↑ Resources / Security · Governance
Complete Guide Active Risk

Shadow AI: What It Is, Why It's a Risk, and How to Stop It

78% of employees using AI tools at work are using tools their IT team did not provision. That number is not a future threat, it is your organization today. Shadow AI is already in your production systems. The question is whether you can see it.

Security · Governance · 12 min read · Updated June 2026

What is Shadow AI?

Shadow AI is any use of AI models, tools, or agents within an organization that has not been approved, provisioned, or is not visible to IT and security teams. It is the AI equivalent of Shadow IT, but with two properties that make it considerably more dangerous: it generates outputs that influence real decisions, and it processes data that may be sensitive, regulated, or confidential.

Shadow AI is not primarily a problem of malicious intent. Most employees using unauthorized AI tools are doing so because the tools make them faster and more effective. The risk is not the intent. It is the absence of governance, no logging, no attribution, no scope control, no audit trail.

The distinction from Shadow IT matters: an unauthorized SaaS tool might store data in the wrong jurisdiction. An unauthorized AI agent might draft a customer communication, summarize a legal document, evaluate a CV, or recommend a financial product, all without any record that it did so, or what it was shown.

How Shadow AI enters your organization

Shadow AI does not arrive through a single channel. It enters through the path of least resistance, and in 2026, that path is everywhere.

Consumer tools brought to work. ChatGPT, Claude, Gemini, Perplexity, all accessible via personal browser with a free or paid subscription. No corporate provisioning required. An employee processing a customer complaint or drafting a board update has access to a frontier model the moment they open a new tab. What they paste into it is invisible to your organization.

AI features inside approved tools. Microsoft Copilot, Google Workspace AI, Notion AI, Grammarly, Salesforce Einstein, most software your organization has already approved now has AI features built in. Employees activate them with a checkbox. IT governance frameworks written before 2024 do not address AI features inside approved applications.

Developer API access. Developers with access to a corporate credit card, or their own, can provision direct API access to any major LLM provider in under ten minutes. What they build with that access, what data they route through it, and whether any of it gets logged is entirely invisible unless you have a governance layer watching outbound traffic.

AI agents embedded in automations. Zapier, Make, n8n, and similar automation platforms now offer native AI action nodes. A business user building an automation to process incoming emails or classify support tickets can wire a frontier model into a production workflow with no code and no IT ticket. The resulting agent has no identity, no scope boundary, and no audit trail.

Third-party tools with AI backends. Recruitment platforms, document review tools, financial analysis software, and customer support platforms increasingly run AI models in the background. The enterprise procurement team approved the SaaS tool. They did not approve, and may not know about, the AI model that now processes every document uploaded to it.

Why it matters: security, compliance, and liability

Shadow AI creates three categories of organizational risk. They compound each other.

Data security. Every prompt sent to an external LLM provider is data leaving your perimeter. Customer PII, internal financial data, legal strategy documents, source code, HR records, all of it can be processed by external models over which you have no data processing agreement, no deletion guarantee, and no audit trail. The 2024 Samsung incident, engineers pasting proprietary chip designs into ChatGPT, is not an edge case. It is the median case, repeated daily, in organizations with no Shadow AI visibility.

Regulatory compliance. Under GDPR, processing personal data through an unauthorized third-party processor is a breach regardless of whether a data incident occurs. Under the EU AI Act, deploying a High-Risk AI system without the required logging, oversight, and registration obligations is non-compliant regardless of whether that system causes harm. Shadow AI in regulated verticals creates compliance exposure that is both retroactive and structural, you cannot fix it by issuing a policy. You need visibility first.

Liability and auditability. When an AI-assisted decision is challenged, a hiring decision, a credit denial, an insurance pricing, the question from regulators and courts is: what did the system do, what was it shown, and who authorized it? If the answer is "we don't know because it ran outside our governance perimeter," that is not a defensible position. The absence of a log is not the same as the absence of liability.

Shadow AI and the EU AI Act

The EU AI Act creates a specific compliance problem for Shadow AI that is worth understanding precisely.

Under the Act, deployers of High-Risk AI systems bear compliance obligations, not just providers. If an employee in your organization uses an AI tool for recruitment screening, credit assessment, or insurance risk classification without IT visibility, your organization is the deployer of a High-Risk AI system that has not been classified, registered, or equipped with the required audit infrastructure. The fact that deployment was unauthorized internally is not a regulatory defense.

This creates an unusual obligation: you must govern AI systems you did not know existed. The only way to satisfy that obligation is to establish visibility before enforcement begins, not after the first competent authority request arrives.

Full breakdown of EU AI Act obligations for enterprises deploying AI agents →

How to detect Shadow AI

Shadow AI detection requires a combination of network-level visibility, endpoint monitoring, and process controls. No single method is sufficient on its own.

Network traffic analysis. LLM provider APIs have identifiable domains and IP ranges. Traffic to `api.openai.com`, `api.anthropic.com`, `generativelanguage.googleapis.com`, and similar endpoints from unexpected sources is the most reliable detection signal. A DNS logging and filtering layer that captures these requests, even if it does not block them initially, gives you the baseline picture of your Shadow AI surface.

Endpoint browser extension audit. AI browser extensions (Grammarly, Copilot sidebar, ChatGPT plugins, Perplexity) are installed at the endpoint level and may not be visible in network traffic if they handle their own TLS. An endpoint management sweep for AI-related extensions gives you a second signal that complements network analysis.

