Hard2bit
← Back to the cybersecurity blog

Shadow AI: the risk your employees have already brought into the organisation

By Thilina Manana · COO y Director Técnico de Seguridad hard2bit · Published: 16 July 2026 · Updated: 16 July 2026
Shadow AI: the risk your employees have already brought into the organisation

There is a kind of risk that does not arrive through a firewall flaw or a malicious email, but through the best of intentions: an employee who wants to finish sooner and pastes a client contract, a snippet of source code or a sheet of personal data into an artificial intelligence assistant the organisation never approved. The phenomenon has a name, Shadow AI, and in 2026 it has moved from footnote to one of the fastest-growing routes for data to leak out.

The figures put it at the centre of the board. According to IBM's Cost of a Data Breach report, one in five organisations (20%) suffered a breach linked to shadow AI, and those incidents added as much as 670,000 dollars to the average breach cost, disproportionately exposing personal data and intellectual property. The same study found that 63% of organisations had no AI governance policy in place at all. This is not a problem of cutting-edge technology: it is a problem of data leaving the organisation with no one watching.

What shadow AI is, and why it matters now

Shadow AI is the use of generative artificial intelligence applications, agents, browser extensions or interfaces outside any organisational control: without approval, without an inventory and without oversight. It is not an attack but an everyday practice. Adoption of these tools runs well ahead of an organisation's ability to approve them, train people and define which data may be handled in them.

The scale is what surprises. Verizon's 2026 DBIR recorded that shadow AI detections rose fourfold in a year, and that around 45% of employees now use AI tools on corporate devices, in many cases despite believing company policy did not allow it. When almost half the workforce uses a channel security cannot see every day, the perimeter is no longer where it was assumed to be.

Anatomy of the risk, at a conceptual level

It is worth understanding why shadow AI is dangerous without slipping into alarmism. The risk is not in using artificial intelligence, but in where the data ends up and under which rules. It rests on three mechanisms almost any organisation reproduces without noticing.

Data leaves the perimeter and does not return

When someone pastes information into a public assistant, that text travels to a third party's infrastructure that sits entirely outside the organisation's control. As the The Hacker News analysis of shadow AI risks puts it, these tools do not just store files: they ingest source code, customer records, contracts and strategic plans, and send them to model providers outside the organisation. The most exposed data is precisely the most sensitive, and personal data appears in most incidents. It is a quiet data exfiltration, with no malware involved.

No identity, and no record of who handled what

An approved tool leaves a trail: who accesses it, what they query, what they upload. Shadow AI does not. Because it lives outside the inventory, there is no access control and no audit, so data handled today in an unapproved assistant appears in none of the organisation's logs. That blind spot is what turns a one-off lapse into a structural risk.

The surface grows with every integration

The problem is not limited to pasting text into a chatbot. Every browser extension with AI capabilities, every plug-in that connects to a model, every agent that acts on the user's behalf widens the ground. It is the same machine-credential abuse logic we analysed in LLMjacking, but in reverse: here they do not steal your compute — your data walks out through a channel no one is watching.

The facts, with their source

These are the verifiable facts behind the analysis, each with its origin:

  • 20% of organisations suffered a breach linked to shadow AI, with up to 670,000 dollars in extra cost per incident, according to the IBM report covered by Cybersecurity Dive.
  • 63% of organisations had no AI governance policy, and among those that suffered an AI-related incident, 97% lacked proper access controls, according to IBM.
  • Shadow AI detections rose fourfold in a year and around 45% of employees use AI on corporate devices, according to Verizon's DBIR as reported by TechTimes.
  • Personal data appears in most shadow AI incidents, and intellectual property in a significant share, according to the The Hacker News analysis.

One note of honesty: much of this data comes from annual reports with their own methodology, and the true volume of unapproved use is by definition hard to measure, because it happens off the radar. The direction of travel, however, is consistent across independent sources: it is growing, and growing fast.

Why traditional controls miss it

Classic defences were designed for a different problem. Email filtering does not inspect what an employee types into an assistant's tab; the endpoint antivirus flags nothing, because there is no malicious file; and network rules built to block specific destinations fall short when the destination is a legitimate, mass-market service. Blocking everything does not work either: it pushes people to a personal phone or a private account, and the data leaves anyway, now with no visibility at all.

The underlying shift is that the unit of risk is no longer the device or the file, but the data and the identity handling it. That is why the disciplines that actually address shadow AI are the ones that look at the data: modern data loss prevention (DLP) and data security posture management, or DSPM, which make it possible to know where sensitive information sits and to detect when it heads for an unauthorised destination.

Where the risk concentrates

Shadow AI is not the business of a single department but a cross-cutting pattern, and it helps to know which data and which areas carry most of the exposure so the defence can be prioritised.

  • Development and product. Pasting source code, keys or architecture snippets into an assistant to debug or document is among the most common habits, and it exposes intellectual property and, at times, access secrets.
  • Business, sales and legal. Contracts, proposals, pricing and customer data end up in assistants to draft or summarise, with the risk of leaking confidential information and third parties' personal data.
  • Support, HR and finance. Tickets, payroll, records and case files hold sensitive personal data that, handled in an unauthorised tool, turn a shortcut into a possible data-protection breach.

