‘Shadow AI’ is becoming corporate america’s biggest headache

Companies are losing control of employee AI adoption, with shadow AI, the use of unapproved consumer AI tools for work, now affecting an estimated 71% of UK workers.

The unauthorised tool usage has spiraled so far beyond company IT governance that experts now describe it as worse than traditional shadow IT, the old problem of employees using unsanctioned software.

A 2024 Microsoft report revealed that nearly 80% of workers using AI rely on their own tools rather than company-approved platforms.

One biotech researcher, Gregg Bayes-Brown, used a personal Google account to access NotebookLM despite understanding company AI policies he helped develop. His reasoning was pragmatic: the tool compressed 150 hours of work into 30 minutes. "The chance of you being eclipsed by a Chinese peer massive risk," he said, weighing that against potential data leaks.

High-profile companies have already experienced shadow AI disasters. Samsung banned ChatGPT on company devices after engineers uploaded proprietary source code. Amazon grew wary when ChatGPT responses began reproducing internal company data verbatim.

Mimecast Chief Information Security Officer Leslie Nielsen called shadow AI "death by a thousand cuts." A single employee uploading financial documents to an unapproved AI could expose sensitive information if someone outside the company uses the right prompts to trigger regurgitation of sensitive data.

A February Protiviti survey found that half of company leaders don't know the extent of employee AI use. Only 40% had formal AI governance policies in place. Yet 90% of IT leaders at large companies plan to increase AI tool budgets this year.

The paradox: 80% of IT leaders surveyed by Freshworks believe unsanctioned AI users are more productive, but 86% witnessed at least one negative incident from unauthorised AI use compliance violations, security breaches, or data leaks.

Nicole Jiang, cofounder of Fable Security, said shadow AI is "worse" than shadow IT because "companies are actually allowing and pushing for more AI adoption in a rate we've never seen before."