Why shadow AI is emerging
Imagine you’re an employee under pressure, deadlines stacking up, repetitive tasks piling higher by the day. You find a free AI tool online that promises to automate the work in seconds; no approvals are needed. It feels like a simple win, paste in some data, write a quick prompt, and move faster.
But in that moment, something changed.
Sensitive customer information is entered into a tool your organization doesn’t monitor, doesn’t govern, and can’t see and suddenly, that data is no longer where it should be, and no one knows where it’s gone.
This is the reality of Shadow AI: employees using unsanctioned AI tools to move faster, while unintentionally creating risk that exists entirely outside visibility and control.
This is not just a one off case, research across businesses indicate that nearly half of employees report using unsanctioned AI tools, often prioritizing speed and productivity over security. Additionally, 51% of employees report connecting AI tools to work systems or apps without IT approval, creating significant operational risk where the average cost of security incidents in organizations with a high level of shadow AI usage can reach $670k.
While shadow AI is often top of mind for security professionals, it is just one component of how AI use can increase risk. Understanding and managing shadow AI use should be considered as part of a broader, comprehensive risk management strategy that aims to secure AI systems, including human and agent identities, interactions, human-AI partnerships, and behaviors operating across the digital enterprise from visibility and governance through detection, response, and recovery.
Effective risk management calls for a layered and interdisciplinary strategy. It requires addressing issues across governance and visibility; identity, access and agent control, data security and privacy, secure MLOps / LLMOps, runtime security, behavior-based detection, autonomous response and recovery.
This blog explores a specific governance and visibility use case linked to shadow AI and reveals the challenges it presents as well as the defensive strategies that security teams can adopt.
Why shadow AI is hard to detect
When it comes to AI, what organizations can easily see does not always reflect the full scope of AI activity occurring within the tools, applications, and workflows used across an enterprise. As a result, organizations using traditional rule-based methods to flag unusual activity may struggle to distinguish unsanctioned AI usage from legitimate operational behavior, particularly as SaaS applications, APIs, and orchestration layers increasingly have AI embedded into normal business workflows. Identifying threats using previously observed intelligence or depending on hard to maintain allow and block lists does not provide a dynamic enough strategy to manage risk. Also, many organizations are focusing on identifying Shadow AI in their governed infrastructure, like gateways, endpoints, or SASE, which is foundational. But, organizations require visibility and Shadow AI detection across all networked infrastructure from on-prem, hybrid, data centers, and cloud infrastructure that may not have endpoint agent visibility. This uncovers the utilization of MCP, data flows, and autonomous agents across these domains.
For example, employees interact with AI assistants across approved SaaS platforms every day. However, browser extensions and other types of plug-ins can route prompts that include enterprise data to embedded AI services in ways that are not visible to the security team. AI enabled workflows may invoke multiple APIs, orchestration layers, and cloud services behind the scenes, making it difficult for traditional security tooling to determine where data is processed, stored, or retransmitted. Because much of this activity occurs within trusted browser sessions and encrypted SaaS traffic, conventional network monitoring, DLP, and application allowlisting controls often lack the context needed to accurately identify or govern these interactions
Identifying AI tools in the environment is one part of the equation. Understanding the behavior surrounding their use is where the real challenge lies. An AI application is not inherently risky, but the way users or other assets interact with it may be. Sensitive data exposure, abnormal access patterns, and misuse of AI-assisted workflows often appear legitimate in isolation and only become visible through behavioral analysis across the broader environment.
What Shadow AI visibility does and doesn’t show
Comprehensive Shadow AI visibility allows organizations to answer several important questions:
- What types of AI are we using? What AI platforms, agents, MCP clients/servers, and services are active across the enterprise?
- Who is using AI services? Which users, business units, or systems are interacting with those AI services?
- Is our data safe? Is sensitive or regulated data being exposed through prompts, workflows, or integrations?
- Are AI systems behaving as expected? Are AI systems behaving anomalously or operating outside approved governance processes?
- Are our AI systems under attack? Is an attacker attempting to manipulate prompts, influence agent behavior, or abuse AI-enabled workflows?
Answering these questions is foundational to broader AI governance efforts. However, it is limited to helping teams understand initial interactions and fails to offer insight into dependencies and outcomes that are critical to securing AI across an enterprise.
Deeper visibility that includes the ability to understand dependencies and outcomes are not always available in AI security point products. Answering the questions below requires understanding runtime behavior and operational outcomes:
- What actions did the AI interaction trigger?
- What systems, applications, or data did it access? Did the AI operate beyond its intended permissions or scope?
- Could a low-risk interaction lead to high-risk outcomes?
- What is the risk and context understanding of an anomalous activity to assist in prioritization of analysis and autonomous response action?
The distinction between these two sets of questions offers two different layers of AI security. The first set of questions focuses on discovery and interaction visibility. The second set focuses on providing visibility that includes the context and outcomes that are critical for managing follow-on risks associated with obfuscated downstream activities.
Together, these layers help organizations move beyond simply identifying AI usage toward understanding how AI behaves operationally across the enterprise.
How organizations are addressing shadow AI
Most organizations still approach shadow AI as an application control problem, relying on policies, browser restrictions, and allow/block lists. However, AI adoption is evolving faster than most governance processes can realistically keep pace with. New assistants, plugins, and embedded AI features appear continuously, creating pressure to enable business productivity while simultaneously containing risk.
Existing governance processes were designed for a more traditional SaaS adoption cycle, where new applications could be reviewed, approved, and monitored over longer time horizons. AI adoption operates differently. New capabilities can appear overnight inside existing platforms employees already use, making it difficult for security and governance teams to maintain an accurate understanding of enterprise AI exposure. This means that many organizations are experiencing significant operational overhead, particularly in large environments where AI usage is decentralized across teams, departments, and third-party services.
Where should organizations start when securing their AI systems?
Shadow AI identification is an on-going critical component for AI Risk/Governance Boards as well as security organizations. As organizations seek AI certifications like ISO 42001 AI Management Systems, visibility into all AI adoption from enterprise use to custom innovation and development is crucial. Shadow AI identification provides organizations with the visibility needed to decide whether an AI tool should be brought into governed environments to reduce data loss (DLP) risks or whether policies should be established and enforced to restrict their use.
As organizations rapidly innovate and adopt AI, they are taking on more and more risk. Organizations need to have a strategy in place to mitigate the assumed risk, especially with third-party adoption. Visibility, monitoring, governance enforcement, behavioral-based detection of non-deterministic systems, and autonomous investigation and containment becomes critical to mitigating the risk of AI systems.
How Darktrace secures AI and shadow AI
Attackers are using AI to move faster, scale tactics, and make threats more adaptive and convincing. Internally, organizations are grappling with new forms of risk created by generative AI, autonomous agents, shadow AI, and increasingly complex digital environments.
Darktrace helps organizations protect both people and AI in a world where AI is now central to how business gets done. Darktrace / SECURE AI helps organizations discover and control shadow AI by surfacing unsanctioned or unexpected AI activity where it appears – including MCP detections, distinguishing misuse of legitimate tools and unapproved services, and applying policy to contain data exposure while guiding users toward sanctioned options.
Stay up to date on AI security
Sign up for the Secure AI Readiness Program here: This gives you exclusive access to the latest news on the latest AI threats, updates on emerging approaches shaping AI security, and insights into the latest innovations, including Darktrace’s ongoing work in this area.
Ready to talk with a Darktrace expert on securing AI? Register here to receive practical guidance on the AI risks that matter most to your business, paired with clarity on where to focus first across governance, visibility, risk reduction, and long-term readiness.
.jpg)