What is shadow AI?
The complete enterprise guide
The definition of shadow AI, how it differs from shadow IT, concrete workplace examples, the risk model, the statistics that quantify it, and how security teams detect and govern it. One reference page, fully sourced.
Shadow AI, defined
Shadow AI is the use of AI tools and services by employees without the knowledge, approval, or oversight of IT and security teams.
It is the AI-era evolution of shadow IT, and it spans consumer chatbots, personal accounts on AI assistants, AI features embedded inside approved SaaS products, and autonomous AI agents.
The defining feature of shadow AI is not the tool, it is the missing oversight. The same chatbot can be sanctioned AI in one company and shadow AI in another. What matters is whether IT and security know it is in use, have reviewed how it handles data, and can see what flows into it.
Shadow AI is rarely malicious. Employees reach for AI because it makes work faster, and most have no idea that a pasted paragraph can constitute a data transfer to an unvetted third party. That is why the modern response is discovery, policy, and coaching rather than punishment. The short-form version of this definition lives in Aona's AI governance glossary, and an interactive version with a self-check quiz is at what is shadow AI, the interactive explainer.
Last updated: July 2026
All statistics on this page carry their source and year inline, and are drawn from Aona's sourced statistics pages. This guide is general information for security, IT, and governance teams, not legal advice.
How shadow AI differs from shadow IT
Shadow AI inherits the core problem of shadow IT, technology in use without approval, but changes its speed, shape, and visibility. Treating it as ordinary shadow IT is why so many organisations underestimate it.
| Dimension | Shadow IT | Shadow AI |
|---|---|---|
| What it covers | Unapproved software, cloud services, and devices | Unapproved AI tools, personal AI accounts, AI features inside approved SaaS, and AI agents |
| How data leaves | Files stored or synced in unsanctioned apps | Data pasted or uploaded into prompts, then processed and sometimes retained by third-party models |
| Speed of exposure | Builds up over weeks or months | A single prompt can expose sensitive data in seconds |
| Visibility | Shows up in network logs, procurement, and expense reports | Often invisible: free browser tools, personal accounts, and embedded features leave no procurement trail |
| Typical response | Block the app or sanction an alternative | Discovery plus policy, DLP, and coaching, because blanket blocking pushes use onto personal devices |
The practical difference is the unit of exposure. Shadow IT leaks data through where files are stored. Shadow AI leaks data through what people type and upload, one prompt at a time, into services that may retain it, learn from it, or process it in another jurisdiction.
What shadow AI looks like in practice
Six patterns account for most shadow AI in the enterprise. None of them requires bad intent, and several can happen inside software the company has already approved.
Pasting sensitive data into ChatGPT
An employee pastes customer records, contracts, financials, or source code into ChatGPT on a free or personal account to summarise or rewrite them. The data leaves the company in one prompt, with no log and no data processing agreement.
Personal Copilot and assistant accounts
Staff use personal Microsoft Copilot, Claude, or Gemini subscriptions for work documents because the company has not issued licences. Work content flows through consumer terms of service instead of an enterprise agreement.
AI features inside approved SaaS
Vendors switch on AI assistants inside software that was approved before it had any AI. Design, CRM, HR, and meeting tools now send content to model providers that never went through security review.
AI agents and MCP connectors
Employees wire up autonomous agents, custom GPTs, or MCP connectors that hold standing access to email, files, or internal systems. An unreviewed agent can read and act on far more data than a single prompt ever could.
AI meeting assistants and note-takers
Unvetted AI note-takers join calls and record discussions that may include customer data, deal terms, or HR matters, then store transcripts on infrastructure nobody has assessed.
AI browser extensions
Free extensions that summarise, translate, or autocomplete can read the full content of every page an employee views, including internal admin consoles and customer records.
Why shadow AI happens
Shadow AI is a predictable outcome of incentives, not a discipline problem. Five forces drive it in almost every organisation.
AI genuinely saves time
Employees adopt AI tools because they work. Drafting, summarising, coding, and analysis get measurably faster, and people under deadline pressure will use whatever helps.
Consumer AI needs no procurement
Most AI tools are free or cheap browser apps that take seconds to sign up for. There is no invoice, no installation, and nothing for a traditional software approval process to catch.
Approval cannot keep pace
New AI tools and features ship weekly. Security review cycles built for annual software purchases cannot evaluate them as fast as employees discover them.
Blanket bans backfire
When companies block AI outright, usage moves to personal phones and home accounts, where the organisation has zero visibility and zero control.
AI arrives inside approved tools
Even employees trying to follow the rules end up using unreviewed AI, because vendors embed AI features into SaaS products that were approved long before those features existed.
The three risks that make shadow AI a security problem
Shadow AI risk concentrates in three areas. Each one exists because data crosses an organisational boundary without review, agreement, or record.
Data leakage
Sensitive information entered into prompts or file uploads leaves the organisation's control and may be retained by the AI provider or used for model training. 48% of employees have entered non-public company information into AI tools, according to the Cisco AI Readiness Index (2024).
Compliance violations
Regulated data processed by unapproved AI services breaches privacy and sector rules, because no data processing agreement, residency control, or audit trail exists. Fines under the EU AI Act reach up to 7% of global annual revenue for prohibited AI systems (Regulation 2024/1689).
Intellectual property loss
Source code, product roadmaps, deal terms, and proprietary methods pasted into external AI tools can end up outside the company permanently, with no way to prove where they went or claw them back.
