The study also shows 8 out of 10 employees use unauthorized AI, eroding corporate trust
UpGuard, a leader in cybersecurity and risk management, released its new “State of Shadow AI” report. The report details the widespread use of unapproved generative AI tools, or “Shadow AI,” by employees in the workplace. Data shows that employees worldwide are actively bypassing corporate governance at all levels, with a staggering 8 out of 10 employees using unauthorized AI tools. This widespread non-compliance extends all the way to the topโ68% of security leaders, including CISOs, admit to incorporating unauthorized AI into their daily workflows. This is of increasing concern for organizations as employees expose their companies to greater security risks.
The report also highlights a critical AI security paradox. Despite 40% of employees reporting that they received AI safety training and have a better understanding of the risks, they are also the ones who use unapproved tools most frequently. This correlation suggests that compliance and security awareness campaigns need to evolve to accommodate employees’ increasing drive for productivity and confidence in new technology.
“Shadow AI has triggered a challenge in maintaining trust between employer and employee,” saidย Greg Pollock, head of Research and Insights at UpGuard.ย “Our data shows that increased security training and literacy does not curtail increased shadow AI usage; in fact, it increases it. Organizations need to better engage with their employees about AI to channel that curiosity appropriately.”
Also Read:ย CIO Influence Interview with Jim Dolce, CEO of Lookout
Who Is Bypassing Controls and at What Level?
UpGuard’s research indicates that traditional security awareness methods are not effective against curtailing unapproved AI usage, and instead, are enabling “AI power users.” The paradox is further aggravated by seniority, with Shadow AI usage increasing alongside managerial authority; senior leadership across the organization is 50% more likely to use shadow AI.
The report finds that:
- A surprising 90% of security leaders themselves report using unapproved AI tools at work, with 69% of CISOs incorporating them into their daily workflows.
- 27% of workers trust AI more than their managers or colleagues for reliable information, further highlighting the growing divide of non-compliance between employees and corporate authority.
- 23% of CISOs know that passwords and other credentials are being shared with AI tools within their company, indicating that organizations are becoming increasingly exposed by the minute.
- Furthermore, while 52% of employees are familiar with their company’s AI usage policy, 70% know of sensitive data shared with AI tools at their workplace
Guiding Enablement into the Future
Unauthorized AI usage in the workplace will continue to rise unless reinforced governance is implemented. It is clear that the problem cannot be solved by blocking applications, as 41% of employees find a way around it.
For companies keen on creating a transparent environment, a strategic necessity is a shift from a fear-based approach of restriction to one of guided enablement. This new pivot must address the next steps: providing visibility, implementing intelligent guardrails, and offering vetted tools to make the secure path the path of least resistance.
Catch more CIO Insights:ย The Password Paradox: Why Human Psychology Makes Us Our Own Worst Enemy
[To share your insights with us as part of editorial or sponsored content, please write toย ughosh@itechseries.com]
