Shadow AI in the Enterprise: Why One Vendor Now Carries More Than Half the Risk

What Is Shadow AI?

Shadow AI is employee use of AI tools that IT never approved or reviewed. That covers personal chatbot accounts, coding assistants, browser extensions, and AI features quietly added to software the company already trusts.

It matters now because of where the exposure concentrates. A 2025 analysis by Reco.ai found that OpenAI accounts for 53% of all tracked shadow AI usage across enterprises. That is more usage than the next nine platforms combined. Pair that concentration with how much of this activity sits outside IT’s view, and shadow AI stops being a minor inconvenience and becomes a board-level risk.

Key Takeaways

• OpenAI accounts for 53% of all tracked shadow AI usage. That concentration creates a single point of failure for over half of enterprise AI risk (Reco.ai, 2025).
• An estimated 70% of enterprise AI activity now runs outside formal IT oversight (Lenovo, 2026).
• Giving employees an approved alternative cut unauthorized AI use by up to 89%.
• Banning AI tools does not stop usage. Nearly half of employees keep using personal accounts anyway, just out of IT’s sight (Vectra).
• The average enterprise logs 223 AI-related policy violations a month, more than any single monitoring tool can catch alone (Netskope, 2026).

The Hidden Single-Vendor Risk

Much of shadow AI risk does not come from hundreds of scattered tools. It comes from heavy reliance on one provider.

Reco.ai’s 2025 State of Shadow AI Report found that OpenAI alone processes data from over 10,000 enterprise users across the organizations studied, generating more shadow AI traffic than the next nine platforms combined.

That concentration creates a single point of failure. One outage, policy change, or breach at OpenAI can disrupt AI-dependent workflows across many unrelated business units at once, workflows the company never approved or planned around in the first place.

The risk is not only technical. OpenAI’s own leadership has shown how unstable a single vendor can be. In November 2023, OpenAI’s board removed chief executive Sam Altman with almost no public explanation. Within days, nearly all of OpenAI’s employees signed a letter threatening to resign unless he returned, Microsoft moved to hire Altman directly, and the company reinstated him five days later under a new board chaired by former Salesforce co-chief executive Bret Taylor. A company that more than half of enterprise shadow AI usage runs through had, for several days, no settled leadership at all.

The tools themselves often add to the problem. The same Reco.ai report found that three of the ten common shadow AI applications failed basic security checks, missing encryption, multi-factor authentication, or audit logging entirely. Popularity is not a security signal. A tool used by thousands of employees can still have none of the controls a company would require from an approved vendor.

A newer layer is starting to add to this risk: autonomous AI agents that act without a human typing each prompt. Early detection research treats agentic AI as the next expansion of shadow AI risk, since an agent can take actions and move data with no single moment where a person decides to share something.

Why Is Shadow AI Growing Inside Companies?

Shadow AI is growing because employees can get AI tools faster than companies can approve and roll them out. Six factors drive this:

• Company AI rollout is slow. AI use among knowledge workers nearly doubled in six months, but 60% of leaders say their company still lacks a clear AI plan (Microsoft).
• Free AI tools are one click away. Web traffic to AI sites jumped 50% in a year, and 80% of that access happens through a normal browser, with no approval needed (Menlo Security, 2025).
• Employees hide their own AI use. 52% are reluctant to admit using AI for important tasks, and 53% worry it makes them look replaceable (Microsoft). Both make people less likely to tell IT.
• Training has not caught up. Only 39% of employees who use AI at work say their employer trained them on it (Microsoft).
• AI skills are now a hiring filter, so employees teach themselves with whatever tool is available.
• AI features now arrive inside tools that are already approved, through routine vendor updates, so no new review ever happens.

How Is Employee AI Use Changing Inside Enterprises?

AI use has spread from a few pilot teams to almost every function, mostly through individual choice, not IT rollout.

Tool density varies by company size but does not disappear at scale. Reco.ai’s data shows about 269 unsanctioned AI tools per 1,000 employees at firms with 11 to 50 staff, compared with around 200 per 1,000 at mid-sized firms of 500 to 1,000 employees. The gap between a 50-person company and a 1,000-person company, in other words, is far smaller than headcount alone would suggest.

A growing share of this is invisible to normal controls. Lenovo’s 2026 research puts enterprise AI activity running outside IT oversight at 70%, much of it through AI features quietly added to existing software rather than standalone apps employees had to seek out.