These risks compound in the incident itself: breaches involving AI tools are harder to detect and contain than conventional ones. Data breaches involving AI tools cost an average of more than $6.5 million, according to the IBM Cost of a Data Breach Report (2025).
Shadow AI statistics
Ten sourced figures that quantify shadow AI adoption, exposure, and governance readiness. Each statistic is written as a complete sentence with its source and year, ready to cite.
- 55%
55% of employees use unapproved AI tools at work, according to the Salesforce State of IT Report (2024).
- 78%
78% of employees who use AI at work brought their own tools rather than using employer-provided ones, according to the Microsoft WorkLab AI at Work Report (2025).
- 52%
52% of employees say they would not tell their manager they used AI to complete a work task, according to the Microsoft WorkLab AI at Work Report (2025).
- 48%
48% of employees have entered non-public company information into AI tools, according to the Cisco AI Readiness Index (2024).
- 46%
46% of employees have pasted confidential customer data into a public AI chatbot, according to the Cyberhaven AI Data Security Report (2024).
- 158+
The average enterprise has more than 158 shadow AI tools in active use, according to the Gartner AI Governance Survey (2025).
- $6.5M+
Data breaches involving AI tools cost an average of more than $6.5 million, according to the IBM Cost of a Data Breach Report (2025).
- 67%
67% of CISOs say their organisation has experienced at least one security incident linked to an unsanctioned AI tool in the past 12 months, according to the ISACA State of AI Security Survey (2025).
- 23%
Only 23% of organisations have a formal AI governance framework in place, according to the Deloitte AI Governance Global Survey (2025).
- 60%
60% of organisations have no formal AI usage policy, according to the IBM Institute for Business Value (2025).
The full numbered list of shadow AI statistics, with categories and methodology, is on the shadow AI statistics 2026 page.
How to detect shadow AI
No single control sees all shadow AI. Mature programmes layer four detection methods, and weight them towards the browser and endpoint, because that is where prompts actually happen.
Browser and endpoint telemetry
Observe AI use at the point of the prompt: which AI tools employees open, what categories of data they submit, and which accounts they use. This is the only layer that sees personal-account usage on managed devices.
Network traffic analysis
Identify connections to known AI services and APIs at the proxy or secure web gateway. Effective for on-network usage, but blind to personal devices and to AI features embedded inside approved SaaS.
Identity and OAuth review
Audit the AI apps, agents, and integrations connected to corporate identities. OAuth grants reveal AI tools with standing access to email, files, and calendars that never went through review.
SaaS posture review
Inventory the AI features switched on inside sanctioned SaaS products and the sub-processors behind them, so embedded AI is assessed with the same rigour as standalone tools.
Asking employees to self-report does not substitute for telemetry: 52% of employees say they would not tell their manager they used AI to complete a work task, according to the Microsoft WorkLab AI at Work Report (2025). Aona's shadow AI discovery maps which AI tools are in use across the workforce, and shadow AI detection watches risky prompts in real time in the browser.
How to govern shadow AI
The goal of shadow AI governance is not zero AI, it is zero ungoverned AI. Five steps take an organisation from blind spot to managed programme.
Discover actual usage
Start with evidence, not assumptions. Map which AI tools are in use, by whom, and with what data, before writing rules for a landscape you cannot see.
Publish an acceptable use policy
Tell employees which tools are approved, what data classes are off limits, and how to request a new tool. Write it for employees, not auditors.
Approve the tools people rely on
Where a widely used tool passes security review, sanction it with an enterprise agreement. Meeting demand with a governed option is what actually shrinks shadow usage.
Apply DLP at the point of the prompt
Stop sensitive data from entering AI tools with controls that act in the browser and on the endpoint, where prompts are typed, rather than only at the network edge.
Coach in real time and report
Guide employees at the moment of a risky prompt, then report adoption, incidents, and behaviour change to security leadership as audit evidence.
Two free starting points: the AI acceptable use policy template for step two, and the shadow AI incident response plan template for when sensitive data has already entered an AI tool.
A regulated Australian healthcare college cut shadow AI prompts by 92.9% in three months
The college had approved Microsoft Copilot, but a 12-month audit with Aona surfaced 8,904 visits to unapproved AI sites, more than 7 shadow AI platforms in use, and 446 shadow AI prompts. After deploying Aona's browser extension and real-time guardrails, the college cut shadow AI prompts by 92.9% in three months, while overall AI usage kept growing through approved channels.
The customer is anonymised for confidentiality. Full details, including the rollout approach, are in the Aona case studies.
Related shadow AI resources
This guide is the long-form reference. These pages cover the short definition, the interactive explainer, the full statistics list, and the templates to act on it.
Shadow AI glossary definition
The short-form definition of shadow AI in Aona's AI governance glossary.
Open resource →
Interactive: is it shadow AI?
A quick interactive explainer and self-check quiz on shadow AI scenarios.
Open resource →
Shadow AI statistics 2026
The full numbered list of sourced shadow AI statistics behind this guide.
Open resource →
AI acceptable use policy template
A free, editable policy template to define approved AI use for employees.
Open resource →
Shadow AI incident response plan
A template for responding when sensitive data has entered an AI tool.
Open resource →
Shadow AI detection with Aona
How Aona detects and coaches risky AI use in real time, in the browser.
Open resource →
Shadow AI: frequently asked questions
Find out which AI tools
your employees are really using
Aona discovers shadow AI across your workforce, applies DLP at the point of the prompt, and coaches employees in real time. SOC 2 Type II certified, with a 30-day free trial and no credit card required.