AI

Shadow AI: The New Shadow IT Problem (And Why Visibility Comes First)

How businesses can find opportunities in Shadow AI without risks

Roger Leyland Professional Services Director

May 21, 2026

Most enterprise IT teams learned about Shadow IT the same way: after an incident. The post-mortem named a tool nobody knew was in use. 

Shadow AI follows the same pattern, but at a faster speed and with a wider blast radius. One prompt to a public generative AI tool can move sensitive code, customer data, or commercial detail outside your control in seconds. Once data crosses that boundary, your options to govern retention, review, reuse, and access depend entirely on the provider, the plan tier, and whatever was configured. 

The consequence is immediate risk to data security and compliance. No policy matters until you can see what is actually being used. 

Get visibility. Establish control. Govern usage. 

Key takeaways 

  • Shadow AI operates without governance. It is AI use without IT, security, or legal oversight. This includes public tools and AI features embedded inside approved SaaS. 
  • BYOAI is widespread. Microsoft’s Work Trend Index reports 78% of AI users bring their own tools to work. 
  • Sensitive data is exposed. Menlo Security reports 57% of employees input sensitive data into AI tools. 
  • The cost impact is measurable. IBM’s Cost of a Data Breach Report 2025 links high Shadow AI involvement to ~$670,000 in additional breach costs. 
  • 2026 is a regulatory tipping point. EU AI Act requirements phase in, with key dates already active and more arriving. 
  • Governance requires four pillars. Visibility → Observability → Management → Governance. 

What is Shadow AI?

Shadow AI is the use of AI tools, AI features, or AI agents inside an organization without IT review, security approval, or governance oversight. 

In practice, it appears in three patterns: 

  • Public AI tools on work accounts. Someone signs up just to try it. 
  • Personal AI accounts on work devices. These are harder to detect and harder to govern. 
  • Hidden AI inside approved SaaS. These are AI features enabled by default or turned on quietly during a software renewal or rollout. 

Most enterprises have learned that bans alone rarely stop usage. They push usage to personal devices and home networks, reducing visibility even further. The sustainable move is to discover, govern, and then provide a sanctioned path. 

Identify the tools. Sanction the paths. Maintain control. 

Shadow AI vs Shadow IT: What is different now? 

Shadow AI is sometimes treated as just another Shadow IT category. That understates the risk. 

1. Data can leave the business in a single prompt

With legacy Shadow IT, an unapproved file-share might sit unnoticed for months. With Shadow AI, sensitive content can be copied into a prompt instantly. The data handling that follows depends on provider terms, plan tier, and configuration. 

2. AI is embedded inside tools you already approved

Your SaaS list can look clean while AI features inside approved tools are live, licensed, and being used. Feature-level governance matters just as much as app-level governance. 

3. AI is becoming agentic and permissioned

As AI tools evolve from answering prompts to executing tasks, the risk mirrors an unmanaged digital worker. These agents often operate with delegated access across mail, documents, and business systems. 

Shadow AI needs its own discovery and governance lens. Copy-pasting legacy Shadow IT playbooks will not cover it. 

How big is the problem? 

Four numbers define the scale of the issue: 

  • 78% of AI users bring their own AI tools to work (BYOAI), per Microsoft’s 2024 Work Trend Index. 
  • 57% of employees input sensitive data into AI tools, according to Menlo Security’s 2025 State of Browser Security report. 
  • ~$670,000 additional average breach cost is associated with high Shadow AI involvement, per IBM’s 2025 Cost of a Data Breach Report. 
  • Mainstream board-level visibility. Shadow AI is no longer a niche issue. It touches risk, compliance, and cost directly. 

Real incidents: What has already gone wrong 

Shadow AI is not theoretical. The pattern is consistent: usage expands fast, data leaks occur, bans follow, and usage moves out of sight. 

In 2023, Samsung restricted the use of ChatGPT and other AI tools following reports of sensitive internal code being uploaded. The lesson from these moments is operational. You cannot govern what you cannot see. 

Regulation and standards: The 2026 shift 

In 2024 and 2025, Shadow AI was treated as an internal IT or security issue. In 2026, it becomes an external assurance issue. It is driven by regulation, customer scrutiny, and auditable standards.

EU AI Act (Regulation (EU) 2024/1689)

The EU AI Act applies in stages, not a single date. Key implementation requirements are already in motion. 

