The Shadow AI Systems Running Your Company

"We used to have shadow IT. Now we have the idea of shadow AI. People are just using all kinds of models without any governance." - Tushar Katarki, Head of Product, Red Hat AI PlatformsAcross large organisations, AI adoption is already happening outside official systems. More than 80% of employees now use unapproved AI tools at work, often without the knowledge or oversight of IT teams, according to UpGuard's 2025 State of Shadow AI Report.

That activity is largely invisible. When employees use external generative AI services, organisations lose visibility into how data is processed, where it is stored, and which models are being used.

In practice, sensitive data is already flowing into these systems. Reports show that 77% of employees share company data with tools like ChatGPT, including internal documents, customer information, and proprietary code.

The pattern extends across functions. In healthcare systems, usage logs show AI tools being accessed across departments, including by clinicians operating in sensitive environments.

“We used to have shadow IT. Now we have the idea of shadow AI. People are just using all kinds of models without any governance,” says Tushar Katarki, Head of Product, Red Hat AI Platforms, in a conversation with AIM Media House.

Shadow AI is widespread, unsanctioned, and largely untracked. The default response has been to restrict it. But the data shows that the approach fails. Nearly half of employees continue using personal AI tools even after bans are introduced.

The Case Against Bans

Shadow AI restrictions don’t work. Nearly half of employees would continue using personal AI tools even after explicit prohibitions. About 68% of CISOs use unauthorised AI themselves. The tools are much too accessible, useful, and frictionless compared to the glacial pace of corporate procurement.

Joseph Izzo, Chief Medical Information Officer at San Joaquin General Hospital, is already seeing the consequences inside clinical environments. Speaking at the RSAC 2026 Conference, he described how healthcare professionals use AI tools for dosing support, medical searches, clinical summaries, and billing workflows.

Much of this activity happens outside approved systems. Clinicians often rely on personal devices and unvetted tools. They use public large language models, creating visibility gaps for security teams. This increases the risk that sensitive patient data enters unmanaged environments.

The behaviour is not driven by policy evasion. It is driven by workload pressure. Healthcare professionals adopt these tools to manage their caseload and improve efficiency in settings where time directly affects patient care. Speaking to AIM Media House, Izzo noted that clinicians are not trying to bypass controls. “They want to be more efficient,” he said.

That creates a problem that organisations cannot ignore. Security teams cannot monitor or manage systems they cannot see. Yet, employees are already integrating AI into core workflows.

Building Visibility, Not Just Walls

The conversation needs to shift from restriction to infrastructure. Katarki explains the gap between experimentation and production. “What does production mean? It means I need to provide accountability,” he explains.

“That accountability could be everything from SLAs that I guarantee, to governance, from hallucinations to what I would call intentional or unintentional fallout from these AI systems. Then there is auditability. I need to be able to audit root cause problems. And I need to have control. What action can I take in response to that? That’s usually what differentiates what’s in experimentation and what’s in production.”

The implication is straightforward. You cannot have production AI without visibility into all AI—authorised and otherwise. You cannot have accountability without knowing what’s actually deployed. And you cannot have control without first understanding what you’re trying to control.

This moves shadow AI from a compliance problem to an infrastructure problem. It requires building systems that allow organisations to learn at the speed their employees are already moving.

The Scope of Unauthorised Use

The problem extends beyond shadow AI tools. Unauthorised adoption exists at multiple layers. Yage Zhang is a researcher at CISPA studying unauthorised API usage. She audited deployments across academic institutions and enterprise environments. Nearly 190 research papers relied on third-party endpoints that weren’t official versions. Nearly half of these failed basic model fingerprint verification, meaning the researchers had no reliable way to confirm what they were actually using.

This is a different problem from employees using ChatGPT, but it reveals the same underlying pattern. When people need tools, and official tools are unavailable or too slow, they find alternatives. They don't wait for permission.

Speaking to AIM Media House about her findings, Zhang described the implications, “Shadow APIs aren’t just a risk management problem. They’re actively shaping what gets adopted. The core issue is that users treat shadow APIs as interchangeable with official ones, but our evidence shows significant performance divergence. So it’s both: they influence adoption by lowering access barriers, and they introduce risks that most teams aren’t equipped to detect.”

The result is the same whether employees use ChatGPT or researchers use unknown API endpoints. Organisations lose visibility. They cannot monitor or govern what they do not know exists. Security teams work blind. And the systems shaping actual decisions in the organisation remain invisible to leadership.

Building the Response

Organisations that acknowledge shadow AI as a demand signal face a choice. They can restrict it or formalise it. The ones succeeding are formalising it.

At Shopify, 25% of the company uses Scout. This is an internal AI automation tool that handles over 1,000 tool calls per day. It wasn’t built by specialists in an innovation lab. Instead, the Product Support Network team built it, with people from customer success and sales backgrounds. The tool emerged because the frontline demand was clear.

Healthcare systems are following the same pattern. Izzo saw clinicians using shadow AI tools out of necessity. They faced pressure from heavy workloads and the need for quick decisions in time-sensitive environments. Instead of enforcing bans, health systems are beginning to create official pathways that meet that demand.

“In practice, ‘Shadow AI’ is often a signal that the workforce has an unmet need and will adopt tools that are fast, useful, and fit naturally into workflow. Our approach is not to ignore that demand, but to bring it above the surface,” Girish N Nadkarni, the Chief AI Officer at Mount Sinai Health System, explains to AIM Media House.

“The OpenEvidence partnership is a good example: we created an enterprise path with the right privacy, security, governance, and workflow integration. That lets us respond to frontline demand while ensuring adoption happens in a safe, secure, and institutionally accountable way.”

Treating shadow AI as a signal of unmet need rather than a compliance failure changes what organisations build and how they build it.

What Organisations Choose Now

The central tension most CIOs are grappling with is real. Katarki explained the shift in his thinking. “A year ago, I would have said, ‘Let it be a bit wild west,’” he said. “But we’ve reached a point where this is increasingly important. The question isn’t control or innovation. It’s how do you do both?”

Organisations can build visibility in two ways. The first approach is to suppress shadow AI through monitoring, enforcement, and compliance-first policies. The second approach is to learn from it by understanding where demand actually sits, building tools that meet those needs, and creating governance around intentional deployment.

The difference compounds over time. Organisations that rely solely on restrictions often struggle with visibility, as employees continue using shadow tools. Those who treat shadow AI as a signal and build formal alternatives gain both visibility and speed.