Back to blog
    Shadow AI: The $19.5M Enterprise Risk Your Security Team Can't See
    shadow-aienterprise-securitydata-leakagecomplianceon-premisesegment:enterprise

    Shadow AI: The $19.5M Enterprise Risk Your Security Team Can't See

    77% of employees paste company data into unsanctioned AI tools. The average cost of insider risks tied to shadow AI is $19.5M per organization — a 20% spike in two years. Here's what's being leaked, why it's happening, and the structural fix.

    EErtas Team·

    Your security team has hardened the perimeter. Firewalls, endpoint detection, DLP policies on email and USB, SSO with MFA on every SaaS app. And while they've been doing that, 77% of your employees have been pasting company information directly into consumer AI services — ChatGPT, Claude, Gemini, Perplexity, Grok — using personal accounts that your security team has no visibility into.

    This is shadow AI. And it is now the single largest unmonitored data exfiltration vector in most enterprises.

    The numbers are not ambiguous. According to research from the Ponemon Institute and DTEX Systems, the average cost of insider risks tied to shadow AI use reached $19.5 million per organization in 2025 — a 20% increase over two years. Organizations experience an average of 25 insider-risk incidents annually that are directly attributable to unauthorized AI tool usage. And shadow AI now affects over 75% of organizations, regardless of industry.

    This is not a hypothetical. It is already happening inside your organization. The question is whether you know the scope.

    What's Actually Being Leaked

    The data flowing into unsanctioned AI tools is not limited to casual queries. Employees are pasting substantive, sensitive business information into consumer LLMs because those tools are genuinely useful — and because the organization has not provided a sanctioned alternative.

    Here is what security teams are finding when they finally get visibility:

    Data TypeHow It Gets Into AI ToolsRisk Level
    Source codeDevelopers paste code for debugging, refactoring, code reviewCritical — IP exposure, potential competitive loss
    Legal documentsLawyers and paralegals paste contracts for clause analysis, summarizationCritical — privilege waiver, client confidentiality breach
    HR recordsHR teams paste employee reviews, compensation data for draftingHigh — PII exposure, employment law liability
    Customer dataSales and support paste customer emails, account details for response draftingHigh — GDPR/CCPA violation, breach notification trigger
    Financial reportsFinance teams paste revenue data, forecasts for analysis and formattingHigh — material non-public information exposure, SEC risk
    Meeting transcriptsEmployees paste meeting notes for summarization and action item extractionMedium-High — strategic plans, M&A discussions, board minutes
    Internal communicationsSlack messages, emails pasted for tone adjustment or summarizationMedium — cultural context, personnel issues, strategic direction

    The pattern is consistent: employees use AI tools for legitimate productivity gains, not malicious purposes. They paste real data because the AI is more useful with real context. And they use personal accounts because the organization has not given them a work-sanctioned option.

    82% of employees who use AI tools at work do so through personal accounts. This means every interaction happens outside your identity management, outside your DLP policies, outside your audit trail, and outside your ability to enforce data retention or deletion.

    Why This Is Happening: The 13% Problem

    The root cause is not employee negligence. It is organizational failure to provide alternatives.

    Only 13% of organizations have formally integrated generative AI workflows into their standard business processes. The other 87% have a gap: employees want to use AI (because it makes them measurably more productive), but the organization has not given them an approved way to do so.

    When you create a gap between what employees need and what the organization provides, employees fill that gap themselves. This is not new — it is the same pattern that created shadow IT a decade ago with Dropbox and personal email. The difference is that shadow AI involves sending data to a third party, not just storing it in an unapproved location.

    The governance gap is equally stark. Only 18% of organizations have fully integrated AI governance into their existing insider risk management programs. The remaining 82% are running AI governance as a separate workstream (if they're running it at all), which means the security team may be aware that shadow AI exists but has no operational mechanism to detect, measure, or mitigate it within their existing tooling.

    The Detection Gap: 1.6% Adds Up Fast

    Here is a number that sounds small but is not: 1.6% of all prompts submitted to AI tools contain content that violates organizational data handling policies.

    At first glance, 1.6% seems negligible. But consider the math for a 100-person company where most employees use AI tools multiple times per day.

