Report: AI Tools Accelerate 'Shadow IT' Growth

- The average organization now manages approximately 830 distinct software applications, a figure that rises to 2,191 for large enterprises. - "Shadow IT" refers to any software, hardware, or IT resource used on a company network without the IT department's knowledge or approval. Common examples include communication apps like Slack and WhatsApp, cloud storage such as Dropbox and Google Drive, and project management tools like Trello or Asana. - Employees often turn to shadow IT to bypass lengthy official approval processes or because they find unsanctioned tools more effective for their tasks. However, this practice creates significant security vulnerabilities and blind spots, as the IT department cannot monitor or manage these assets. - The financial impact of SaaS sprawl is substantial, with organizations overspending by an average of 25-30% annually on unused or underutilized software licenses. For companies with over 10,000 employees, this can amount to more than $126 million in wasted spending per year. - Generative AI tools have become a major driver of shadow IT, with one report finding 77% of employees paste company data into AI prompts, often using unmanaged personal accounts. In one high-profile case, Samsung employees inadvertently leaked confidential source code and internal meeting notes to ChatGPT. - Beyond employees adopting new AI tools, existing sanctioned software vendors are rapidly embedding AI features into their products. This "AI sprawl" adds another layer of complexity, as these new capabilities can be activated without direct IT oversight, creating new data pathways and potential security risks. - The uncontrolled flow of data into unsanctioned applications makes it significantly more difficult for companies to comply with regulations such as the Sarbanes-Oxley Act (SOX), the Gramm-Leach-Bliley Act (GLBA), and various data protection frameworks.