14 minute read

Shadow AI Logo

Shadow AI

Introduction

Every day, well-meaning employees paste sensitive code into ChatGPT, summarise confidential memos with Gemini, or spin up browser-based AI tools they found on social media. They are not acting maliciously — they just want to work faster. But every one of those interactions happens outside the view of IT, security and compliance teams. The phenomenon has a name: shadow AI (sometimes called BYOAI, “bring your own AI”).

Shadow AI is distinct from ordinary shadow IT in one critical way. Traditional unsanctioned software might store a copy of your data on an unauthorised server. AI tools can learn from it, meaning your organisation’s data can leave your control permanently and resurface in model outputs served to other users — including competitors.

The scale of the problem is striking. Industry surveys from 2024–2026 consistently show that the majority of knowledge workers are already using AI tools their employers have not approved, while governance programmes lag far behind. This post unpacks the risks, examines what regulated industries face, and lays out a practical mitigation playbook.

Shadow AI at a Glance 80%+ of workers use unapproved AI tools UpGuard 2024 223 data-policy violations per month (avg.) Netskope 2026 47% of gen-AI users on personal accounts Netskope 2026 $670K extra breach cost from shadow AI SentinelOne Key distinction: AI tools don't just store your data — they can learn from it. Once data enters a model's training pipeline, it is irrecoverable and may resurface to anyone. Shadow IT vs Shadow AI Shadow IT Data stored on unauthorised servers Recoverable with access controls Known software categories Shadow AI Data absorbed into model training Permanently irrecoverable Embedded in apps, extensions, plugins

Figure 1 — Shadow AI by the numbers and how it differs from traditional shadow IT.

How Widespread Is Shadow AI?

The short answer: almost everywhere. The numbers paint a consistent picture across sectors and geographies.

More than 80 % of workers and nearly 90 % of security professionals report using unapproved AI tools, according to UpGuard’s 2024 survey — with fewer than 20 % relying solely on employer-approved options. Manufacturing, finance and healthcare workers report particularly high trust in AI, often treating it as their most trusted information source.

In healthcare, a 2025 Wolters Kluwer survey of over 500 providers found that 17 % admitted to using unapproved AI tools. Nearly half cited faster workflows, and a quarter said the unapproved tools simply worked better than whatever their employer offered.

Netskope’s 2026 cloud-threat report raised the bar further: 47 % of generative-AI users still rely on personal accounts, and organisations experience an average of 223 data-policy violations per month involving AI applications.

Even the legal sector is affected. Only 32 % of law firms provide AI tools to staff, yet 46 % of lawyers are actively using AI anyway.

Shadow AI Adoption — Who Is Using Unapproved Tools? Percentage of workers or professionals using AI without formal approval Workers (all sectors) Security professionals Gen-AI on personal accts Lawyers using AI Healthcare providers 0% 25% 50% 75% 100% 80%+ ~90% 47% 46% 17% Sources: UpGuard 2024 · Netskope 2026 · Relativity · Wolters Kluwer 2025

Figure 2 — Shadow AI adoption rates across sectors and roles.

Why employees reach for unapproved tools

The drivers are intuitive and recurring. Many AI tools are free or browser-based, so the barrier to entry is negligible. Employees feel productivity pressure and want to accelerate routine tasks like drafting, summarising or data analysis. Corporate governance often lags behind the technology — approved alternatives arrive late or are clunkier than what is available on the open market. And there is a confidence paradox: UpGuard found that employees who rate themselves as highly knowledgeable about AI risks are more likely to use unapproved tools, not less. Confidence in managing risk encourages circumvention of the very policies designed to manage it.

The Security Risk Landscape

Shadow AI does not create a single risk; it creates an interconnected web of them. The following sections walk through the major categories.

Data leakage and loss of control

When employees paste sensitive data into a public AI service, that data may be stored, retained and used for model training. SentinelOne reports that breaches involving shadow AI cost organisations $670,000 more on average than other types of incidents. Netskope breaks down the data involved in AI-related policy violations: source code accounts for 42 %, regulated data (personal, financial, healthcare) for 32 %, and intellectual property for 16 %. Once data leaves the organisation it is essentially irrecoverable — it can reappear in future responses or be accessed by third parties.