SaaS application audit. Inventory every approved SaaS tool and check its current feature set for AI capabilities added since your last procurement review. Most major platforms added AI features in 2024–2025. Your original approval did not cover them.

Developer API spend review. Check cloud expense reports and corporate card statements for API spend with LLM providers. Anthropic, OpenAI, Google, and Mistral all appear as distinct line items. Unauthorized API spend is often the clearest signal of autonomous agent deployments built without IT oversight.

A governance proxy layer. The only way to achieve complete Shadow AI visibility across all providers, all agents, and all deployment patterns is a network-level governance proxy that all outbound AI traffic routes through. This is not primarily a blocking tool, it is a visibility tool. Once you can see it, you can govern it.

Step-by-step Shadow AI detection guide with tool recommendations →

How to govern it without killing adoption

The wrong response to Shadow AI is to block it. Blocking access to LLM providers does not eliminate the demand, it drives it to mobile data connections, personal devices, and workarounds that are even harder to see. It also destroys the productivity gains that make AI adoption valuable in the first place.

The right response is: make visible, then govern.

Phase 1, Establish visibility. Before making any access decisions, build a complete picture of what AI tools are in use, who is using them, and what data categories they are touching. Network traffic analysis and endpoint audits give you the baseline. A governance proxy gives you continuous visibility going forward.

Phase 2, Classify the landscape. Once you can see what is running, classify each AI tool and use case against your regulatory obligations. Which of these are potentially High-Risk under EU AI Act Annex III? Which are processing personal data that requires a DPIA? Which are accessing systems that require audit trails under DORA? This classification exercise determines where governance controls are obligatory versus optional.

Phase 3, Provide sanctioned alternatives. For the highest-demand use cases, provide enterprise-grade alternatives with proper data processing agreements, logging, and scope controls. Employees using ChatGPT for customer communication because there is no approved alternative will stop using it when there is a better, faster, sanctioned tool available.

Phase 4, Enforce at the governance layer, not the application layer. Rather than blocking access at the network edge, enforce scope controls through a governance proxy. All AI traffic, approved and unapproved, routes through the proxy. Approved traffic passes through with logging. Traffic that violates policy (wrong data categories, unapproved tools in regulated workflows, scope violations) is blocked before it reaches the model. Employees who route around approved tools get blocked automatically, not by an IT ticket.

Frequently asked questions

What is the difference between Shadow AI and Shadow IT? +
Shadow IT refers to any unauthorized software, hardware, or services used within an organization, file sharing tools, personal cloud storage, unauthorized SaaS subscriptions. Shadow AI is a subset of Shadow IT, but with specific characteristics that make it riskier: it generates outputs that influence decisions, it processes data with models trained on unknown datasets, and it operates without audit trails. The governance approaches overlap but are not identical, AI requires governance controls (scope, logging, attribution) that traditional Shadow IT does not.
Is it a GDPR violation to use Shadow AI tools that process personal data? +
Yes. Under GDPR, processing personal data through a third-party processor requires a Data Processing Agreement (DPA) with that processor. Using an unauthorized LLM tool to process customer PII, employee data, or other personal data without a DPA in place is a GDPR violation regardless of whether a data incident occurs. The violation is the unauthorized processing, not the incident.
How common is Shadow AI in enterprise environments? +
Data from 2024–2025 consistently shows 60–80% of enterprise AI usage is outside IT-managed tools. A Microsoft survey found 78% of AI users bring their own tools to work. A Salesforce study found 55% of employees use AI tools without formal company guidance. These numbers are almost certainly underestimates, they reflect what employees are willing to self-report, not what network analysis reveals.
Can I stop Shadow AI by blocking LLM provider domains at the firewall? +
Blocking works as a temporary measure, but it is not a sustainable governance strategy. Employees who need AI tools will find workarounds: mobile data, VPNs, personal devices, or AI features embedded in approved tools that cannot be blocked without disabling the tool entirely. Blocking without a sanctioned alternative also destroys productivity gains and creates employee friction. The more effective approach is a governance proxy that routes all AI traffic through a controlled layer, providing visibility and policy enforcement without blanket blocking.
Does Shadow AI include AI features built into approved SaaS tools? +
Yes. This is one of the most common and most overlooked Shadow AI vectors. Your original procurement approval for a SaaS tool did not cover AI features added to that tool in a subsequent product update. Microsoft Copilot inside Teams, AI summarization in your CRM, AI writing assistance in your document platform, these all require separate assessment against your data governance policies and regulatory obligations. Reviewing the current AI feature set of every approved tool is a standard part of Shadow AI auditing.
What is a Shadow AI governance proxy? +
A governance proxy is a network layer that sits between your users and agents and all external LLM providers. All AI inference traffic routes through the proxy, which logs every request and response with a tamper-evident record, enforces policy rules (blocking requests that violate data classification, scope, or provider restrictions), and provides visibility across all providers simultaneously. It requires no code changes in applications, typically a single environment variable or network routing rule. This is the only approach that provides complete visibility without requiring enumeration of every AI tool in use.

Related resources

KYDE Gateway

See every AI inference call across your organization, from day one.

KYDE is a model-agnostic governance proxy that provides complete visibility into all AI agent traffic across every provider. Shadow AI doesn't disappear, it becomes visible, logged, and policy-enforced. One environment variable or network routing rule. No code changes. Any provider.

See the Platform →