This pattern is not unique to private companies. Governments have started reacting the same way to specific tools they consider high risk. In early 2025, the Chinese AI company DeepSeek triggered government bans across South Korea, Australia, and Taiwan, all citing data security concerns about where user information was processed. Italy’s data protection authority blocked the tool entirely for the same reason. On the corporate side, Japan’s Toyota banned employees from using DeepSeek soon after, alongside South Korean firms including Samsung Electronics and LG Electronics. The reasoning matched the logic behind enterprise shadow AI policy generally: a tool was already in wide use before anyone had reviewed where the data was going.

What Are the Key Shadow AI Insights for Enterprise Leaders?

• The visibility gap is structural, not just careless behavior. Only about 9% of organizations have a working AI governance system, even though a third of executives believe their own tracking is comprehensive (Deloitte). That is roughly a threefold gap between belief and reality.
• One vendor carries much of the risk. Over half of tracked shadow AI use runs through OpenAI alone (Reco.ai). One incident there can disrupt AI workflows across many unrelated teams at once.
• Popular does not mean secure. Several widely used shadow AI tools fail basic security checks, including no encryption, no multi-factor authentication, and no audit logging, despite thousands of enterprise users relying on them daily (Reco.ai).
• Bans reduce visibility, not usage. Close to half of employees keep using personal AI accounts after a ban. The activity just moves further out of IT’s sight (Vectra).
• Approved alternatives are the one fix that has actually been measured. One healthcare-sector survey found unauthorized AI use dropped 89% once employees got a sanctioned tool that met their needs.
• Shadow AI carries a measurable cost premium. IBM’s 2025 Cost of a Data Breach Report found breaches involving heavy shadow AI use averaged $670,000 more than the broader breach average.
• It increasingly hides inside tools that are already approved. AI features added through routine vendor updates skip the usual security review entirely, so blocklists and software inventories miss them.
• No single monitoring tool catches it all. Real detection needs to combine network, SaaS, endpoint, browser, and identity signals. The average company sees 223 AI-related policy violations a month (Netskope), too many for one tool alone.
• Regulation now requires companies to know what AI they are running. The EU AI Act’s transparency and risk-classification rules only work if a company can list its AI systems, something many still cannot do.
• Autonomous agents are the next expansion of this risk. AI agents that act on their own, without a person typing each request, remove the one moment where a human currently decides whether to share something, a gap many governance programs have not addressed yet.

What Are the Main Risks of Shadow AI?

The five main risks are data leakage, compliance failure, IP exposure, visibility gaps, and security blind spots.

Data leakage. Prompts sent to consumer AI tools can include customer records, source code, or financial data, often stored outside any control the company set up.

Compliance issues. Laws like the EU AI Act assume a company can identify which AI systems touch regulated data. Shadow AI breaks that assumption by design, since no one logs the activity in the first place.

IP exposure. Source code, designs, and strategy documents pasted into AI tools may be used for training or retained by the provider, depending on account type. The risk is compounded by tool quality: several widely used unsanctioned AI apps lack the encryption or access controls a company would normally require before granting any vendor access to its data.

Visibility gaps. Many companies cannot list which AI tools are in use, by whom, or with what data. 69% of organizations suspect or have proof that employees use banned AI tools (Gartner), but suspicion is not the same as knowing.

Security blind spots. AI features inside approved software, browser-based tools, and personal accounts on work devices all sit outside normal application whitelisting and network monitoring, even at companies with mature security programs.

How Are Companies Responding to Shadow AI?

Many companies are now building governance and approved alternatives instead of relying on bans. Five moves show up repeatedly:

• Build a full AI inventory, covering every tool in use, approved or not, including AI features baked into existing software. This is also now required for AI Act compliance.
• Use tiered tool rules (fully approved, limited use, or banned) instead of one blanket ban, so employees have a real decision to make instead of a flat no.
• Roll out approved alternatives, such as ChatGPT Enterprise, Claude for Enterprise, Microsoft Copilot, and Gemini for Workspace, which add admin controls and audit logs that consumer versions lack.
• Monitor across layers, including network, SaaS, endpoint, browser, and identity, since no single point catches everything.
• Treat this as ongoing, not annual. New AI features show up inside existing software all the time, not on a yearly review cycle.

The pattern across all of this: bans alone have not reduced usage in the data above. They have mainly reduced what IT can see.

What’s Next for Shadow AI?

Shadow AI is now a real line item in breach costs, audits, and regulatory risk, not a future problem. Employee AI use is outpacing company governance, and that gap will not close on its own, especially as the risk shifts from individual tool use toward autonomous AI agents acting with even less oversight. Companies that build a real AI inventory, offer approved tools, and monitor continuously are the ones narrowing the gap. Companies that rely on policy documents and bans, without asking why employees reach for unapproved tools in the first place, will likely keep seeing the same pattern repeat.