Shadow AI Just Made Your Next Data Breach $670,000 More Expensive

Last week I finished reading two back-to-back reports that should make every business leader sit up straight. IBM’s 2025 Cost of a Data Breach report and Verizon’s latest Data Breach Investigations Report both point to the same uncomfortable truth: unmanaged AI in the workplace is no longer a privacy footnote. It is now a direct line to more expensive, more frequent breaches.

Let me give you the numbers that stopped me mid-sip of coffee.

The raw numbers

IBM surveyed 600 organisations that suffered breaches between March 2024 and February 2025. One in five said the breach started because of security issues with shadow AI, unapproved AI tools deployed without IT oversight. Those breaches cost an average of $670,000 more than breaches at firms with little or no shadow AI exposure.

That is a headline figure. But the detail underneath is worse. While only 13 percent of organisations reported breaches involving AI tools, 97 percent of those organisations lacked proper AI access controls. The attacks were not sophisticated nation-state operations. They were supply-chain intrusions via compromised apps, APIs, and plug-ins connected to AI platforms.

Verizon’s numbers back this up with a structural shift I have not seen in previous years. For the first time in 19 years, vulnerability exploitation has overtaken stolen credentials as the top data breach entry point, accounting for 31 percent of breaches. Verizon explicitly links this to AI-assisted vulnerability discovery and exploitation.

Critically, defenders are not keeping pace. Only 26 percent of vulnerabilities found in 2025 were fully remediated, down from 38 percent in 2024. Attackers are using AI to find and exploit holes faster than organisations can patch them.

Shadow AI is the new shadow IT

Shadow AI is now the third most common non-malicious breach-related activity in Verizon’s data, jumping from 15 percent to 45 percent year-on-year. Employees pasting confidential documents into consumer AI assistants. Teams deploying internal chatbots without security review. Developers granting AI tools access to code repositories.

This is not a theoretical risk. IBM found that once attackers penetrated an AI platform, they compromised additional data stores in 60 percent of cases and caused operational disruption in 31 percent.

The governance gap is glaring. Sixty-three percent of companies that experienced a breach said they did not have an AI governance policy. Even among those with policies, fewer than half had an approval process for AI deployments, and 62 percent failed to implement strong access controls.

Only 34 percent of organisations with AI governance policies regularly scan their networks for sanctioned tools. In other words, most companies have no idea what AI tools their workforce is actually using.

What to do about it

The practical steps here are straightforward, which makes the gap between knowing and doing even more frustrating.

First, map your AI surface. Find out what tools are in use, who deployed them, and what data they can reach. This is not a technology problem. It is an inventory problem.

Second, apply zero-trust principles to AI tools just as you would to any other business application. Network segmentation, strong authentication, least-privilege access. Basic hygiene, not advanced wizardry.

Third, treat AI governance like any other security policy. Make it living documentation with regular audits, not a PDF that gets filed after the board signs off.

Attacker use of AI is also accelerating. IBM found that 16 percent of data breaches now involve attackers using AI, most commonly for AI-generated phishing and deepfake impersonation. Generative AI has cut the time to write a convincing phishing email from 16 hours to five minutes. We are not just defending our own AI mistakes. We are defending against AI-powered attacks at the same time.

“Fighting AI with AI” is Verizon CISO Nazrin Rezai’s exact phrase, and she is right in principle. Organizations need AI-assisted detection and response to keep pace with AI-assisted attacks. But detection without governance is just reacting faster to preventable incidents.

The organisations that will weather this period best are the ones that combine strong AI governance with AI-powered defence. Not the ones that adopt every new tool first and ask questions later.

Related Reading

Subscribe

Related articles

Anthropic Restarts Fable After U.S. Lifts Export Controls

Eighteen days after export controls pulled Fable 5 offline, Anthropic has reopened access under tighter filters and a U.S. pre-release commitment that may define how frontier models are rolled out going forward.

Anthropic’s Sonnet 5 Arrives as Fable 5 Returns to the US

Anthropic launched Sonnet 5, its newest mid-tier model, hours before the US lifted export controls on Fable 5 and Mythos 5. The timing raises questions about whether Sonnet 5 was designed as a stopgap for users locked out of more capable models.

Microsoft Just Patched 206 Vulnerabilities in One Day. Most Organisations Won’t Patch Fast Enough.

A record-breaking Patch Tuesday shows attackers are scaling with AI. If your patching process still relies on monthly reminders, you are already behind.

Meta’s Brain2Qwerty v2 Turns Brain Scans Into Full Sentences

Meta has upgraded its non-invasive brain-computer interface to decode full sentences from brain scans with accuracy now approaching surgical systems, and it has open-sourced the code.