Shadow AI: 80% of Employees Use Ungoverned Tools

Eighty percent of employees are using unapproved generative AI tools at work. This is happening while only 12% of companies have a formal AI governance policy in place. Here's the thing: employees are running these shadow AI tools faster than security programs can review them. This creates a significant identity-management challenge. Many of these tools connect to corporate data through OAuth tokens or browser sessions, completely bypassing traditional network security. For example, OAuth connections give third-party AI tools read or write access to platforms like Google Workspace or Microsoft 365. Browser extensions also run AI features client-side, making them invisible to endpoint management tools. Even AI features within approved suites like Microsoft Copilot introduce new, unapproved data flows. The bottom line is that the traditional network-monitoring approach doesn't address these issues, leaving corporate data exposed. This matters because it highlights a critical and growing security gap for businesses.