Compliance and regulatory violations

Unapproved AI tools bypass documented data-processing agreements and audit trails. A Proofpoint study found that 57 % of employees use sensitive data — including PII, PHI and financial records — in AI tools, and 68 % do so via personal accounts. When an employee pastes a customer list into ChatGPT, for example, that interaction is unlogged, creating a gap that violates requirements under PCI DSS, HIPAA and SOC 2.

Intellectual property exposure

Employees may paste code, product roadmaps or research data into generative-AI platforms to debug, summarise or brainstorm. That content can be incorporated into training datasets, making it potentially accessible to other users. Unauthorised disclosure via a public AI tool can invalidate patent rights and destroy trade-secret protections. And because purely AI-generated outputs may lack copyright protection, the resulting work could be unownable by anyone.

Attack surface expansion

Unvetted AI plugins, browser extensions and third-party API integrations can introduce malicious code or supply-chain vulnerabilities. Model-context servers and framework integrations (like LangChain) can reach into production data well beyond what security teams can see. AI-generated code itself may embed subtle backdoors, and AI features within authorised software can act as covert exfiltration channels.

Agentic AI risks

Autonomous AI agents operate at machine speed, calling APIs and editing data with minimal human oversight. A misconfigured or hallucinating agent can leak thousands of records in minutes. This category is growing rapidly and requires continuous monitoring and strict least-privilege access controls.

Auditability gaps

Shadow AI tools operate outside logging and monitoring infrastructure. AI decisions and outputs produced in these tools leave audit trails that are incomplete or nonexistent, making it impossible to reconstruct decisions for regulators, legal proceedings or internal investigations.

What Data Are Employees Leaking to AI Tools? Breakdown of AI-related data-policy violations (Netskope 2026) Policy Violations Source code 42% Regulated data (PII, PHI, financial) 32% Intellectual property 16% Credentials & other 10% 90% of leaked data is high-value: code, regulated records or trade secrets

Figure 3 — Types of data involved in AI-related policy violations.

The Three-Layer Risk Model

A useful way to think about shadow AI risk is as a three-layer stack. Each layer builds on the one below it, and weakness at any layer undermines the layers above.

The Three-Layer Shadow AI Risk Model Each layer builds on the one below — weakness at any level undermines everything above Layer 3 — Control Governance, policy enforcement, technical controls DLP · CASB · behavioural analytics · NIST AI RMF · ISO 42001 Layer 2 — Data Classification by sensitivity: critical · high · medium · low Source code (42%) · Regulated data (32%) · IP (16%) · Credentials Layer 1 — Discovery Visibility into tools and usage across the organisation Apps · browser extensions · personal devices · free accounts 🔍 Maturity increases

Figure 4 — The three-layer risk model: discovery, data classification and governance controls.

Layer 1 — Discovery: knowing what is in use. Many AI capabilities are hidden inside applications, browser extensions or personal devices. Employees use free accounts that generate no network logs. Without discovery, organisations cannot classify risk or enforce policies.

Layer 2 — Data: understanding what is at stake. Risk severity depends on the type of data being processed. A helpful classification ranges from critical (regulated data like PHI or PCI) through high (proprietary business data), medium (internal non-sensitive) to low (public information). The most common violation categories — source code, regulated data, IP and credentials — cluster at the top of this scale.

Layer 3 — Control: governance and enforcement. Effective mitigation requires clear policies, approved alternatives and technical controls such as DLP, CASB and behavioural analytics. Blanket bans fail because employees either circumvent them or hide their usage. A governance-first approach aligned with frameworks like NIST AI RMF and ISO/IEC 42001 is far more effective.

Regulated Industries Face Amplified Risk

Shadow AI is a concern for every organisation, but regulated sectors — finance, healthcare, legal, insurance and government — face amplified stakes because they manage high-risk data under strict compliance obligations.

Healthcare

Clinicians across all experience levels experiment with unapproved AI tools. The Wolters Kluwer survey shows nearly half do so for speed and a quarter for better functionality. But healthcare data carries PHI obligations under HIPAA, and uncontrolled usage can jeopardise both patient privacy and clinical safety.

Finance

Finance professionals place high trust in AI and regularly adopt unapproved tools. Data leakage in this sector can violate banking secrecy, AML/KYC and securities laws. Some forward-looking financial institutions have responded by deploying private AI models on-premises to keep sensitive data within controlled environments.

