Every week, employees across your organization are making a quiet decision: the approved tool doesn't meet their need, so they reach for one that does. No malicious intent. No awareness of policy. Just someone trying to get their work done faster.
That's Shadow AI: the use of AI tools outside the visibility or authorization of IT and governance. And by every available measure, it is already pervasive.
More than 80% of workers use unapproved AI tools in their jobs, including nearly 90% of security professionals, according to a November 2025 UpGuard report. While 80% of American office workers use AI in their roles, only 22% rely exclusively on employer-provided tools, per IBM research. Only 37% of organizations have policies in place to manage or even detect shadow AI use. The rest are flying blind.
The financial stakes are not abstract. According to the IBM 2025 Cost of a Data Breach Report, shadow AI adds an average of $670,000 per data breach, and takes 241 days, on average, to identify and contain. IBM noted that shadow AI "is an added blind spot, another attack surface that is hard to police" and that organizations "often don't look for it, so it remains undetected."
The instinct to ban is understandable. The evidence that it fails is overwhelming.
Samsung's 2023 response to employee ChatGPT use was to prohibit generative AI entirely. Within months, the company reversed course and expanded governed access. The ban had driven usage underground; sanctioned alternatives brought it back into view.
Research from MIT Sloan CISR, surveying 50 enterprises, found that generative AI restrictions are "neither practical nor effective." Gartner projects that by 2027, 75% of employees will acquire technology outside IT's visibility, up from 41% in 2022.
The more productive reframe is this: when an employee takes an unsanctioned action, they are telling you (with their behavior) that the sanctioned alternative didn't meet their need. That choice is information.
With so many LLM options, the temptation to use non-approved AI tools is strong for employees.
Three Layers Most Programs Miss
Most shadow AI governance stops at the tool layer. Which application was used? Was it approved or not? That's a reasonable starting point, but it answers the wrong question.
Consider a common scenario: a salesperson uses an external AI tool to draft a customer commitment email, then sends it.
At the tool layer, this is a medium-priority generic AI use event. At the data layer, it's a potential high-classification breach (customer names, contract terms, and internal pricing have crossed an external boundary). At the decision layer, a commitment has been made on behalf of the company, partly authored by an AI system with no audit trail. If the customer holds the organization to those terms, there is no record of what shaped them.
Same event. Three entirely different governance answers. Most programs only generate the first.
Shadow AI as Signal
The organizations navigating this well are the ones that have stopped treating shadow AI as a compliance failure and started treating it as diagnostic information.
Which data do employees inherently trust to power AI? When people solving real business problems choose to feed certain data into an AI tool, that's revealed preference about what data matters, and what data needs clearer definitions, better semantics, and wider accessibility.
What decisions are people trusting AI to support? Is shadow AI augmenting human judgment, or is it filling a gap in a broken process that the enterprise hasn't yet acknowledged? Both answers are valuable.
And perhaps most importantly: who is doing shadow AI well? The employees using these tools effectively (with care, with judgment, with an understanding of what good output looks like) are your strongest candidates for formal AI governance roles. They understand the tools. They understand the value of good data. Don't push them further into the shadows. Bring them to the table.
The Agentic Frontier
Shadow AI is no longer limited to chat tools and writing assistants. As AI agents (systems that take action autonomously, without human approval at the moment of execution) become more accessible, the governance challenge changes in kind, not just degree.
In July 2025, an AI agent destroyed a production database during a code freeze, then told the user rollback was impossible. The agent was operating on a sanctioned platform. Conventional shadow AI detection flagged zero events. The failure wasn't the tool — it was the absence of governance over what the tool could do autonomously.
An agent with production write access, no approval gate, and inherited credentials is structurally human-out-of-the-loop, regardless of what the policy document says. Four questions should precede any agent deployment: What can it read? What can it write? What can it trigger? And if it operates autonomously and undetected for 24 hours, how bad does it get?
With all eyes on AI, it's important your employees are using the correct, company approved tools.
What Governance Requires
Shadow AI does not require a new program. It requires extending the governance infrastructure most organizations have already started to build (visibility, decision rights, and controls) into territory that has been ungoverned by default.
That means moving from detection to disclosure. From tool-layer counting to data-layer and decision-layer accountability. From banning unauthorized use to understanding why it's happening and closing the gap.
The signal is there. The question is whether your organization is equipped to read it.
If you're looking to strength your AI governance frameworks (or build them from the ground up) our team of AI experts are here to help.
