Shadow AI: A Fatal Flaw for Most Organizations

Learn more about ManageEngine

"Shadow AI represents both the greatest governance risk and the biggest strategic opportunity in the enterprise," said Ramprakash Ramamoorthy, Director of AI Research at ManageEngine. "Organizations that will thrive are those that address the security threats and reframe shadow AI as a strategic indicator of genuine business needs. IT leaders must shift from playing defense to proactively building transparent, collaborative, and secure AI ecosystems that employees feel empowered to use."

The Shadow AI Surge in Enterprises: Insights from the US and Canadian Workplace, a report from ManageEngine based on a survey of IT decision makers (ITDMs) and business employees, investigates the rise of shadow AI — unauthorized AI tools used for work — and identifies critical gaps that organizations need to close if they want to reduce the risks of shadow AI and turn it into a strategic advantage.

The rise: 60% of employees are using unapproved AI tools more than they were a year ago, and 93% of employees admit to inputting information into AI tools without approval.

The risks: 63% of ITDMs see data leakage or exposure as the primary risk of shadow AI. Conversely, 91% of employees think shadow AI poses no risk, not much risk, or some risk that's outweighed by reward.

The rewards: Summarizing notes or calls (55%), brainstorming (55%), and analyzing data or reports (47%) are the top tasks employees complete with shadow AI. Generative AI text tools (73%), AI writing tools (60%), and code assistants (59%) are the top AI tools ITDMs have approved for employee use.

Identifying the Shadow AI Gaps

To turn the use of shadow AI from a liability into a strategic advantage, IT leaders need to close the gaps in education, visibility, and governance revealed by the report. Specifically, a lack of education around AI model training, safe user behavior, and organizational impact is driving systematic misuse. Blind spots continue to grow in organizations, even as IT teams move to approve and integrate AI tools as quickly as possible. Meanwhile, shadow AI proliferates due to inadequate enforcement of established governance policies.

  • 85% of ITDMs report that employees are adopting AI tools faster than their IT teams can assess them.
  • 32% of employees entered confidential client data into AI tools without confirming company approval, while 37% entered private, internal company data.
  • 53% of ITDMs say employees' use of personal devices for work-related AI tasks is creating a blind spot in their organization's security posture.
  • Only 54% of ITDMs report their organizations have implemented clear, enforced AI governance policies and actively monitor for unauthorized use, while 91% have implemented policies overall.

Pivoting to Proactive AI Management

Proactively managing AI means harnessing employee initiative while maintaining security. It delivers the business value discovered in shadow AI but does so via AI tools that are approved by IT. To that end, ITDMs and employees make several strategic recommendations in the report.

  • 63% of ITDMs advise integrating approved AI tools into standard workflows and business applications, 60% suggest implementing clear policies on acceptable AI use, and 55% suggest establishing a list of vetted and approved tools.
  • 66% of employees recommend setting clear policies that are fair and practical, 63% recommend providing official tools that are relevant to their tasks, and 60% advise providing better education on understanding the risks.

"Shadow AI is a fatal flaw for most organizations," said Sathish Sagayaraj Joseph, regional technical head at ManageEngine. "IT teams can't manage risk they can't see — and they can't enable business value that users won't divulge. Proactive AI management unites IT and business professionals in their pursuit of common, organizational goals. That means employees are equipped to understand and avoid AI-related risks, and IT is empowered to help them use AI in ways that drive real business outcomes."

Survey Methodology: In May 2025, ManageEngine commissioned independent market research agency Censuswide to conduct a study of 350 ITDMs and 350 working professionals across the US and Canada, employed in organizations with at least 500 employees and $10M in annual revenue. The survey explored AI usage patterns, security concerns, and governance gaps, with a focus on real-world behaviors across organizations of varying sizes and industries.

