When I joined my first CTO role about a decade ago, the big worry was shadow IT—people using Dropbox or Google Docs without approval. We worked out policies, ran awareness sessions, deployed CASB tools, and eventually got it mostly under control. It took years.

Shadow AI took roughly 18 months to become a bigger problem than shadow IT ever was. I’m not exaggerating. In the last network audit we ran across our 800-person company, we found over 140 distinct AI tools being accessed from corporate devices. We sanction three.

How Did We Get Here So Fast

The speed of shadow AI adoption isn’t really a mystery. The tools are free or cheap. They’re consumer-friendly. The productivity gains are real and immediate. And the perceived risk, from an employee’s perspective, is near zero.

Compare that to shadow IT a decade ago. Setting up an unsanctioned Dropbox required a credit card, a sense of which file-sharing service to pick, and some technical patience. Using ChatGPT requires opening a browser tab.

There’s also a generational and cultural shift. Employees who came of age with consumer SaaS tools assume that if they can access something, they’re allowed to use it. The idea of “this tool needs to be approved before I paste company data into it” isn’t intuitive anymore.

A Deloitte survey from late 2025 suggested that 71% of Australian knowledge workers use AI tools at work that their employer hasn’t formally sanctioned. That number tracks with what I see across my peers in the CIO Forum.

The Risks Are Different, Not Just Larger

Shadow IT mostly created data exfiltration risks. Someone uploads a customer list to their personal Google Drive, and now you’ve got a compliance problem. Bad, but manageable.

Shadow AI creates a more complex risk profile. There’s the data exfiltration angle, sure—employees pasting confidential information into LLM prompts, where it may or may not be used for training, may or may not be retained, and may or may not appear in someone else’s prompt result later. That alone is enough to keep me awake.

But there’s also a quality risk. Employees are generating analysis, customer responses, code, and contracts using tools the company hasn’t evaluated for accuracy or bias. The output gets treated as professional work product. When it’s wrong, the company is on the hook for it—not the AI vendor.

There’s a compliance risk in regulated industries. Financial services and healthcare have specific obligations around how decisions get made and documented. An employee using an unsanctioned AI to draft a credit assessment or a treatment summary may be creating regulatory exposure that nobody knows about.

And there’s an IP risk that’s harder to reason about. If your developers are pasting proprietary code into AI coding assistants, what does that mean for your IP position? The answer depends on the tool, the terms, and emerging case law that hasn’t settled yet.

What Actually Works (And What Doesn’t)

The instinct to ban shadow AI usually backfires. We tried it for about six weeks early last year. We blocked the most common consumer AI domains at the network level. Adoption of personal hotspots went up. Use of personal devices for work tasks went up. Visibility went down.

What worked better was offering a sanctioned alternative that was at least as good as the consumer tools. We rolled out Microsoft Copilot for Microsoft 365 and an enterprise Claude license. We made enrollment painless. We did office-hours sessions on how to actually use them effectively.

Adoption of the sanctioned tools hit 60% within four months. Shadow AI traffic didn’t go to zero, but it dropped meaningfully because most people would rather use the easier, safer option if it’s actually available.

The other thing that worked: being specific about what data categories can go where. “Don’t put confidential information in AI tools” is too vague to be useful. “Customer PII, financial data, and unreleased product information should only go into [list of three sanctioned tools]” is something people can actually follow.

The Detection Problem Nobody Has Solved

Even with sanctioned alternatives, detecting shadow AI usage remains genuinely hard. The traffic looks like normal HTTPS. The tools proliferate faster than security teams can blocklist them. Browser extensions and mobile apps add channels that traditional network monitoring misses entirely.

I’ve talked to the major CASB vendors about this and the honest answer is that detection is a work in progress. Some of them are doing pattern matching on prompt-like content in outbound traffic, but it’s an arms race.

For now, the best signal we have is the corporate AI tool’s own usage data plus periodic survey-based audits asking people what they actually use. The surveys are imperfect, but they’re directionally useful.

Where This Is Going

My honest expectation is that shadow AI becomes a permanent feature of the environment, the way personal email at work is. You don’t eliminate it; you manage it. The boards I talk to are starting to ask the right questions—not “have you banned shadow AI?” but “do you have visibility into what’s being used, and have you offered alternatives that reduce the highest-risk use cases?”

That feels like a more honest framing. Pretending you’ve solved this problem is worse than admitting you’re managing it.