.jpg)
A new report from UpGuard reveals a pervasive and challenging trend in corporate cybersecurity: the widespread use of unapproved generative AI tools, known as "Shadow AI," by employees at all levels. The "State of Shadow AI" report details that a staggering 80% of employees worldwide are using unauthorized AI applications, a concerning statistic that includes 68% of security leaders and CISOs who admit to incorporating these tools into their daily workflows, thereby exposing their organizations to significant security risks.
UpGuard's report finds 80% of employees use unapproved generative AI tools at work.
This "Shadow AI" problem extends to leadership, with 68% of CISOs admitting to usage.
Employees who receive AI safety training are more likely to use unauthorized tools.
Senior leadership is 50% more likely to use Shadow AI than other employees.
70% of employees know of sensitive data being shared with AI tools at their workplace.
The report recommends a shift from restrictive policies to guided enablement and secure, vetted tools.
The report uncovers a critical paradox in current security strategies. While 40% of employees have received AI safety training and report a better understanding of the risks, this group is also the most frequent user of unapproved tools. This correlation suggests that traditional compliance and awareness campaigns are insufficient and may even empower "AI power users" who are confident in the technology but bypass governance for productivity gains. Greg Pollock, head of Research and Insights at UpGuard, stated, "Our data shows that increased security training and literacy does not curtail increased shadow AI usage; in fact, it increases it. Organizations need to better engage with their employees about AI to channel that curiosity appropriately."
The challenge of Shadow AI is exacerbated by its prevalence across all tiers of an organization, with usage increasing alongside seniority. Senior leadership is 50% more likely to use unapproved AI than other staff. Alarmingly, 90% of security leaders and 69% of CISOs report using Shadow AI. Furthermore, the data indicates a serious exposure of sensitive information, with 70% of employees aware of sensitive data being shared with AI tools and 23% of CISOs knowing that passwords and credentials have been input into these systems.
The findings indicate that a restrictive, fear-based approach is ineffective, as 41% of employees simply find a way around blocked applications. UpGuard concludes that the solution requires a fundamental strategic pivot from restriction to guided enablement. For companies seeking a transparent and secure environment, the necessary steps are to provide greater visibility into AI usage, implement intelligent security guardrails, and offer vetted, approved tools that make the secure path the easiest one for employees to take.
About UpGuard
Founded in 2012, UpGuard is a leader in cybersecurity and risk management. The company's AI-powered platform for cyber risk posture management (CRPM), provides a centralized, actionable view of cyber risk across an organization's vendors, attack surface, and workforce. Trusted by thousands of companies, UpGuard's platform is designed to help security teams manage cyber risk with confidence and efficiency.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.