AI Tools Fueling 'Shadow IT' Expansion
A new benchmark report from SaaS management platform Torii finds that the proliferation of AI tools is accelerating SaaS sprawl and expanding "shadow IT" within enterprises. The report states that 61% of applications are unmanaged, increasing governance and security risks as employees adopt new AI services outside of official IT channels.
- The issue of "Shadow IT" extends beyond software, with Gartner estimating that 30% to 40% of IT spending in large enterprises is dedicated to it. This spending is increasingly driven by employees expensing AI tools directly. - The adoption of unapproved AI is widespread, with one 2024 report finding that 78% of AI users bring their own tools to work, often due to a lack of official guidance or approved alternatives from their employers. This creates significant risk, as employees may input sensitive data like proprietary source code or strategic plans into unsecured, third-party generative AI models. - This trend has given rise to the term "Shadow AI," which introduces more complex risks than traditional Shadow IT. Unlike static software, AI models can learn from the data they process, meaning confidential company information could be used to train public models and potentially be exposed in responses to other users' queries. - For ML engineering teams, shadow AI creates significant infrastructure challenges, particularly within Kubernetes environments. Unmanaged AI workloads can lead to GPU waste and resource contention, with one survey indicating that 83% of companies report idle or only moderately utilized GPUs. This directly impacts the cost and efficiency of training and inference. - Without centralized orchestration for AI workloads, teams often face a steep learning curve in managing CUDA drivers, device plugins, and workload scheduling. This can result in queued jobs waiting for resources while other GPUs sit idle, creating performance bottlenecks that slow down the entire ML development lifecycle. - Enterprise AI search companies like Glean, Hebbia, and Cohere aim to counteract shadow IT by providing a secure, centralized platform for knowledge discovery. Their strategy is to offer a superior, integrated experience that respects data permissions across all connected enterprise apps, reducing the incentive for employees to use unvetted external tools. - Hebbia and Cohere emphasize enterprise-grade security and flexible deployment options, including on-premises and virtual private cloud, to give companies maximum control over their data and mitigate the risks associated with cloud-based AI tools. - The proliferation of unvetted AI tools creates new attack vectors. Attackers who compromise developer environments can exfiltrate sensitive data by using the organization's own unmonitored AI integrations, making the theft appear as routine AI API calls.
