Report: AI Proliferation Is Expanding Corporate 'Shadow IT'
What happened
A new benchmark report from SaaS management platform Torii finds that the adoption of AI tools is accelerating SaaS sprawl rather than consolidating it. The report concludes that 61% of applications inside enterprises are unmanaged "shadow IT," a trend exacerbated by employees independently adopting AI services. This expansion increases governance and security risks for corporations.
Why it matters
- Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of their IT department's visibility, a significant increase from 41% in 2022. - The financial impact is substantial, with shadow IT accounting for an estimated 30% to 40% of all IT spending within large enterprises. - This trend is often driven by employees seeking efficiency, with 38% citing slow response times from their IT department and 61% being dissatisfied with company-provided technology. - The rise of "Shadow AI" presents unique risks, as employees may paste sensitive or proprietary company data into public generative AI models, where it can be stored and used externally. - Security breaches are a major consequence; in one case, a LockBit ransomware attack penetrated a victim's network in just four hours by exploiting a forgotten remote desktop tool that was part of the company's shadow IT. - Spending on AI-native SaaS applications surged 108% year-over-year, highlighting the rapid and often ungoverned adoption rate of these specific tools. - Unsanctioned applications and AI agents expand a company's digital attack surface, creating unmonitored entry points for attackers and increasing the risk of non-compliance with regulations like GDPR and HIPAA. - The Torii report's methodology captures a more complete picture of SaaS adoption by analyzing real-world usage across browser activity, direct sign-ups, and OAuth connections, rather than just relying on official contracts or single sign-on (SSO) integrations.
Key numbers
- The report concludes that 61% of applications inside enterprises are unmanaged "shadow IT," a trend exacerbated by employees independently adopting AI services.
- - Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of their IT department's visibility, a significant increase from 41% in 2022.
- The financial impact is substantial, with shadow IT accounting for an estimated 30% to 40% of all IT spending within large enterprises.
- This trend is often driven by employees seeking efficiency, with 38% citing slow response times from their IT department and 61% being dissatisfied with company-provided technology.
What happens next
- Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of their IT department's visibility, a significant increase from 41% in 2022.
- The rise of "Shadow AI" presents unique risks, as employees may paste sensitive or proprietary company data into public generative AI models, where it can be stored and used externally.
- Unsanctioned applications and AI agents expand a company's digital attack surface, creating unmonitored entry points for attackers and increasing the risk of non-compliance with regulations like GDPR and HIPAA.
Quick answers
What happened in Report: AI Proliferation Is Expanding Corporate 'Shadow IT'?
A new benchmark report from SaaS management platform Torii finds that the adoption of AI tools is accelerating SaaS sprawl rather than consolidating it. The report concludes that 61% of applications inside enterprises are unmanaged "shadow IT," a trend exacerbated by employees independently adopting AI services. This expansion increases governance and security risks for corporations.
Why does Report: AI Proliferation Is Expanding Corporate 'Shadow IT' matter?
Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of their IT department's visibility, a significant increase from 41% in 2022. The financial impact is substantial, with shadow IT accounting for an estimated 30% to 40% of all IT spending within large enterprises. This trend is often driven by employees seeking efficiency, with 38% citing slow response times from their IT department and 61% being dissatisfied with company-provided technology. The rise of "Shadow AI" presents unique risks, as employees may paste sensitive or proprietary company data into public generative AI models, where it can be stored and used externally. Security breaches are a major consequence; in one case, a LockBit ransomware attack penetrated a victim's network in just four hours by exploiting a forgotten remote desktop tool that was part of the company's shadow IT. Spending on AI-native SaaS applications surged 108% year-over-year, highlighting the rapid and often ungoverned adoption rate of these specific tools. Unsanctioned applications and AI agents expand a company's digital attack surface, creating unmonitored entry points for attackers and increasing the risk of non-compliance with regulations like GDPR and HIPAA. The Torii report's methodology captures a more complete picture of SaaS adoption by analyzing real-world usage across browser activity, direct sign-ups, and OAuth connections, rather than just relying on official contracts or single sign-on (SSO) integrations.
