Torii Report Finds AI Is Expanding Corporate 'Shadow IT'
A 2026 benchmark report from SaaS management platform Torii finds that the proliferation of AI tools is accelerating SaaS sprawl and expanding "shadow IT." According to the report, 61% of applications used within enterprises are unmanaged, increasing governance and security risks.
- The average enterprise runs approximately 830 applications, but only 15.5% are formally sanctioned by IT departments. This leaves a massive gap where shadow IT can thrive, often introduced by employees using personal credit cards for subscriptions, which bypasses typical procurement and review processes. - "Shadow AI" is a high-velocity evolution of this problem; more than half of the most widely adopted shadow applications are now AI-first tools. These tools often gain access to sensitive corporate data through OAuth permissions and direct integrations, bypassing traditional security controls entirely. - The financial impact of unmanaged software is significant, with Gartner estimating that 30% to 40% of IT spending in large enterprises is on shadow IT. This leads to direct costs from duplicated application licenses and inefficient spending, as individual employees or teams purchase tools that the company may already own or could acquire at a better rate. - Companies with over 10,000 employees spend an average of $264.2 million per year on SaaS applications and waste an additional $126.9 million on redundant or unnecessary tools. This uncontrolled spending directly impacts budgets and reduces funds available for strategic technology investments. - Beyond direct costs, shadow IT creates major security vulnerabilities. Unvetted applications expand a company's attack surface, and nearly 50% of cyberattacks have been found to stem from shadow IT. Breaches involving shadow data take, on average, 20.2% longer to contain. - The proliferation of unvetted AI tools introduces new compliance risks, particularly for regulated industries like finance and healthcare. Using tools that have not been reviewed for regulations like GDPR or HIPAA can lead to multi-million dollar fines and significant reputational damage. - The growing complexity and risk associated with SaaS sprawl have fueled the SaaS management market, which is projected to grow from $4.58 billion in 2025 to $9.37 billion by 2030. This highlights a clear market trend towards adopting platforms that can discover, manage, and secure the entire software ecosystem.
