Definition
Employees or teams using unauthorized AI tools (ChatGPT, Claude, Copilot, or internal AI systems) without IT approval or visibility. These tools operate outside corporate governance, security monitoring, and compliance frameworks.
Why it matters
Shadow AI creates blind spots: data may be flowing into external models without encryption, intellectual property may leak through prompts, and compliance teams have no audit trail. Yet, research shows that 5% or fewer organizations have full visibility into their shadow AI usage.