Related Links

Hot Topics

The Latest

How Intelligent Orchestration Enables Enterprises to Move from AI POC to AI Production

Across the enterprise technology landscape, a quiet crisis is playing out. Organizations have run hundreds, sometimes thousands, of generative AI pilots. Leadership has celebrated the proof of concept (POCs) ... Industry experience points to a sobering reality: only 5-10% of AI POCs that progress to the pilot stage successfully reach scaled production. The remaining 90% fail because the enterprise environment around them was never ready to absorb them, not the AI models ...

Reliability Is the New Bottleneck of Innovation

Today's modern systems are not what they once were. Organizations now rely on distributed systems, event-driven workflows, hybrid and multi-cloud environments and continuous delivery pipelines. While each adds flexibility, it also introduces new, often invisible failures. Development speed is no longer the primary bottleneck of innovation. Reliability is ...

5 Takeaways from the Observability Forecast for Retail and eCommerce

Seeing is believing, or in this case, seeing is understanding, according to New Relic's 2025 Observability Forecast for Retail and eCommerce report. Retailers who want to provide exceptional customer experiences while improving IT operations efficiency are leaning on observability ... Here are five key takeaways from the report ...

Maximizing Impact Amid Constraints: The Role of Automation and Orchestration in Federal IT Modernization

Technology leaders across the federal landscape are facing, and will continue to face, an uphill battle when it comes to fortifying their digital environments against hostile and persistent threat actors. On one hand, they are being asked to push digital transformation ... On the other hand, they are facing the fiscal uncertainty of continuing resolutions (CR) and government shutdowns looming near and far. In the face of these challenges, CIOs, CTOs, and CISOs must figure out how to modernize legacy systems and infrastructure while doing more with less and still defending against external and internal threats ...

The SRE Report 2026: Reliability Is Being Redefined

Reliability is no longer proven by uptime alone, according to the The SRE Report 2026 from LogicMonitor. In the AI era, it is experienced through speed, consistency, and user trust, and increasingly judged by business impact. As digital services grow more complex and AI systems move into production, traditional monitoring approaches are struggling to keep pace, increasing the need for AI-first observability that spans applications, infrastructure, and the Internet ...

The Hidden Data Engineering Work Required to Make Enterprise AI Viable

If AI is the engine of a modern organization, then data engineering is the road system beneath it. You can build the most powerful engine in the world, but without paved roads, traffic signals, and bridges that can support its weight, it will stall. In many enterprises, the engine is ready. The roads are not ...

Why AI Is the Differentiator for Operationally Resilient Organizations

In the world of digital-first business, there is no tolerance for service outages. Businesses know that outages are the quickest way to lose money and customers. For smaller organizations, unplanned downtime could even force the business to close ... A new study from PagerDuty, The State of AI-First Operations, reveals that companies actively incorporating AI into operations now view operational resilience as a growth driver rather than a cost center. But how are they achieving it? ...

Escaping Pilot Purgatory: How AI Becomes an Operational Advantage

In live financial environments, capital markets software cannot pause for rebuilds. New capabilities are introduced as stacked technology layers to meet evolving demands while systems remain active, data keeps moving, and controls stay intact. AI is no exception, and its opportunities are significant: accelerated decision cycles, compressed manual workflows, and more effective operations across complex environments. The constraint isn't the models themselves, but the architectural environments they enter ...

Closing the Gap in Modern Tech and the Tools Meant to Monitor Them

Like most digital transformation shifts, organizations often prioritize productivity and leave security and observability to keep pace. This usually translates to both the mass implementation of new technology and fragmented monitoring and observability (M&O) tooling. In the era of AI and varied cloud architecture, a disparate observability function can be dangerous. IT teams will lack a complete picture of their IT environment, making it harder to diagnose issues while slowing down mean time to resolve (MTTR). In fact, according to recent data from the SolarWinds State of Monitoring & Observability Report, 77% of IT personnel said the lack of visibility across their on-prem and cloud architecture was an issue ...

MEAN TIME TO INSIGHT Podcast - Episode 23: NetOps Labor Shortage

In MEAN TIME TO INSIGHT Episode 23, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses the NetOps labor shortage ... 

