If you have been paying attention to Shadow AI Is quietly making, you already know this was coming. We keep talking about AI as the future of cyber defence. What we are not talking about enough is AI as the uninvited third party in the breach.
IBM’s latest Cost of a Data Breach report makes that uncomfortable reading. One in five organisations now experience a cyberattack directly tied to “shadow AI” unapproved, ungoverned tools staff are spinning up without IT knowing. When those breaches hit, the average cost jumps by $670,000. That is not a rounding error. That is the difference between a bad quarter and a board-level crisis.
The most common on-ramp for attackers is supply chain compromise. Hackers reach AI platforms through third-party apps, APIs, and plug-ins that nobody has reviewed. Once inside, 60 percent of cases spilled into additional data stores. Thirty-one percent disrupted critical operations. The AI tool that was supposed to make people faster became the shortcut into the network.
What makes this worse is how employees are already using these tools on the front line. Harmonic Security analysed thousands of prompts across Copilot, ChatGPT, Gemini, Claude, and Perplexity. It found that 8.5 percent of prompts included sensitive enterprise data. Customer records, employee files, legal and finance documents, source code, security test results. All of it fed into a model that may train on it, expose it through prompt injection, or hand it to a third party through a plug-in most security teams have never seen.
The governance numbers are worse than the usage numbers. IBM found that 63 percent of breached organisations had no formal AI governance policy at all. Among those that did, fewer than half had an approval process for new AI deployments, 62 percent lacked access controls, and only 34 percent regularly scanned for the tools their staff were actually using. This is not a failure of policy documents. It is a failure of visibility.
And attackers are already weaponising AI separately. Sixteen percent of breaches involved attacker use of AI, mostly AI-generated phishing and deepfake impersonation. Generative AI cut phishing creation time from sixteen hours to five minutes. That speed advantage belongs to the people who do not have your best interests at heart.
Here is the practical part. If your organisation uses AI in any form, do three things this month. First, audit what tools are already in use. You will be shocked by the list. Second, block any tool that trains on user input unless leadership has explicitly approved it. Third, treat AI outputs as untrusted by default. Any data that goes into a prompt should be treated as already exposed. That mindset shift alone changes how your people operate.
Blocking adoption entirely is not the answer. But blind adoption is worse. The companies that come out of this phase intact are the ones that treat AI like any other critical system: inventory it, control it, monitor it. Shadow IT is not new. Shadow AI is just more dangerous because the people using it think they are being productive.
Utilizing AI for the sake of using AI is destined to fail. If it is not serving an established need, it will lose support when budgets are eventually cut or reappropriated. — Kris Bondi, CEO, Mimoto