AI Adoption Expands Corporate 'Shadow IT'
A new benchmark report from Torii finds that AI adoption is accelerating SaaS sprawl rather than consolidating software stacks. According to the 2026 report, 61% of applications now constitute unmanaged 'shadow IT.' This trend is increasing governance and security risks for enterprises as employees independently adopt new AI tools.
- The average large enterprise runs 2,191 applications, while the average employee directly interacts with 40. Of all applications discovered in enterprise environments, only 15.5% are formally sanctioned by IT departments. - "Shadow AI" is considered a higher-risk evolution of shadow IT because AI-native tools often bypass procurement and security reviews entirely. More than half of the most common shadow applications are AI-first tools that can connect directly to corporate data through methods like OAuth. - The rise of shadow IT is a significant driver of IT spending, with some estimates attributing 30-40% of IT spending in large enterprises to unmanaged software and services. This can lead to redundant application functions and an estimated 25-40% overspending on software licenses annually. - A primary driver for employees using unapproved apps is the perception that sanctioned tools do not meet their needs, a trend accelerated by the shift to remote work. In many cases, employees are simply unaware of existing, approved tools that could serve their purpose or that their preferred tools create security gaps. - Unmanaged SaaS applications significantly increase an organization's vulnerability to cyber threats, as they may not adhere to security protocols or receive necessary patches. One in five organizations has reported suffering a cyber attack specifically due to shadow IT. - The use of unsanctioned AI tools introduces distinct data governance challenges, including the potential for biased outputs from models trained on skewed data and a lack of transparency into how "black box" AI models make decisions. - Unmanaged applications create compliance risks with regulations like GDPR and HIPAA, as the use of unsanctioned tools can lead to non-compliance and significant fines. - Forrester's 2024 predictions indicate that 60% of employees will use their own AI tools at work, often without IT approval. This trend persists even as corporate budgets for AI platforms are expected to triple, suggesting that official investment alone won't control the use of unauthorized AI.
