Teramind’s Shadow AI Behavior Report finds 67% of enterprise AI usage runs through unmanaged personal accounts on corporate-licensed platforms
Companies are sacrificing security to implement AI tools that prioritize speed according to a new report released by Teramind, the global leader in insider risk management, data loss prevention, and AI governance. The company announced its findings from The Shadow AI Behavior Report, released by Teramind’s Research & Intelligence Team from 300 C-level executives in security, and third-party data from IBM Cost of a Data Breach 2025, Gartner 2025.
Also Read: CIO Influence Interview with Hugo Dozois-Caouette, CTO and Co-founder at MaintainX
“The companies succeeding with AI governance aren’t necessarily the ones with the strictest policies. They’re the ones with the clearest understanding of how AI is actually being used across their workforce.” — Gal Perl, Chief Product Officer at Teramind
The research reveals a clear disconnect at the top with 69% of C-suite leaders prioritizing speed over security when using AI tools, compared to just 37% of frontline employees. This suggests many organizations are struggling to enforce AI governance consistently, particularly among the leaders setting the policies. Teramind’s analysis further highlights the scale of the issue, finding that 67% of enterprise AI usage occurs through unmanaged personal accounts on corporate devices, including on platforms organizations licensed and paid for.
Among the report’s key findings:
- 86% of organizations have no visibility into how data moves to and from AI tools
- 45% of employees find workarounds when AI tools are restricted
- 48% of employees say they would continue using AI even if it were explicitly banned
- 60% of employees say the productivity benefits of unsanctioned AI outweigh the security risks when deadlines are involved
- 62% of Gen Z employees are actively hiding their AI use at work
The implications expand well beyond policy violations. As AI usage moves outside organizational visibility, companies continue to face increased exposure. This includes data loss, compliance failures, insider threats, and other security threats that can originate from trusted users operating inside of approved systems.
“The conversation around AI governance has largely focused on employees using unauthorized tools, but our research suggests the problem runs much deeper,” said Gal Perl, Chief Product Officer at Teramind. “When leadership teams prioritize speed over security, it becomes significantly harder to build a culture of accountability around AI use.”
The report also challenges a common assumption behind many AI governance programs: that the primary risk comes from rogue AI applications. Teramind found that the majority of enterprise AI activity occurs through approved platforms being used in ways organizations cannot effectively monitor or govern. The result is a growing governance gap where organizations trust the tools they have approved but cannot see how they are actually being used.
“Organizations don’t have a shadow AI problem as much as they have a visibility problem,” said Perl. “You can’t govern what you can’t see. The companies succeeding with AI governance aren’t necessarily the ones with the strictest policies. They’re the ones with the clearest understanding of how AI is actually being used across their workforce.”
The report outlines several characteristics common among organizations with more mature AI governance programs, including greater visibility into AI usage, stronger accountability measures, clearer policies, and consistent enforcement across all levels of the organization.
Catch more CIO Insights: What Does “Job-Ready” Really Mean in IT and Cybersecurity?
[To share your insights with us, please write to psen@itechseries.com ]
