Vetted by NeuralPress's Multi-Agent Verifier for strict factual validity and event relevance. Our compliance engine cross-checks and filters search results to ensure zero false correlations or misleading content.
Employee Usage of Unapproved AI
Percentage of employees utilizing unauthorized AI tools in professional settings.
Primary Sources
Shadow AI, and why banning it isn't the solution
‘Shadow AI’ Image created by AI for The Red Giant Newsletter (ChatGPT)What is Shadow AI?Right now, employees at your organisation are almost certainly using AI tools you haven’t approved. An employee may be pasting a client brief into ChatGPT. A colleague in finance may be using a free AI tool to draft a report. Someone in HR may be asking Claude to summarise a set of CVs. None of them were doing anything intentionally malicious or dangerous, but none of them asked for permission.This is shadow AI: the use of AI tools that haven’t been approved, vetted, or sanctioned by the organisation.The scale of the problemMultiple pieces of research show that this is a significant and growing problem, and the scale of it may surprise you. Microsoft’s UK research, published in October 2025 and based on a survey of 2,003 UK employees, found that 71% have used unapproved consumer AI tools at work, and 51% do so every week.This isn’t primarily a story about employees who don’t know what they’re doing or who are deliberately flouting the rules. In most cases, people are simply trying to do their jobs better and more efficiently, using tools they know work. Research by BlackFog, based on a survey of 2,000 UK and US employees conducted by Sapio Research in November 2025, found that 60% of employees accept the security risks of unsanctioned tools because they help them work faster or meet deadlines. 28% of UK employees using unapproved tools told Microsoft the reason is simply that their organisation doesn’t provide a sanctioned alternative. There’s no malice here, just momentum and a lack of approved alternatives. Understanding these reasons matters if you want to respond to it effectively.The organisational risksThe problem is that the stakes are considerable. When an employee pastes a client brief or a financial dataset into a consumer AI tool, that data leaves the organisation’s control entirely. It’s transmitted to a third-party provider, processed on infrastructure the organisation doesn’t own, and in some cases retained for model training purposes. The Samsung incident in 2023, in which engineers fed proprietary source code into ChatGPT for debugging help, only to have that code potentially surface in responses to other users, is the most widely cited example of how quickly this can go wrong.IBM’s Cost of a Data Breach Report 2025 found that shadow AI contributed to 20% of all data breaches and added an average of $670,000 to breach costs. IBM’s IBV report “Go further,...
Shadow AI: What It Is, Why It Spreads, and How to Govern It
AI adoption is accelerating, often faster than organizations can govern it. 88% of respondents to a McKinsey survey report using AI in at least one business function in 2025, up from 78% in 2024 and 55% in 2023. The challenge for leaders is that they don’t always have visibility into where AI is being used in their companies. Employees are adding LLMs like ChatGPT, Claude, or Gemini to their workflows, but they’re doing it without letting their managers know. So AI shows up in browser tabs and quiet experimentation, far from leadership’s view. This is called shadow AI. And while it’s often framed as a security problem, that’s only part of the story. Shadow AI is also a signal of how work is really getting done — and where employees feel unsupported. What Is Shadow AI: Definition, Meaning, and Enterprise Context Before you can govern shadow AI, you have to understand what it actually is — and why it’s a problem for organizations. What Is Shadow AI? Shadow AI is the use of artificial intelligence tools (chatbots, writing assistants, code generators, browser plug-ins) without the knowledge or approval of IT or leadership. Most of the time, it’s just employees trying to work smarter. They find a tool that helps them move faster. They use it. They don’t think to ask permission. And the problem is that this experimentation often moves faster than policies and governance can keep up. What Does Shadow AI Mean for Business Strategy? Here’s the framing most organizations get wrong: they treat shadow AI as purely a security problem to be eliminated. It isn’t. Shadow AI is also an innovation signal. When employees are adopting AI tools without guidance, it means they see value that the organization hasn’t formally captured yet. The usage is telling you something. The goal shouldn’t be suppression. It should be visibility, governance, and a better path forward. How Shadow AI Spreads Across Organizations and Teams olia danilevich/Pexels Shadow AI rarely arrives as a single decision. It spreads through small, sensible choices made by people who are just trying to get their work done. How Does Shadow AI Happen? It usually starts small. A content writer uses ChatGPT to draft an email because the approved tool is slower. A developer pastes code into an external AI assistant to debug a problem. An analyst runs a dataset through a generative AI tool to summarize findings quickly. None of these feel like policy violations. They feel like being resourceful. ...
Closing the Shadow AI Gap: Why Traditional Zero Trust Is Not Enough
Legacy security tools can't stop Shadow AI. Learn why Zero Trust application-centric governance is the only way to close the enterprise enforcement gap.
How Many AI Tools Are You Using Before It Becomes a Problem?
... AI programs. That gap is where the risk sits. AI is already moving through the business faster than governance can catch up. The quiet rise of shadow AI. Shadow ...
