Your company has a forty-page acceptable use policy for AI. It was reviewed by legal, presented in a town hall, and published to a SharePoint site nobody bookmarks. Meanwhile, someone on the sales team pasted a deal summary into a free ChatGPT account last Tuesday because the approved tool either doesn’t exist, doesn’t work for their job, or was never communicated to them in the first place.
Most organizations call this a shadow AI problem. It’s a procurement problem. Over eighty percent of workers now use AI tools their employer didn’t provide or approve.1 The standard response is a longer policy, a tighter DLP rule, and a mandatory training nobody retains. The better response is to ask why your people went around you, and to listen to the answer.
Every shadow AI incident starts with a tool you didn’t provide
People use unauthorized tools for three reasons, and leadership controls all three. The approved tool doesn’t exist for their role. The approved tool is worse than what they found on their own. Or nobody told them there was an approved tool at all.
The Samsung incident in 2023 looks like employees going rogue if you read the headlines. Read the details and it’s engineers doing their jobs with the only tool that helped them do it faster. Three separate instances, three separate teams, same gap. They knew how to code. They didn’t know there was a policy. And even if they had, there was no internal alternative that did what ChatGPT did.
The one-page policy that actually gets followed starts with an approved tool list and a named owner, not a compliance framework. If people don’t know what they can use, they’ll use what works. Competence in a vacuum looks exactly like a policy violation.
Your people already did the vendor evaluation
Every shadow AI user in your org is a data point. They picked a tool. They evaluated it against the work they actually do. They’re paying for it, in some cases out of pocket. That’s the highest-quality user research your organization will ever produce, and most companies treat it as an incident.
Run a query against your expense reports for “ChatGPT,” “Claude,” “Anthropic,” “OpenAI,” “Cursor,” and “Perplexity.” Whatever shows up is your shadow AI spend. It’s real money leaving your organization in channels you aren’t governing. But it’s also a procurement roadmap. If your senior salesperson is paying twenty dollars a month for ChatGPT Plus while a Copilot seat sits unused on their machine, they’re telling you something about the approved tool. The five-minute spend audit that captures this signal is worth more than the forty-page framework that ignores it.
The number you find won’t be small. Only thirty percent of organizations report full visibility into their employees’ AI usage.2 The other seventy percent are funding shadow AI through expense reports and personal credit cards. That spend is a feedback loop. Learn to read it.
The real risk is boring and manageable
Separate what’s actually happening from what the security presentation says is happening. The real risk of shadow AI is data flowing into consumer-tier tools with training-on-inputs defaults and no enterprise data agreement. That risk is real, boring, and solvable: enterprise tier with a BAA or DPA, plus endpoint controls for visibility.
The imagined risk, the one that fills the threat model slides, is the front-page regulatory catastrophe. The thing most organizations do to prevent that scenario is the thing that causes it. Banning tools without providing alternatives pushes usage underground, into personal accounts and consumer tiers, where you have no logging, no data agreement, and no visibility. IBM’s 2025 data found that one in five breaches involved shadow AI, adding an average of $670,000 to the cost. Sixty-three percent of the organizations studied had no governance in place to prevent it.3
The four failure modes that actually hit enterprises (data leakage, wrong answers, over-reliance, and shadow AI itself) each have operational controls that cost less than the AI program. The expensive failure is the one where you don’t know what your people are using.
The fix is a better tool
The single most effective shadow AI intervention is making the shadow tool the approved tool, on a plan you can govern. Give people something good enough that they don’t need to go around you.
Three moves close most of the gap. A two-week SLA on new tool requests, because anything slower creates shadow AI by default. A one-page policy with three lists: approved tools, off-limits data categories, and what you monitor. And a named human who owns the policy, reviews requests, and updates the tool list quarterly.
Detection matters, but culture matters more. DLP gives you visibility. Rewarded self-reporting gives you trust. If the penalty for disclosing unauthorized use is a write-up, people will stop disclosing. If the response is “thanks, let’s get you on the enterprise plan,” you’ve converted a risk into a governed seat. The people who already converged on which tools actually work for their roles are the ones whose judgment you should be formalizing, not policing.
Something to carry
Pull thirty days of endpoint or proxy logs filtered for known AI domains: openai.com, claude.ai, gemini.google.com, cursor.com, perplexity.ai. Count distinct users. Compare that number to the count of approved AI seats your organization pays for. The gap is your shadow AI footprint.
Sample twenty events. Read them. You’ll find routine work in the wrong tool, sensitive data in a consumer account, or nothing (which means your detection is misconfigured). Any of those gives you a starting point the policy draft in committee didn’t.
If most of the shadow traffic is going to a tool you don’t offer, the next question is which tool your people would actually choose if you asked. If you already have a budget and need to make it defensible to finance, the shadow AI line item is one of the four numbers that does the work.
Unauthorized use is the clearest signal your organization produces about where the approved tooling falls short.
Footnotes
-
Software AG, “Shadow AI in the Enterprise,” 2025. Survey of 6,000 full-time employees at enterprise organizations found more than 80% using unapproved AI tools. ↩
-
JumpCloud, “Shadow AI Statistics 2026.” Only 30% of organizations report full visibility into employee AI usage. ↩
-
IBM, “Cost of a Data Breach Report,” 2025. One in five studied breaches involved shadow AI, adding $670,000 to average breach cost. 63% of organizations had no AI governance policies. ↩