Legal teams handle privileged communications and client data that carry strict confidentiality obligations. Feeding privileged information into unsanctioned AI tools may compromise attorney-client privilege and IP protections. The gap is stark: only a third of firms provide AI tools, but almost half of lawyers are already using them.

Cross-sector risk themes

Industry analysts identify five top AI risks for 2026 across regulated sectors: data leakage, shadow AI itself, AI hallucinations, lack of explainability and auditability, and regulatory non-compliance. Each requires tailored prevention — from deploying AI firewalls in healthcare and insurance to grounding AI outputs in verified organisational data and maintaining rigorous audit logs.

Shadow AI Risk Profile by Regulated Sector Key data types at risk and primary compliance frameworks affected Healthcare 17% providers use unapproved AI PHI exposure · patient safety risk HIPAA · FDA · state health laws Mitigation: private models, AI firewalls Finance High trust in AI among professionals Financial records · trading data PCI DSS · SOC 2 · AML/KYC · MiFID Mitigation: on-prem LLMs, zero trust Legal 46% lawyers use AI; 32% firms provide it Privilege · client confidentiality Attorney-client privilege · IP law Mitigation: approved tools, training Top 5 Cross-Sector AI Risks for 2026 Data leakage Shadow AI Hallucinations Auditability gaps Regulatory non-compliance

Figure 5 — Sector-specific risk profiles and the top five cross-sector AI risks for 2026.

Intellectual Property at Risk

Intellectual property is a company’s competitive advantage — software code, algorithms, product designs, research data, trade secrets and strategic plans. Shadow AI jeopardises these assets through several mechanisms.

Employees paste code, product roadmaps or research into generative-AI tools for debugging or summarisation. These inputs may be incorporated into training datasets, causing irreversible IP leakage that can later surface to competitors. Unauthorised disclosure can invalidate trade-secret protections and patent rights, and purely AI-generated works may lack copyright protection entirely.

Beyond leakage, shadow AI introduces the risk of model contamination: biased or malicious data fed into AI models through unsanctioned use can create algorithmic bias, opening the organisation to discrimination claims. And many generative-AI platforms use user inputs to improve their models by default — free tiers often provide weaker data-protection guarantees than enterprise versions.

Private Information in Business Processes

Shadow AI frequently handles personally identifiable information, protected health information, financial records and confidential business data. The exposure is substantial.

Netskope’s 2026 report shows that regulated data makes up 32 % of AI-related policy violations and 54 % of personal cloud-app policy violations. Proofpoint reports that 77 % of employees have shared sensitive data with AI tools. Employees upload contracts, billing information and payment details to AI summarisation tools, exposing customer financial data and violating PCI DSS and SOC 2 requirements.

Personal cloud applications remain a major parallel vector: 60 % of insider incidents involve personal cloud apps, and 31 % of users upload data to personal apps each month. Regulated data accounts for over half of those violations, meaning personal storage often leaks PII and PHI alongside AI exposures.

A Practical Mitigation Playbook

The consensus across industry reports is clear: banning AI outright is ineffective and drives usage underground. A governance-first approach combines policy, technology and culture to enable safe AI adoption. Here is a seven-step framework.

Seven-Step Shadow AI Mitigation Playbook Policy + Technology + Culture 1 Governance Framework Cross-functional council NIST AI RMF · ISO 42001 2 Inventory & Classify Discovery audits · CASB/DLP Risk tiers: critical → low 3 Approved Alternatives Enterprise AI tools · private LLMs AI firewalls · sandboxes · zero-trust 4 Technical Controls DLP for prompts · SIEM/SOAR Behavioural analytics · TPRM 5 Security-Aware Culture Training · real-incident examples Structured intake process 6 Continuous Monitoring Quarterly audits · logging Compliance mapping per vendor 7 Manage Agentic AI Least-privilege access · secure integration points · real-time monitoring for machine-speed abuse Blanket bans fail. Governance-first approaches succeed. Employees circumvent bans or hide usage — provide approved paths instead.

Figure 6 — The seven-step mitigation playbook: policy, technology and culture working together.

1. Establish a cross-functional AI governance framework

Create an AI governance council with representatives from IT, security, legal, HR, data privacy and business units. Define acceptable-use policies, risk appetite and clear roles and responsibilities. Adopt recognised frameworks — the NIST AI Risk Management Framework (AI RMF) defines functions for Govern, Map, Measure and Manage — and align with ISO/IEC 42001 and sector-specific regulations such as the EU AI Act, HIPAA and PCI DSS.