Shadow AI: A Fatal Flaw for Most Organizations

Learn more about ManageEngine

"Shadow AI represents both the greatest governance risk and the biggest strategic opportunity in the enterprise," said Ramprakash Ramamoorthy, Director of AI Research at ManageEngine. "Organizations that will thrive are those that address the security threats and reframe shadow AI as a strategic indicator of genuine business needs. IT leaders must shift from playing defense to proactively building transparent, collaborative, and secure AI ecosystems that employees feel empowered to use."

The Shadow AI Surge in Enterprises: Insights from the US and Canadian Workplace, a report from ManageEngine based on a survey of IT decision makers (ITDMs) and business employees, investigates the rise of shadow AI — unauthorized AI tools used for work — and identifies critical gaps that organizations need to close if they want to reduce the risks of shadow AI and turn it into a strategic advantage.

The rise: 60% of employees are using unapproved AI tools more than they were a year ago, and 93% of employees admit to inputting information into AI tools without approval.

The risks: 63% of ITDMs see data leakage or exposure as the primary risk of shadow AI. Conversely, 91% of employees think shadow AI poses no risk, not much risk, or some risk that's outweighed by reward.

The rewards: Summarizing notes or calls (55%), brainstorming (55%), and analyzing data or reports (47%) are the top tasks employees complete with shadow AI. Generative AI text tools (73%), AI writing tools (60%), and code assistants (59%) are the top AI tools ITDMs have approved for employee use.

Identifying the Shadow AI Gaps

To turn the use of shadow AI from a liability into a strategic advantage, IT leaders need to close the gaps in education, visibility, and governance revealed by the report. Specifically, a lack of education around AI model training, safe user behavior, and organizational impact is driving systematic misuse. Blind spots continue to grow in organizations, even as IT teams move to approve and integrate AI tools as quickly as possible. Meanwhile, shadow AI proliferates due to inadequate enforcement of established governance policies.

  • 85% of ITDMs report that employees are adopting AI tools faster than their IT teams can assess them.
  • 32% of employees entered confidential client data into AI tools without confirming company approval, while 37% entered private, internal company data.
  • 53% of ITDMs say employees' use of personal devices for work-related AI tasks is creating a blind spot in their organization's security posture.
  • Only 54% of ITDMs report their organizations have implemented clear, enforced AI governance policies and actively monitor for unauthorized use, while 91% have implemented policies overall.

Pivoting to Proactive AI Management

Proactively managing AI means harnessing employee initiative while maintaining security. It delivers the business value discovered in shadow AI but does so via AI tools that are approved by IT. To that end, ITDMs and employees make several strategic recommendations in the report.

  • 63% of ITDMs advise integrating approved AI tools into standard workflows and business applications, 60% suggest implementing clear policies on acceptable AI use, and 55% suggest establishing a list of vetted and approved tools.
  • 66% of employees recommend setting clear policies that are fair and practical, 63% recommend providing official tools that are relevant to their tasks, and 60% advise providing better education on understanding the risks.

"Shadow AI is a fatal flaw for most organizations," said Sathish Sagayaraj Joseph, regional technical head at ManageEngine. "IT teams can't manage risk they can't see — and they can't enable business value that users won't divulge. Proactive AI management unites IT and business professionals in their pursuit of common, organizational goals. That means employees are equipped to understand and avoid AI-related risks, and IT is empowered to help them use AI in ways that drive real business outcomes."

Survey Methodology: In May 2025, ManageEngine commissioned independent market research agency Censuswide to conduct a study of 350 ITDMs and 350 working professionals across the US and Canada, employed in organizations with at least 500 employees and $10M in annual revenue. The survey explored AI usage patterns, security concerns, and governance gaps, with a focus on real-world behaviors across organizations of varying sizes and industries.

Related Links

Hot Topics

The Latest

How Intelligent Orchestration Enables Enterprises to Move from AI POC to AI Production

Across the enterprise technology landscape, a quiet crisis is playing out. Organizations have run hundreds, sometimes thousands, of generative AI pilots. Leadership has celebrated the proof of concept (POCs) ... Industry experience points to a sobering reality: only 5-10% of AI POCs that progress to the pilot stage successfully reach scaled production. The remaining 90% fail because the enterprise environment around them was never ready to absorb them, not the AI models ...

