Report: AI Expands Corporate 'Shadow IT' Risks
A new report from Torii finds that AI is accelerating SaaS sprawl rather than consolidating software stacks. The 2026 benchmark report reveals that 61% of applications used within enterprises are unmanaged, significantly increasing governance and security risks from 'shadow IT'.
- Shadow IT, the use of technology without explicit IT department approval, often arises from employees seeking more efficient tools. While not always malicious, it introduces significant security vulnerabilities, such as data breaches and compliance violations, by bypassing organizational security controls. - The average enterprise now utilizes over 830 applications, with large enterprises averaging 2,191. Of these, only 15.5% are formally sanctioned by IT departments, leaving the majority in categories like "in review," "unknown," or completely unmanaged as shadow IT. - Generative AI tools are a primary driver of this new wave of shadow IT. Employees are increasingly using unsanctioned AI for tasks like summarizing documents or analyzing sensitive data, often without adequate security guarantees, which can lead to data leaks and intellectual property theft. - Unmanaged applications significantly increase the risk of non-compliance with regulations like GDPR and HIPAA. Storing sensitive information in unvetted cloud services can lead to substantial fines and reputational damage. - The proliferation of unapproved apps expands a company's potential attack surface. Each unmanaged tool represents a new possible entry point for cyberattacks, and these applications often lack timely security patches and updates, leaving them vulnerable. - Organizations that fail to centrally manage their SaaS lifecycles are projected to be five times more susceptible to cyber incidents or data loss by 2027. This is largely due to fragmented visibility and the difficulty of monitoring unapproved applications for security misconfigurations. - The financial impact of SaaS sprawl includes wasted spending on unused or underutilized licenses, which can account for up to 25% of a company's SaaS investment. Spending on AI-native SaaS applications alone saw a 108% year-over-year increase. - Torii, the company behind the report, provides a SaaS management platform designed to discover and manage all applications within an organization, including shadow IT. Its system automates the discovery process to provide visibility into application usage, spending, and potential security risks.