2. Inventory and classify AI tools

Run discovery across the organisation: user surveys, network-traffic audits, browser-extension inventories, SaaS integration logs and endpoint monitoring. Deploy AI-aware CASB and DLP systems that can detect AI API traffic. Then classify each tool by risk tier — critical (regulated data), high (proprietary data), medium or low — so that governance effort is proportional to exposure.

3. Provide approved alternatives and secure environments

Offer enterprise-grade AI tools with explicit data-handling agreements — enterprise ChatGPT, private LLMs on-premises or via secure cloud. Deploy AI firewalls and sandboxes to filter prompts, redact sensitive data and ensure only approved data types are processed. Adopt zero-trust architecture for AI access: authenticate every request, enforce least privilege, maintain comprehensive audit logs and ensure data sovereignty.

4. Extend technical controls

Configure DLP rules to inspect prompts and block uploads of regulated data, IP, credentials and source code to unapproved services. Extend coverage to browser-based tools, SaaS apps and personal devices. Enhance SIEM and SOAR playbooks with AI-specific detections. Use behavioural analytics to spot anomalies like sudden spikes in data uploads. Whitelist approved AI plugins and block unauthorised browser extensions. Vet AI vendors through your third-party risk management programme.

5. Build a security-aware AI culture

Educate employees about the risks of feeding sensitive data into AI tools and emphasise the difference between sanctioned and unsanctioned use. Highlight real incidents and encourage responsible innovation rather than fear. Create a structured intake process so staff can propose AI tools with a clear path to evaluation and approval — and respond promptly to avoid the procurement delays that drive people to personal accounts.

6. Continuous monitoring and audit

Conduct quarterly audits of AI usage, policy enforcement and tool inventories. Maintain detailed logs of AI interactions, decisions and data access for audit and forensic purposes. Map AI activities to specific regulatory requirements and ensure data-processing agreements are in place for every AI vendor.

7. Manage emerging technologies — agentic AI

Restrict agent privileges to least-privilege access. Log all actions of model-context servers and integration tools. Vet plugins and connectors for security. Implement real-time monitoring to catch misconfigured or hallucinating agents before they can cause machine-speed data leakage.

Conclusion

Shadow AI has emerged as a pervasive, cross-industry phenomenon. Employees adopt unapproved AI tools to accelerate their work, but the resulting blind spots expose organisations to data leakage, compliance violations, IP theft, supply-chain vulnerabilities and audit failures. Regulated industries face the sharpest stakes because of the sensitivity of the data they handle and the strictness of the rules they must follow.

Blanket bans do not work — they simply drive usage underground. The organisations that succeed treat AI governance as an enabler of innovation, not a barrier. They stand up cross-functional governance councils, adopt recognised frameworks, inventory and classify AI usage, provide secure approved alternatives, layer technical controls, invest in culture and education, and monitor continuously.

By combining policy, technology and culture, organisations can harness the benefits of AI while protecting data, intellectual property and the trust of every stakeholder who depends on them.

Sources and Further Reading

Industry Surveys and Threat Reports

  • UpGuard — 2024 Shadow AI Survey (worker and security-professional AI usage)
  • Wolters Kluwer — 2025 Healthcare AI Survey (provider adoption of unapproved AI)
  • Netskope — 2026 Cloud and Threat Report (generative-AI data-policy violations)
  • Proofpoint — 2025 Data Loss Landscape Report (sensitive data in AI tools)

Security and Risk Analysis

  • SentinelOne — Shadow AI: Security Risks and Mitigation
  • Netwrix — Shadow AI Risk Classification and Compliance Gaps
  • Ampcus Cyber — AI Auditability and Explainability Challenges
  • AuthenTech — Generative AI IP and Data-Use Risks

Legal and Compliance

  • Miller Nash — Intellectual Property Risks of Public AI Tools
  • Relativity — Shadow AI in Legal Services
  • AGAT Software — Top AI Risks in Regulated Industries 2026

Governance Frameworks

  • NIST — AI Risk Management Framework (AI RMF 1.0)
  • ISO/IEC 42001 — AI Management Systems

You May Also Enjoy