarounds to access blocked applications, and blocking only compromises visibility, it does not prevent usage. Healthcare organizations that provided approved alternatives instead saw unauthorized AI use drop by 89%. The data on this is consistent: prohibition drives usage underground, removes the organization's ability to see what is happening, and creates resentment without reducing risk. Cybersecurity DiveRedTeam Partners
Employees use unapproved tools because they believe they understand the risks well enough to manage them themselves. UpGuard found a positive correlation between employees who reported understanding AI security requirements and those who regularly used unapproved tools. Knowing the policy does not stop the behavior when approved alternatives are inadequate. Deloitte
The problem is not that employees want to circumvent governance. The problem is that governance has not kept pace with what employees actually need.
The real risk exposure
Shadow AI creates three categories of material risk that board-level leaders need to understand.
Data exposure and IP loss. When employees use unauthorized AI tools, data moves to third-party servers your organization cannot audit. Some AI vendors use submitted data for model training, meaning proprietary information can become part of a model accessible to others. Shadow AI incidents now account for 20% of all enterprise data breaches, costing organizations an average of $4.63 million per incident, compared to $3.96 million for standard breaches. The additional cost reflects longer detection times and broader data exposure across multiple environments. CIO
Compliance violations. GDPR, HIPAA, CCPA, and SOC 2 were not designed for AI data flows. When an employee in a healthcare organization uploads patient records to an unapproved tool, that is a potential HIPAA violation, regardless of intent. When an EU-based employee uses a tool hosted on US servers, there may be data residency implications under GDPR. Only 37% of organizations have policies to manage or detect shadow AI. The remaining 63% are accumulating compliance exposure they cannot see. RedTeam Partners
Operational and governance risk. The average enterprise has 14 distinct AI tools in use, of which the IT team is aware of only 4 to 5. The tools IT does not know about are the ones creating unaudited decision-making, unreviewed outputs influencing business processes, and API connections that have not been assessed for security. When an unauthorized AI agent makes a mistake or produces a hallucination that drives a business decision, there is no audit trail and no recourse. UpGuard
What effective governance looks like
The organizations managing shadow AI effectively share a common posture: they treat it as a visibility problem, not an enforcement problem. Three things separate them from organizations still relying on prohibition.
Provide approved alternatives that employees actually want to use. The most direct lever is closing the gap between what employees can access unofficially and what is officially available. Enterprise deployments of Claude, ChatGPT, or Copilot with appropriate data agreements, combined with private or self-hosted models for teams handling the most sensitive data, remove the primary reason employees go outside approved channels. The approved tool needs to be at least as good as what employees would find on their own.
Establish policies that guide rather than prohibit. Effective AI policies answer the questions employees are actually asking: which tools are approved for which data types, what to do when a needed tool is not on the list, and how to handle edge cases. Policies written in operational terms, rather than legal language, are more likely to be followed. They also give employees a clear path to request new tools rather than defaulting to workarounds.
Deploy behavioral visibility on approved tools. This is the piece most organizations miss. Technical monitoring tracks system performance. Behavioral analytics tracks what employees are actually doing with AI, what they are asking, where they are hitting the limits of approved tools, and whether patterns suggest they are likely to seek unauthorized alternatives. Security leaders who regularly use unapproved tools send a cultural signal that policies are not serious. Behavioral data surfaces this before it becomes a governance failure. Deloitte
Behavioral visibility also enables proactive risk management rather than reactive incident response. The signals that precede a shadow AI incident, employees testing guardrails, attempting to input restricted data types, or repeatedly hitting limits in approved tools, appear in conversation analytics days or weeks before they would trigger a security alert.
The governance requirement for regulated industries
For organizations in financial services, healthcare, manufacturing, and other regulated sectors, shadow AI governance is not a best practice. It is a compliance requirement.
Regulators are beginning to act on AI data flows explicitly. The EU AI Act creates obligations around how AI systems process personal data. DORA in financial services creates requirements around technology risk that extend to AI tools. Healthcare regulators in the US and EU have issued guidance on AI use with patient data. The direction is clear: organizations will need to demonstrate what AI tools are in use, what data they process, and what governance controls apply.