NIS2: Supply chain security and risk management 

NIS2 calls for risk-management measures that include supply chain security and governance of the systems and service providers you rely on. Shadow AI tools bypass vendor due diligence. They create an obvious gap against those expectations. 

ISO/IEC 42001: An emerging AI management standard

ISO/IEC 42001 sets out requirements for an AI management system. While still maturing, the practical takeaway holds: you must maintain a clear, current view of what AI is in use, where it operates, and who owns it. 

If your teams cannot produce an AI inventory covering tools, embedded AI features, and ownership, governance is not operational.

The four blind spots that make Shadow AI hard to govern 

  • Hidden AI inside approved SaaS. Features enabled by default or rolled out mid-contract. 
  • Blanket bans. These push usage to personal devices, resulting in less corporate telemetry and less control. 
  • Agentic tools and integrations. Tools that act across systems with delegated permissions. 
  • AI cost sprawl. Duplicate subscriptions, overlapping add-ons, and consumption that procurement cannot easily see. 

What a workable AI use policy looks like 

A policy that holds up in the real world is simple, clear, and enforceable. It requires: 

  • Approved use cases. Define what is allowed, for which roles, and in which tools. 
  • Prohibited data classes. Specify what must never go into non-approved tools. 
  • A review path. Establish how teams request a new tool or use case. 
  • Legal, privacy, and procurement sign-off. Review terms, DPAs, and commercial routes. 
  • Practical training. Provide short rules people actually remember. 
  • An inventory and ownership model. Name accountable owners. 

A policy without discovery becomes a paper exercise. Discovery without policy becomes a list with no decision rights. You need both.

Discovery first: The standard for Shadow AI visibility 

To govern Shadow AI, you need a discovery layer that does four things: 

  1. Sees AI tool use at the user and device level (often browser-led). 
  1. Sees AI apps through identity (SSO logs, Entra ID, and Okta visibility). 
  1. Recognizes key AI providers where supported (evidence beyond a simple site visit). 
  1. Catalogues and classifies what is found. Without classification, the output is noise. 

How Certero approaches discovery 

CerteroX SaaS Management is designed around a discovery-and-classification loop. It supports discovery via browser telemetry, identity connectors (Entra ID, Okta), and provider connectors where available. It then classifies what is discovered using a large application catalogue and routes it into review workflows with named ownership. 

CerteroX SaaS Management does not provide token-level consumption tracking or automated EU AI Act category mapping. These should not be assumed. 

If you want to see how Shadow AI discovery works in practice, contact us.

Connect your data. Get clarity. Take action. 

Where to start: A plan across the four pillars 

1. Visibility: Discover and classify 
Build the best inventory you can of AI tools, embedded AI features, and access paths. Categorize each item with a provisional risk tier so you can prioritize. 

2. Observability: Track usage 
Establish ongoing telemetry on AI usage at the user and identity level. The inventory tells you what exists today. Observability tells you whether usage is shifting, escalating, or being driven into the shadows by policy changes. 

3. Management: Owners, policy, sanctioned paths 
Assign an application owner and a data owner for each item. Codify your policy. Provide sanctioned alternatives so usage moves back into the light where controls actually work. 

4. Governance: Evidence and assurance 
Document governance evidence so policy holds up under audit or customer scrutiny. Tie this back to the regulations and standards you must answer to, including the EU AI Act, NIS2, ISO/IEC 42001, and customer assurance questionnaires. 

Discover usage. Assign owners. Apply policy. 

Discover more about Certero

Roger Leyland

Professional Services Director

Roger leads Professional Services at Certero and is a recognized voice in the FinOps community. He specializes in IT cost governance across ITAM, SAM, and SaaS. Roger holds multiple FinOps certifications and regularly shares insights on cloud optimization and IT asset management.

Read more from Roger
Posted by

Read Our Latest News

Plus guidance, hints and tips, read our articles or follow us on LinkedIn

View All Our Blogs
FinOps Certified Platform Logo
Linux Foundation Silver Member Logo
Microsoft Partner Logo
Oracle Partner Logo
ServiceNow Logo
ISO Logo
Cyber Essentials Certified Logo
Cyber Essentials Certified Plus Logo
AICPA Logo
Gartner Peer Insights Logo
FinOps Foundation General Member Logo
Schedule a Demo