A KPMG survey of more than 48 000 employees found 58% intentionally use AI at work, and a third do so weekly.
In software and IT, 97% of developers now rely on generative AI (GenAI) tools for coding, documentation and testing (arXiv).
While the returns are faster drafts, quicker analysis, and less friction between ideas and execution, the growth has outpaced formal strategies and governance, and this has given new life to shadow IT.
In 2026, driven by the ease of cloud-based services and the rise of AI tools, shadow IT is a growing, pervasive challenge that balances potential benefits like innovation and productivity with significant risks to security and compliance.
Sasha Slankamenac: Dariel architect in the office of the chief technology officer and practice lead: AI says that Shadow IT is a symptom of unmet needs.
“Shadow AI mirrors Shadow IT which leads to users filling in the gaps when official tools lag. Shadow IT is a complex cybersecurity and governance challenge. Gartner predicts that by 2027, 75% of employees will acquire or create technology outside of IT’s visibility.”
Key areas where shadow IT can flourish includes cloud-based Platform as a Service (PaaS) and Software as a Service (SaaS) usage.
“If you have an email address and password, you can easily download and use these tools outside of the organisation,” says Slankamenac.
He says Shadow AI is a significant challenge as employees increasingly use GenAI tools to process sensitive data without IT or any organisational oversight. “Simple tools like ChatGPT or Grammarly are good examples of where, and how, Shadow AI becomes a challenge and risk.”
He says that what makes this specific risk significant is the fact that as AI agents can act autonomously and reason over data, creating “non-human insider” threats. Add to this, the remote/hybrid working environment where employees make use of tools not approved by IT or the organisation, and you expand the attack surface as IT struggles to monitor or secure endpoints.
It is often the need for speed that leads someone to turn to shadow IT, according to Slankamenac: “Business agility has improved but not necessarily for the better as employees desire faster solutions and want less frustration from the perceived slow or rigid internal IT procurement processes. These people quickly prioritise getting the job done over following official procedures.
All of this contributes to growing security blind spots and makes it difficult to enforce security policies and conduct proper audits.
The pragmatic response, he says, is consolidation and containment. “Deploy approved AI gateways, host internal copilots under corporate compliance, and monitor data movement. The goal isn’t restriction but controlled access that keeps systems resilient and people capable.
“Another proposed approach is tracking usage through SaaS and DLP telemetry, evaluating security posture, and enforcing approval workflows.”
Obviously, there is a lot to be said for education and awareness. Being prescriptive is ineffective; the focus must shift towards detection, governance, and understanding the root causes.
There are tools and steps to take to aid the process, these stem from policies, streamlined procurement, collaboration and implementing zero trust architecture, which enforces strict access controls and continuous verifications.