The rise of AI tools in the workplace is already a reality, but in parallel with this phenomenon, a new problem is emerging: shadow AI, or the unauthorised use of artificial intelligence tools by employees. According to a recent report by ManageEngine, up to 93% of employees in the US and Canada are using AI without the permission of the IT department, often processing company data and confidential information in these tools. This phenomenon is not only out of control, but also sheds new light on how organisations need to approach AI management.
Growing use – and diverging perceptions
The report shows that 60% of employees are using non-approved AI tools more often than a year ago. For many, generative AI has become the new standard for productivity: it is used to summarise memos (55%), brainstorm (55%) or analyse data (47%). The problem is that most of these activities take place outside the knowledge and control of IT departments.
Interestingly, there is a clear split in threat perception. While 63% of IT decision-makers are concerned about data leakage, as many as 91% of employees do not perceive shadow AI as a significant threat – or think the risk is worth the potential benefits. This shows not only a lack of understanding of the risks, but also a communication deficit between IT departments and business users.
Gaps that are growing faster than AI
Shadow AI is not the result of bad will – it is the result of a lack of a proper organisational framework. As many as 85% of IT leaders admit that employees deploy new tools faster than IT teams can validate and evaluate them. Added to this is the data: 32% of employees have entered confidential customer data into AI tools, and 37% have entered internal organisational information.
Even more worrying are the technical issues. 53% of IT leaders believe that employee use of private devices for AI tasks creates serious security blind spots for organisations. While 91% of organisations say they have AI management policies in place, only 54% actually enforce them and monitor unauthorised use. This is a gap that directly encourages the development of shadow AI.
AI as an unauthorised ‘operating system’ of work
In the absence of a centrally controlled policy, employees create their own working environments based on available AI tools, often outside the company’s infrastructure. Text generators (73%), writing tools (60%) and code assistants (59%) are the most commonly endorsed tools – but in practice the list of applications used is much wider. This begs the question: has AI already become the informal operating system for many knowledge workers?
Organisations that ignore this phenomenon risk not only data security, but also loss of control over business processes. This is because Shadow AI acts like unauthorised automation – it speeds up operations, but outside the company’s knowledge and consent.
From shadow AI to strategic tool
Instead of trying to eliminate shadow AI altogether, organisations should aim to turn it into an advantage. The condition is to create an ecosystem that is secure, transparent and supportive of employee initiatives. ManageEngine points to several recommendations:
- Integration of validated AI tools into existing applications and workflows (63% of ITDM),
- Implement clear, practical rules for the use of AI (60%),
- Creating a list of approved tools for different roles and teams (55%).
From an employee perspective, the key issues are fair policies (66%), access to useful tools (63%) and better education about risks (60%). This signals that end users not only want to use AI, but expect the company to equip them with safe and useful resources.
The new role of the IT department
In this scenario, the role of the IT department is no longer defensive. It is no longer just about ‘putting out fires’, but about co-creating AI policies within the company – with real employee needs and business goals in mind. Proactive AI management is not just about monitoring, but above all about listening empathetically to how AI tools support daily work.
From a management perspective, shadow AI may be the most important indicator of innovation – because it shows where the organisation is not keeping up with employee expectations. Where AI policy and employee practice diverge, there is room for transformation.
AI: privilege or obligation?
The report’s conclusions are clear: artificial intelligence is already present in every major organisation – the question is not “if?”, but “how?”. Shadow AI shows that employees are ready to use the new tools – even without the support of the IT department. Organisations that can channel this impulse appropriately can gain not only in productivity, but also in security and strategic advantage.
Because today it is not the lack of AI that is the problem. The problem is AI remaining in the shadows.
