Shadow AI Is the New Shadow IT
In a late-2025 survey, 49% of employees admitted using AI tools their company never approved, and the C-suite is the most relaxed about it. Banning it does not remove the demand. It removes your visibility.
Someone on your team is using an AI tool you've never heard of. Probably today. They're not trying to break a rule. They're trying to get something done before a meeting.
That's what most security conversations miss. We treat shadow AI as a discipline problem, a few careless people who need a firmer policy. The numbers say otherwise. In a late-2025 BlackFog survey of 2,000 employees at large US and UK companies, 49% admitted to using AI tools their employer never approved. The group most relaxed about it sits at the top of the org chart. Sixty-nine percent of presidents and C-suite leaders said they were fine with it, choosing speed over privacy. The people with the most access carry the least worry.
If that pattern feels familiar, it should. We've been here before.
A decade ago we called it shadow IT. Someone stood up a Dropbox because the official file share was painful. A team ran half its work out of a personal Gmail and a spreadsheet nobody in IT had ever seen. We said no. People did it anyway. And most of us eventually learned the lesson buried in that behavior: a workaround is a signal, not a crime. People route around friction, and the tool they reach for is usually better than the one we handed them.
Shadow AI is that same instinct. What changed is the size of the blast radius.
The old version leaked a tool. This one leaks the data and the judgment behind it. In that same survey, a third of employees said they'd pasted internal research or datasets into unsanctioned tools. Twenty-seven percent had entered employee data like salaries and performance notes. Twenty-three percent had typed in company financial information. Most used the free versions, which were never built to hold any of it, and which often train on whatever you feed them.
The surface keeps spreading past the chatbot tab. People are building custom agents and skills on top of internal documents. They're wiring browser agents into systems that hold real permissions. A meeting assistant nobody vetted is sitting in half the calls on the calendar, quietly transcribing to a server no one's reviewed. Each one earns its place by solving a problem. None of them passed through anything close to review.
In a regulated business, that's where the productivity story turns into an exposure. "I dropped it into a chatbot to summarize" stops being a shortcut the moment that content is protected information. Now it's a disclosure, and you can't take it back. The person who did it is almost never acting in bad faith. They never saw the line, because no one ever drew one they could find.
So the reflex is to ban it. Block the domains, send the all-staff email, add a clause to the acceptable use policy. That feels like control.
It mostly buys the look of control. A ban does nothing to the demand that created the behavior. It pushes that behavior somewhere you can't see while the work and the data keep moving. You haven't closed the gap. You've switched off the lights and decided the room is empty.
The more useful question is the harder one to say out loud. Not how do we stop people. Why was the tool they chose better than the one we handed them? The honest answer usually stings. The sanctioned path is slower, or buried in process, or it doesn't exist yet. Shadow AI is less a story about reckless employees than a measure of the gap between how fast your people need to move and how fast you've made it safe to move.
This is the control-plane problem I keep coming back to, moved up a layer. You don't govern it with a policy PDF, the same way a policy PDF never governed shadow IT. You govern it the way you handle any operating risk. Give people a paved road they'd choose on their own. Get enough visibility to see what's happening on it. Put hard controls on the few paths that carry the exposure that actually matters, and stop pretending the rest are empty.
In practice this is less exotic than it sounds. Sanction a default tool good enough that the free one loses its pull. Make the safe way the fast way, not the bureaucratic one. Decide on purpose what data's allowed to go where, and build that decision into the tool instead of a training slide nobody remembers. Then watch where people still detour around the road after you pave it. That detour is the most honest backlog you'll ever get. It shows you exactly where the official path is still too slow.
None of this needs a transformation program. It needs you to treat the workaround as information. The first time you catch a team running something through a tool you never sanctioned, you get to choose how you read it. As a violation, or as a map. One reading drives the next workaround deeper underground. The other tells you what to build next.
Shadow AI is already inside your walls. The survey numbers are only the share of people willing to admit it. What you still get to decide is narrower, and it matters more. You don't get to choose whether your people use AI. You only get to choose whether you can see it.
Jared Mabry is SVP and CIO at D4C Dental Brands. He writes about enterprise AI, technology leadership, and the operating model behind technology that changes the business.