AI Tools Are Expanding 'Shadow IT,' Report Finds

- The term "shadow IT" refers to any software, hardware, or IT resource used on a company network without the approval or oversight of the IT department. This practice often arises when employees feel that officially sanctioned tools are inadequate or that the approval process is too slow. - While the Torii report highlights that 61% of enterprise software is unmanaged, the problem of shadow IT predates the current AI boom. However, the ease of access to and the capabilities of new AI-powered tools are significantly accelerating this trend. - Unmanaged software, including AI tools, increases a company's "attack surface," creating new entry points for cyber threats that are not monitored by security teams. This can lead to data breaches, compliance violations with regulations like GDPR and HIPAA, and other liabilities. - The proliferation of unmanaged AI applications contributes to "SaaS sprawl," where an organization accumulates a large number of overlapping and underutilized software subscriptions. The average enterprise now runs more than 830 applications, a number that can rise to over 2,100 for large enterprises. - This rapid, employee-led adoption of AI tools is happening in the context of a booming enterprise AI market, which is projected to grow from $24 billion in 2024 to between $150-200 billion by 2030. - Security incidents have already been reported where employees shared confidential company information, such as meeting notes and source code, with generative AI tools that were not approved by their IT departments. - In response to the growing risks, a market for SaaS Management Platforms (SMPs) and Cloud Access Security Brokers (CASBs) has emerged, offering tools to discover, manage, and secure the applications used across an organization.