June 30, 2026 By Tim Rice Strategy

Shadow IT used to mean the marketing team expensing a SaaS tool the security team never vetted. Shadow AI is that problem with a sharper edge. It is the AI features your existing vendors turned on without a review, and the AI tools your employees paste sensitive data into every day. The difference matters, because AI does not just store your data. It processes it, sends it to third-party models, and sometimes learns from it. And most of it is running right now with no owner, no assessment, and no policy behind it.

The numbers make the scale hard to ignore. IBM's 2025 Cost of a Data Breach Report found that shadow AI was a factor in 20 percent of the breaches it studied, that breaches involving shadow AI cost about 670,000 dollars more on average than those without it, and that 97 percent of organizations breached through AI lacked proper AI access controls. This is not a hypothetical governance gap. It is already showing up in incident data.

Two Kinds of Shadow AI

It helps to separate the problem into two categories, because they require different responses.

The first is employee-introduced AI, sometimes called bring-your-own-AI. Microsoft and LinkedIn's 2024 Work Trend Index, based on a survey of 31,000 people across 31 countries, found that 75 percent of knowledge workers were already using AI at work and that 78 percent of AI users were bringing their own tools rather than waiting for a sanctioned option. People are not being reckless. They are being productive faster than governance can keep up. But every prompt into an unapproved tool is a potential disclosure of company data to a third party nobody assessed.

The second, and the one most relevant to third-party risk, is vendor-introduced AI. This is the AI your existing SaaS providers add to products you already use. BetterCloud's research found that the average company runs on the order of 100 SaaS applications, and reported that a majority of enterprise SaaS products now ship with embedded AI features. Productiv's analysis has found that roughly half of enterprise SaaS applications are effectively unmanaged, with no owner tracking their security or compliance. Put those together and the picture is clear: a large share of your software has quietly gained AI capabilities, and a large share of your software has no one watching it. The overlap is your shadow AI exposure.

Why Governance Keeps Losing the Race

The gap between adoption and governance is not a rumor. It is measured. ISACA's 2025 research found that while 83 percent of organizations believe their employees are using AI, only 31 percent have a formal, comprehensive AI policy. The Cloud Security Alliance, in a study with Google Cloud released in December 2025, found that only 26 percent of organizations had comprehensive AI security governance policies in place, with most others still developing them.

The reason is structural. AI features arrive through the release-note channel, not the procurement channel. A vendor pushes an update, a toggle flips to on, and there is no purchase order, no new contract, and no trigger for a security review. The governance process was built to catch new vendors at the front door. Shadow AI comes in through a window that was already open. LinkedIn switching on a generative-AI data setting by default in 2024, and Zoom and Slack facing backlash over default data-use terms, are all versions of the same dynamic: the feature ships enabled, and the burden of noticing falls on the customer.

The default-on trap: The most dangerous shadow AI is not the tool an employee sneaks in. It is the feature your trusted vendor enables by default in a product you already approved. It inherits the trust you granted the original product, even though the data processing is brand new. Assume that any vendor in your portfolio may have added AI since your last review, and make "did this vendor add AI?" a standing question rather than a one-time check.

Building an AI Vendor Register

You cannot govern what you have not written down. The foundation of shadow AI governance is an inventory, and the good news is that you almost certainly already have a vendor inventory to extend. The move is to add an AI lens to it.

Start by adding a small set of attributes to every vendor record: whether the product uses AI, what kind of AI and which underlying model providers, what data the AI touches, whether the AI can be disabled, and whether the vendor uses your data for training. That last question is the one that turns a benign feature into a disclosure risk. From there, tier your AI vendors the way you tier the rest of your portfolio, by the sensitivity of the data involved and the criticality of the use case, and assess the highest-risk ones first.

Attribute to capture Why it matters
AI in use, and type Distinguishes a search-ranking model from a generative feature that sends data to an external LLM
Underlying model providers Reveals the fourth-party dependency behind the feature and where data is processed
Data the AI can access Determines whether regulated or confidential data is exposed to the AI pipeline
Default state and off switch Tells you whether the AI is opt-in or opt-out, and whether you can turn it off
Training on your data The single highest-signal question for undisclosed data disclosure risk

Discovering the AI you cannot see

An inventory is only as good as your ability to populate it, and much shadow AI hides inside shadow SaaS: unsanctioned apps, or ordinary apps with new AI features, that never went through intake. Discovery tooling closes that gap. FairTPRM v2.6.2 integrates with Grip Security and Hero Security to surface unmanaged SaaS and the identities using it, lets teams onboard those apps into the full vendor lifecycle, and, for organizations running Zscaler, block unapproved apps directly from within the platform. The mechanics of that discover, onboard, and enforce workflow are covered in Shadow SaaS and TPRM, and it is the fastest way to turn "we think vendors added AI" into a concrete, governed list.

Assess, Contract, and Frame It in a Standard

An inventory tells you where the AI is. Assessment tells you whether it is safe. Extend your vendor questionnaire with AI-specific questions: default state, ability to disable, model subprocessors, data retention, whether your data trains any model, and what testing the vendor has done for prompt injection and data leakage. This is the natural evolution of the argument that a questionnaire alone is not enough, applied to a new class of risk. Ask for evidence, not just attestations, and treat missing answers as findings.

Where the risk is material, move the protections into the contract. Require notice before new AI processing, a durable right to disable, and a clear prohibition on training with your data without consent. Then anchor the whole program in a recognized framework so it is defensible and repeatable. The NIST AI Risk Management Framework gives you the operational vocabulary of govern, map, measure, and manage, and its supply-chain guidance maps directly to vendor AI. The ISO/IEC 42001 standard gives you a certifiable management-system benchmark you can ask vendors to meet. Using both lets you assess vendors against the same yardstick you hold yourself to.

Practical First Moves

TPRM Lesson Learned: Shadow AI is the AI in your environment that no one formally chose. Some of it your employees brought in, and much of it your vendors switched on in products you already trusted. The breach data shows it is already costing organizations real money, and the governance data shows most programs have not caught up. The fix is not exotic: extend the vendor inventory with an AI lens, tier and assess AI vendors by data sensitivity, move key protections into contracts, and anchor the program in the NIST AI RMF and ISO 42001 so it holds up. Platforms like Fair TPRM let teams tag and tier vendors by AI exposure and run AI-specific assessments in the standard workflow, turning shadow AI into governed AI before it turns into an incident.

Protect Your Organization from Third-Party Risk

Fair TPRM is a free, open-source platform for vendor risk management, GRC compliance, and FAIR risk quantification.

Free Demo Download Source

Sources & References

  1. Cost of a Data Breach Report 2025 (shadow AI findings) - IBM, July 30, 2025
  2. 2024 Work Trend Index: AI at Work Is Here - Microsoft and LinkedIn, May 8, 2024
  3. State of SaaS: SaaS application and AI statistics - BetterCloud, 2025
  4. State of SaaS 2024: app sprawl and unmanaged apps - Productiv, 2024
  5. AI Use Is Outpacing Policy and Governance - ISACA, 2025
  6. Governance Maturity Is the Strongest Predictor of AI Readiness - Cloud Security Alliance and Google Cloud, December 18, 2025
  7. AI Risk Management Framework (AI RMF 1.0) - National Institute of Standards and Technology