Skip to content
JP Stratton
Book a call
Shadow AI January 10, 2026 6 min read

Shadow AI Is Already in Your Organization

98% of organizations have unsanctioned AI use. 20% have had a breach linked to it. The question is no longer if it exists — it is what you do about it.

Shadow AI is already here 98% orgs with shadow AI usage (MintMCP) 68% employees on free-tier AI (Menlo) $670K added breach cost
Stat cluster visual: four large numbers with labels arranged in a 2x2 grid — '98%' (orgs with shadow AI), '$670K' (breach cost premium), '20%' (orgs that suffered shadow AI breach)

You have an AI policy. It probably says something about approved tools, data handling, and responsible use. Your employees have read it — or at least acknowledged reading it. And right now, dozens of them are pasting company data into a free-tier ChatGPT account, summarizing confidential documents in a personal Claude session, or using an unapproved browser extension that processes every web page they visit through an AI model.

This is not speculation. According to MintMCP's analysis of enterprise AI management data, 98% of organizations have unsanctioned AI usage. 20% have already experienced a security breach directly linked to shadow AI. The $670,000 figure — the average additional cost of a breach in organizations with high shadow AI usage — is from the same source.

Shadow AI is not a future risk. It is a present-tense, active condition in nearly every organization operating today.

Why Shadow AI Is Different From Shadow IT

Shadow IT — employees using unauthorized applications — has existed for decades. IT teams have developed playbooks for discovering and remediating it. So why is shadow AI harder to manage?

The entry barrier is zero. An unauthorized SaaS application typically requires IT provisioning, billing, and integration. An unauthorized AI tool requires opening a browser tab. The friction that made shadow IT detectable is absent.

The data exfiltration is passive. When an employee pastes a customer contract into a free AI tool, they are not intentionally leaking data — they are trying to work faster. The harm is real regardless of intent, but the behavioral signals that detect intentional exfiltration do not apply.

The blast radius is invisible. With traditional shadow IT, you can identify the system and the data it holds. With shadow AI, the data entered into a free-tier model may have been incorporated into training data. You cannot inventory what left the organization or retrieve it.

The scale is unprecedented. Menlo Security's 2025 enterprise AI usage report found a 68% surge in shadow generative AI usage in a single year. The rate of adoption outpaces any previous shadow IT wave by a significant margin.

What Employees Are Actually Doing

The ISACA analysis of shadow AI in the enterprise found that the most common shadow AI use cases are:

  • Document summarization (confidential reports, meeting notes, legal documents)
  • Code assistance (including proprietary codebases, internal tooling, security configurations)
  • Email drafting (including communications about sensitive negotiations, personnel matters)
  • Data analysis (including customer data, financial data, HR records)
  • Research and competitive intelligence (including internal strategy documents as context)

The employees doing these things are not malicious. They are resourceful. They have discovered that AI dramatically accelerates their work, and they are using the tools available to them — which, in many cases, are free consumer tools with no enterprise data protection.

The problem is not the intent. The problem is the outcome: regulated data, trade secrets, and customer information flowing through services with no contractual obligation to protect them.

The Regulatory Dimension

Shadow AI is increasingly a regulatory concern, not just an internal IT issue.

Under GDPR and most US state privacy laws, transferring personal data to a third-party service triggers specific requirements: contractual protections, data processing agreements, purpose limitation. Free-tier AI tools that process personal data entered by employees without a DPA in place create compliance violations regardless of whether a breach occurs.

For organizations subject to HIPAA, the standard is even clearer: PHI cannot be transmitted to any service that does not have a signed Business Associate Agreement. A physician pasting patient notes into ChatGPT to draft a summary is not just a data risk — it is a HIPAA violation.

ISACA's analysis noted that auditors are increasingly including shadow AI in their scope, and that organizations cannot demonstrate compliance without a systematic AI discovery and inventory process.

The Discovery Problem

You cannot govern what you cannot see. The first requirement for shadow AI management is visibility: knowing what tools are in use, by whom, and what data is flowing through them.

Traditional discovery methods are insufficient for this problem. Asking employees to disclose is unreliable. Reviewing software installation logs misses web-based tools. Network traffic analysis catches some tools but not browser-based ones that use HTTPS.

Effective shadow AI discovery requires:

DNS and proxy analysis — logging outbound connections to known AI endpoints (api.openai.com, claude.ai, bard.google.com, and several dozen others). This is the most practical starting point for organizations with network monitoring infrastructure.

Browser extension and CASB integration — Cloud Access Security Broker platforms and browser management tools can identify AI-related browser extensions and web activity at scale.

Employee survey data — While self-reporting is unreliable for full discovery, a well-designed anonymous survey often surfaces tool categories that are not visible through technical means. Treat survey results as qualitative signal, not comprehensive inventory.

HR and procurement cross-reference — Some shadow AI begins as an approved personal-license tool that employees bring into work contexts. A cross-reference of known AI vendor domains against expense reports surfaces this pattern.

The 98% statistic means that if you run this discovery exercise, you will find something. The question is what the something is and how significant the risk is.

From Discovery to Governance

Discovery produces an inventory. Governance turns that inventory into controlled, risk-appropriate AI usage:

  • Tools that meet your data protection requirements get moved to the approved list
  • Tools that partially meet requirements get moved to a restricted use tier with data classification rules
  • Tools that cannot meet requirements get blocked at the network layer with clear communication to employees about why and what the approved alternative is
  • Employees get a clear request path for new tools they want to use

The goal is not prohibition — it is governance. Organizations that respond to shadow AI discovery by banning everything accelerate the shadow AI problem because employees will use whatever tools help them work, regardless of the policy. Organizations that respond by channeling demand toward approved alternatives that provide real capabilities reduce the incentive to go rogue.

Ready to find out what AI is running in your organization before it becomes a breach headline? Talk to JP Stratton.

Filed under Shadow AI.

Keep reading

Related insights.

Shadow AI · February 8, 2026

The Copy-Paste Problem: How Employees Leak IP to Chatbots

Menlo Security logged 155K copy and 313K paste events monthly into AI tools. Samsung’s source code leak started with three employees. Your version is next.

Read

Shadow AI · January 25, 2026

How to Inventory AI in 90 Days: A Practical Discovery Playbook

Before you can govern AI use in your organization, you have to know what AI is actually running. Here's a 90-day playbook to build that inventory from scratch.

Read