The common denominator is that the most productive areas are also the ones under most pressure to move fast, so AI governance cannot be a blanket brake: it has to provide a safe route precisely where usage is highest.

Detection and governance: what to actually watch

The answer is not to ban, but to see and to channel. Some concrete measures that genuinely change the picture:

  • Inventory the real use of AI. Before governing anything, you need to know which tools are used, from which devices and with which data. An honest discovery usually reveals dozens of services no one had approved.
  • Classify and watch sensitive data with DLP and DSPM. Knowing where critical information lives and detecting its exit towards unauthorised assistants turns a blind spot into an actionable alert.
  • Offer an approved, usable alternative. Shadow AI thrives when the official route is slow or absent. A sanctioned AI platform, with access control and logging, drains most unauthorised use without having to chase anyone.
  • Train people in judgement, not just in the rule. Effective cybersecurity training teaches how to tell what may be pasted into an assistant and what may not, with real examples from the organisation itself, rather than a policy document no one reads.
  • Treat agents and extensions as third-party software. Every integration with AI capabilities should pass the same scrutiny you would apply to any supplier, something we develop when discussing production controls for AI agents and MCP.

Compliance implications

Shadow AI is not only a security risk: it is a compliance problem on several fronts at once. Under the GDPR, pasting customers' or employees' personal data into an unauthorised service may amount to a disclosure or transfer with no legal basis or safeguards, with the consequences that entails. Under NIS2, security governance is a duty of management, and mass use of uncontrolled tools sits badly with the obligation to manage risk with due diligence.

On top of this comes the EU Artificial Intelligence Act. From 2 August 2026, the Commission's supervision powers and fines over providers of general-purpose AI models enter into application, consolidating a framework in which organisations need to know which models they use and under which safeguards. Preparing that ground is exactly what we aim at when discussing EU AI Act compliance and an AI compliance platform that produces evidence rather than good intentions.

What to do this week

Shadow AI is not solved by a memo banning chatbots. It is solved by seeing what already happens, offering a better alternative than the clandestine one, and putting the focus on the data rather than the device. The first step is uncomfortable but revealing: discovering how much unapproved AI is already in use across the organisation and which data has passed through it. That inventory is usually the real starting point, and it almost always shows the problem is not hypothetical. From there, governing artificial intelligence security stops being a theoretical debate and becomes a business decision with evidence behind it.

Frequently asked questions

What exactly is shadow AI?

It is the use of generative artificial intelligence tools — applications, agents, browser extensions or APIs — without the organisation's approval, inventory or oversight. It is not an attack but an everyday practice by employees who adopt these tools faster than the company can approve them, train people and define which data may be handled in them. The main risk is the leak of sensitive data to third-party infrastructure that sits outside all control.

Why is it dangerous if my employees only want to work faster?

Precisely because it is born of good intentions and goes unnoticed. When someone pastes a contract, code or personal data into a public assistant, that information travels to a third party and does not return, leaving no trail in the company's logs. There is no malware, so classic defences miss it. The result is a quiet exfiltration of critical information that can end in a security and a compliance incident at the same time.

How much does a shadow AI incident cost?

According to IBM's Cost of a Data Breach report, 20% of organisations suffered a breach linked to shadow AI, and those incidents added as much as 670,000 dollars to the average breach cost, with disproportionate exposure of personal data and intellectual property. The exact figure varies case by case, but the signal is clear: the extra cost is material, not anecdotal.

Is it enough to ban chatbots at work?

No, and it is usually counterproductive. Blocking everything pushes people to a personal phone or a private account, and the data leaves anyway but with no visibility. The strategy that works combines discovering real usage, offering an approved and usable alternative, and putting the focus on the data with DLP and DSPM, rather than chasing individuals.

How do I detect shadow AI if it leaves no malware?

By looking at the data and the identity, not the file. An inventory of real AI use reveals which tools are used and from which devices. Data loss prevention (DLP) and data security posture management (DSPM) make it possible to know where sensitive information lives and to detect when it heads for an unauthorised destination, which is the most reliable sign of problematic use.

What role does the EU AI Act play in this?

From 2 August 2026, the European Commission's supervision powers and fines over providers of general-purpose AI models enter into application. This consolidates a framework in which organisations need to know which models they use and under which safeguards. Shadow AI is incompatible with that requirement, because it prevents exactly the control and traceability the framework expects.

Does shadow AI affect GDPR and NIS2 compliance?

Yes, both. Under the GDPR, handling personal data in an unauthorised service may amount to a disclosure or transfer with no legal basis or safeguards. Under NIS2, security governance is a duty of management, and mass use of uncontrolled tools sits badly with the obligation to manage risk with due diligence. That is why it is best addressed as a joint security and compliance problem.

Where do I start governing shadow AI?

With honest discovery: finding out how much unapproved AI is already in use and which data has passed through it. That inventory usually shows the problem is real, not hypothetical. From there, you offer an approved alternative, classify and watch sensitive data, and train people in the judgement of what they may and may not handle in an assistant. Banning without an alternative rarely works.