Shadow AI
We've curated 80 cybersecurity statistics about Shadow AI to help you understand how unauthorized AI tools and applications are proliferating in organizations, posing unique risks and challenges in 2025.
Showing 61-80 of 80 results
16% of employees reported analyzing company data with the help of AI when using AI at work.
23% of organizations adopting AI identify Shadow AI and unapproved tools as an area where they are least prepared to address threats.
23% of organizations acknowledge inadequate preparation to address unapproved AI tools and services.
14% of organizations identify orchestration frameworks as a Shadow AI concern.
Other Shadow AI vectors, including personal accounts, third-party APIs, plugins, and local applications, each fall below 12% of organizations' concerns.
18% of organizations identify GenAI features embedded in SaaS applications as their second-highest Shadow AI concern.
49% of organizations anticipate Shadow AI incidents.
16% of organizations identify AI agents operating with user credentials as a Shadow AI concern.
21% of organizations cite standalone GenAI tools (like ChatGPT, Claude, and image generators such as Midjourney) as their primary Shadow AI concern.
16.0% of organizations expect Shadow AI management to require the most new investment in AI security over the next 12 months.
18% of companies are affected by "Shadow AI".
Over half of all current app adoption among enterprise users is estimated to be shadow AI.
Security incidents involving shadow AI led to more personally identifiable information (65%) being compromised compared to the global average (53%).
Security incidents involving shadow AI led to more intellectual property (40%) being compromised compared to the global average (33%).
Only 37% of organisations have policies to manage AI or detect shadow AI.
Organisations that used high levels of shadow AI observed an average of $670,000 in higher breach costs.
One in five organisations (which is 20%) reported a breach due to shadow AI.
90% or more of generative AI usage falls into the "shadow AI" scenario, meaning it occurs without the knowledge of central IT and information security teams.
60% of organizations lack confidence in detecting unregulated AI deployments (shadow AI).
47% cannot secure shadow AI usage in their organization.