16% of organizations identify AI agents operating with user credentials as a Shadow AI concern.

16.0% of organizations expect Shadow AI management to require the most new investment in AI security over the next 12 months.

14% of organizations identify orchestration frameworks as a Shadow AI concern.

49% of organizations anticipate Shadow AI incidents.

21% of organizations cite standalone GenAI tools (like ChatGPT, Claude, and image generators such as Midjourney) as their primary Shadow AI concern.

Other Shadow AI vectors, including personal accounts, third-party APIs, plugins, and local applications, each fall below 12% of organizations' concerns.

23% of organizations adopting AI identify Shadow AI and unapproved tools as an area where they are least prepared to address threats.

23% of organizations acknowledge inadequate preparation to address unapproved AI tools and services.

18% of organizations identify GenAI features embedded in SaaS applications as their second-highest Shadow AI concern.

18% of companies are affected by "Shadow AI".

Over half of all current app adoption among enterprise users is estimated to be shadow AI.

Only 37% of organisations have policies to manage AI or detect shadow AI.

Organisations that used high levels of shadow AI observed an average of $670,000 in higher breach costs.

Security incidents involving shadow AI led to more intellectual property (40%) being compromised compared to the global average (33%).

One in five organisations (which is 20%) reported a breach due to shadow AI.

Security incidents involving shadow AI led to more personally identifiable information (65%) being compromised compared to the global average (53%).

90% or more of generative AI usage falls into the "shadow AI" scenario, meaning it occurs without the knowledge of central IT and information security teams.

60% of organizations lack confidence in detecting unregulated AI deployments (shadow AI).

47% cannot secure shadow AI usage in their organization.