Report: AI Expands Corporate 'Shadow IT'
A 2026 benchmark report from SaaS management platform Torii finds that the proliferation of AI tools is accelerating SaaS sprawl and expanding 'shadow IT' within companies. The report concludes that AI is not consolidating software usage, but rather increasing governance risks, with an estimated 61% of applications being unmanaged by central IT departments.
- The growth of "shadow AI" is accelerating faster than traditional shadow IT, with one report finding that web traffic to generative AI sites jumped 50% between February 2024 and January 2025. This rapid, unmanaged adoption of AI tools by employees outside of official IT channels introduces significant security and compliance risks. - Data leakage is a primary risk, as employees may input sensitive information into unvetted AI applications. Between March 2023 and March 2024, the proportion of sensitive corporate data being fed into AI tools nearly tripled from 10.7% to 27.4%. This includes proprietary source code, R&D content, and confidential customer information. - The financial consequences of shadow AI are substantial, with organizations that have high levels of unmanaged AI use facing an average of $670,000 more in data breach costs. Despite this, a recent study found that 91% of employees believe the rewards of using shadow AI outweigh the risks. - To manage recommendation engines and other large-scale machine learning systems, companies like Netflix develop their own MLOps (Machine Learning Operations) platforms, such as Metaflow. These platforms centralize and automate the entire model lifecycle, from data preprocessing to deployment and monitoring, which helps control tool usage and ensure reproducibility. - Large tech companies often adopt a hybrid approach to tool governance, combining centralized oversight with decentralized execution. For example, Google's AI governance framework involves legal, IT, and business teams jointly vetting new tools before they are approved, ensuring that security and compliance are addressed before deployment. - The debate between centralized and decentralized IT structures is key to managing SaaS and AI tool sprawl. Centralized IT offers greater control, consistency, and cost savings through bulk licensing, while decentralized models provide more flexibility and speed for individual teams. - Open-source MLOps tools like Kubeflow and MLflow are common in production environments for managing complex machine learning workflows. These platforms help standardize processes for model training, versioning, and deployment, which is crucial for maintaining governance and mitigating the risks of unmanaged experimentation. - Unsanctioned AI tools increase an organization's attack surface, creating new entry points for cyber threats. Research from 2024 showed that 40% of cloud security incidents originated from unmonitored assets and shadow IT.