Reliability Is the New Bottleneck of Innovation

Today's modern systems are not what they once were. Organizations now rely on distributed systems, event-driven workflows, hybrid and multi-cloud environments and continuous delivery pipelines. While each adds flexibility, it also introduces new, often invisible failures. Development speed is no longer the primary bottleneck of innovation. Reliability is ...

5 Takeaways from the Observability Forecast for Retail and eCommerce

Seeing is believing, or in this case, seeing is understanding, according to New Relic's 2025 Observability Forecast for Retail and eCommerce report. Retailers who want to provide exceptional customer experiences while improving IT operations efficiency are leaning on observability ... Here are five key takeaways from the report ...

Maximizing Impact Amid Constraints: The Role of Automation and Orchestration in Federal IT Modernization

Technology leaders across the federal landscape are facing, and will continue to face, an uphill battle when it comes to fortifying their digital environments against hostile and persistent threat actors. On one hand, they are being asked to push digital transformation ... On the other hand, they are facing the fiscal uncertainty of continuing resolutions (CR) and government shutdowns looming near and far. In the face of these challenges, CIOs, CTOs, and CISOs must figure out how to modernize legacy systems and infrastructure while doing more with less and still defending against external and internal threats ...

The SRE Report 2026: Reliability Is Being Redefined

Reliability is no longer proven by uptime alone, according to the The SRE Report 2026 from LogicMonitor. In the AI era, it is experienced through speed, consistency, and user trust, and increasingly judged by business impact. As digital services grow more complex and AI systems move into production, traditional monitoring approaches are struggling to keep pace, increasing the need for AI-first observability that spans applications, infrastructure, and the Internet ...

The Hidden Data Engineering Work Required to Make Enterprise AI Viable

If AI is the engine of a modern organization, then data engineering is the road system beneath it. You can build the most powerful engine in the world, but without paved roads, traffic signals, and bridges that can support its weight, it will stall. In many enterprises, the engine is ready. The roads are not ...

Why AI Is the Differentiator for Operationally Resilient Organizations

In the world of digital-first business, there is no tolerance for service outages. Businesses know that outages are the quickest way to lose money and customers. For smaller organizations, unplanned downtime could even force the business to close ... A new study from PagerDuty, The State of AI-First Operations, reveals that companies actively incorporating AI into operations now view operational resilience as a growth driver rather than a cost center. But how are they achieving it? ...

Escaping Pilot Purgatory: How AI Becomes an Operational Advantage

In live financial environments, capital markets software cannot pause for rebuilds. New capabilities are introduced as stacked technology layers to meet evolving demands while systems remain active, data keeps moving, and controls stay intact. AI is no exception, and its opportunities are significant: accelerated decision cycles, compressed manual workflows, and more effective operations across complex environments. The constraint isn't the models themselves, but the architectural environments they enter ...

Closing the Gap in Modern Tech and the Tools Meant to Monitor Them

Like most digital transformation shifts, organizations often prioritize productivity and leave security and observability to keep pace. This usually translates to both the mass implementation of new technology and fragmented monitoring and observability (M&O) tooling. In the era of AI and varied cloud architecture, a disparate observability function can be dangerous. IT teams will lack a complete picture of their IT environment, making it harder to diagnose issues while slowing down mean time to resolve (MTTR). In fact, according to recent data from the SolarWinds State of Monitoring & Observability Report, 77% of IT personnel said the lack of visibility across their on-prem and cloud architecture was an issue ...

MEAN TIME TO INSIGHT Podcast - Episode 23: NetOps Labor Shortage

In MEAN TIME TO INSIGHT Episode 23, Shamus McGillicuddy, VP of Research, Network Infrastructure and Operations, at EMA discusses the NetOps labor shortage ...