Report: AI Expands Corporate 'Shadow IT' Risks

- "Shadow IT" refers to the use of any hardware, software, or service without the knowledge or approval of the company's IT department; common examples include using personal Google Drive accounts for work files, or using unauthorized messaging apps like WhatsApp or project management tools like Trello. - The Torii report highlights the scale of this issue, finding that large enterprises run an average of 2,191 distinct applications, while the average employee interacts with 40 different apps. - More than half of the most widely adopted shadow applications discovered in corporate environments are now AI-first tools, which often connect directly to company data through instant integrations. - This practice introduces significant security risks, including data leakage and a widened attack surface for cybercriminals, as unvetted tools may lack necessary security controls and are not monitored for threats by security teams. - Unmanaged applications can also lead to serious compliance and governance violations regarding regulations like GDPR and HIPAA, as sensitive data may be stored or processed in non-compliant ways. - The rise of "Shadow AI," specifically, presents new risks; when employees input sensitive internal information into public generative AI models, that data can be stored indefinitely on external systems, creating a permanent, unsecured data trail. - Gartner predicts that by 2027, 75% of employees will acquire, modify, or create technology outside of IT's visibility, a significant increase from 41% in 2022. - Beyond security, shadow IT also creates financial risks, including wasted spending on redundant applications and inefficient resource allocation when IT departments lack a centralized view of all software in use.