AI Adoption Expands 'Shadow IT' in Enterprises, Report Finds
A new benchmark report from SaaS management company Torii finds that the adoption of AI tools is expanding, rather than consolidating, enterprise software usage. According to the report, 61% of enterprise applications now run as "shadow IT," operating outside of official IT oversight. This trend increases security and governance risks for large organizations.
- The Torii report indicates that large enterprises average 2,191 applications, with the average employee using 40 distinct applications. This high volume creates a complex environment where only 15.5% of applications are formally sanctioned by IT departments. - "Shadow AI" is considered a higher-risk evolution of shadow IT because AI-native tools are among the fastest-growing sources of unmanaged software. More than half of the most adopted shadow applications are AI-first tools that often bypass traditional security reviews and connect directly to corporate data via methods like OAuth. - The proliferation of unsanctioned AI tools introduces significant supply chain risks. A compromise in a single third-party AI tool, such as an AI-powered chatbot integrated with a primary platform like Salesforce, can create a ripple effect, potentially exposing sensitive data across the entire ecosystem. - In the manufacturing sector, shadow AI is particularly prevalent, with one study showing 79% of employees know of coworkers using unapproved AI tools. The same study found that 44% of these employees admitted to inputting confidential client data into such tools. - The challenge of managing AI adoption extends to on-device machine learning, where frameworks like TensorFlow Lite and Core ML enable AI to run locally. Governing these applications requires managing model optimization, data privacy on the device, and ensuring efficient use of hardware resources without cloud oversight. - To mitigate risks, experts recommend establishing a clear process for employees to request and have new AI tools vetted by IT and security. Implementing real-time alerts for when employees access high-risk or unapproved AI tools can provide necessary visibility and control. - The growth of AI is not just in user-facing applications but also in the underlying infrastructure, with 76% of companies using large language models (LLMs) opting for open-source models. This introduces another layer of supply chain risk, as over 80% of enterprise AI systems rely on at least one open-source or third-party component, with only 22% undergoing a full security review. - A key driver of shadow AI is the pressure on employees to meet deadlines and improve efficiency, leading them to adopt tools without waiting for lengthy official approval processes. This trend is amplified by the fact that 73% of employees are encouraged to use AI, yet 37% admit to not always following their company's AI policies.