That demonstration requires visibility. An organization that cannot inventory its AI tools, audit what data flows through them, or show what controls are in place around sensitive data categories will struggle to satisfy regulators, regardless of what its written policies say.
Nebuly
Nebuly is the ROI platform for enterprise AI. It connects to the AI agents your business runs on, the assistants your customers interact with, and the tools your employees use every day, including Claude, ChatGPT, and Copilot, and translates that activity into business value. How much time is being saved across teams. What revenue your AI is influencing. What adoption and AI proficiency look like in practice, across departments and geographies. All aggregated at the organizational level, never tied to individuals.
If you need clarity on what your AI investment is actually delivering, book a demo.
FAQs
What is shadow AI and why is it different from shadow IT?
Shadow AI is the use of AI tools that process enterprise data outside organizational governance, including unauthorized chatbots, code assistants used through personal accounts, AI browser extensions, and AI features embedded in SaaS tools that activate without IT awareness. The critical difference from shadow IT is what happens to the data. Shadow IT stores data outside your systems. Shadow AI actively sends it to third-party models for processing. The data moves through the tool, potentially into training datasets, logs, and third-party servers, outside your control and visibility.
Why do employees use unauthorized AI tools despite knowing the risks?
Research from UpGuard found a positive correlation between employees who understand AI security requirements and those who regularly use unapproved tools. Employees use unauthorized tools not because they are unaware of risk, but because they judge that the productivity benefit outweighs the risk, and because approved alternatives do not meet their needs. The behavior is a signal about governance gaps, not about employee intent. When approved tools are as capable and accessible as unauthorized ones, usage shifts. Organizations that provided good approved alternatives saw unauthorized AI use drop by 89%.
What compliance regulations apply to shadow AI use?
Several regulatory frameworks have direct implications for data shared with third-party AI tools. GDPR requires that personal data is only processed under appropriate data agreements. Most consumer AI tools do not provide the data processing agreements that GDPR mandates, meaning employees sharing personal data through unauthorized tools may be creating violations regardless of intent. HIPAA prohibits sharing patient data with systems that do not meet its security and privacy requirements, with no exceptions for accidental or informal use. SOC 2 requires organizations to demonstrate controls over how data is accessed and processed by third-party systems. The EU AI Act adds a separate layer. It does not govern data processing directly — that remains GDPR's domain. It does require organizations deploying high-risk AI systems to maintain technical documentation, conduct conformity assessments, and implement human oversight mechanisms. For enterprises in regulated industries, this means AI governance is now a compliance obligation, not just a best practice. Most EU AI Act obligations apply from 2026 onward, with high-risk system requirements phasing in through 2027. The practical implication across all of these frameworks is the same: organizations need to demonstrate not just that they have written policies, but that they can audit which AI tools are in use and what data flows through them.
How do you detect shadow AI in your organization?
The most reliable starting point is asking employees directly. Survey your organization about which AI tools they use for work. Research consistently shows that most employees will admit to using unapproved tools when asked. Network monitoring can detect API traffic to known AI platforms, but gives false confidence because it only surfaces tools you have already identified. Behavioral analytics on approved tools reveals a complementary signal: employees who repeatedly hit the limits of approved tools, test guardrails, or attempt to input restricted data types are likely candidates for unauthorized tool use. These behavioral patterns appear in conversation data before they escalate.
What is the financial cost of shadow AI incidents?
According to IBM's 2025 Cost of Data Breach Report, shadow AI-related incidents cost organizations an average of $4.63 million per breach, compared to $3.96 million for standard incidents. The additional $670,000 reflects longer detection times and broader data exposure across multiple unaudited environments. Gartner projects that by 2030, more than 40% of enterprises will experience security or compliance incidents linked to unauthorized AI use. For regulated industries, these costs do not include regulatory fines, which can be substantially higher.


Stay up to date on what we're learning, building, and seeing as enterprise teams deploy and measure AI agents in production.