    Conservative estimate for a 100-person company:

    • 75 employees use AI tools (75% adoption rate)
    • Average 15 prompts per employee per day (a mix of heavy and light users)
    • That is 1,125 prompts per day
    • 1.6% violation rate = 18 policy violations per day
    • Over a month (22 working days): 396 violations per month
    • Over a year: ~4,750 violations per year

    For a 1,000-person company, that number scales to roughly 180 violations per day and 47,500 per year.

    Each of those violations is a data point that has left your security perimeter, been ingested by a third-party model provider, and is now subject to that provider's data retention and training policies. Even if the provider claims not to train on user data (as OpenAI, Anthropic, and Google do for their enterprise tiers), the data has left your control. And your employees are not on enterprise tiers — they are on personal free or paid accounts with different data handling terms.

    The Compliance Consequences

    Shadow AI does not just create data leakage risk. It creates specific, measurable compliance exposure across multiple regulatory frameworks.

    GDPR (Articles 5, 6, and 28): When an employee pastes customer PII into a consumer AI tool, the organization has transferred personal data to a third-party processor without a Data Processing Agreement, without a lawful basis for the transfer, and without the data subject's knowledge. This is a textbook GDPR violation. The maximum penalty is 4% of global annual revenue or €20 million, whichever is higher.

    HIPAA (45 CFR §164.502): For healthcare organizations, pasting PHI into an unsanctioned AI tool constitutes an unauthorized disclosure of protected health information. There is no BAA in place with the AI provider. This triggers breach notification requirements and potential OCR enforcement action with penalties up to $2.13 million per violation category per year.

    SOC 2 (Trust Service Criteria CC6.1, CC6.6): Shadow AI usage directly contradicts access control and information boundary requirements. If your SOC 2 audit scope includes AI-processed data (and it should), undocumented AI tool usage creates audit findings that can affect your certification.

    SEC Regulation FD and Insider Trading Rules: When finance teams paste material non-public information into consumer AI tools, that information has been disclosed to a third party. The SEC has not yet brought enforcement action on this specific vector, but the legal exposure is clear.

    EU AI Act (Article 4, AI Literacy): Starting February 2, 2025, organizations deploying or using AI systems must ensure staff have sufficient AI literacy. Operating without an AI usage policy arguably fails this requirement.

    Why Blocking Doesn't Work

    The obvious reaction is to block access to AI tools at the network level. Some organizations have tried this. It does not work, for three reasons.

    1. Personal devices. Employees use AI tools on their phones and personal laptops. You cannot block access to ChatGPT on a device you do not control. You can only block it on the corporate network, which means employees switch to mobile data or wait until they get home — and paste even more data in a single session because they are batching their queries.

    2. New tools appear faster than you can block them. Organizations with 200–1,000 employees interact with an average of 45 distinct AI websites monthly. Larger organizations see this climb to 72. You cannot maintain a block list that keeps pace with the rate of new AI tool launches.

    3. Blocking reduces productivity. The reason employees use AI tools is that the tools make them faster. If you block the tools without providing an alternative, you are making a deliberate choice to reduce workforce productivity. In a competitive market, that choice has a cost.

    Blocking is a tactical response to a structural problem. The structural problem is that employees need AI capabilities and the organization has not provided them.

    The Solution Framework

    Addressing shadow AI requires four concurrent workstreams. Doing only one or two of them does not solve the problem — it just shifts the risk to a different gap.

    1. Deploy Sanctioned On-Premise AI Alternatives

    This is the structural fix. If employees use ChatGPT because they need an AI assistant, give them an AI assistant that runs on infrastructure you control.

    An on-premise AI deployment — whether a commercial platform like Cortexa or NayaFlow, or an open-source stack like Ollama with Open WebUI — gives employees the same capabilities they get from consumer AI tools, but with data that never leaves your network.

    The critical requirement is that the internal tool must be good enough that employees actually use it. If the sanctioned alternative is slower, harder to use, or less capable than ChatGPT, employees will keep using ChatGPT. The UX bar is high because consumer AI tools have set it high.

    This is not a small undertaking, but it is the only approach that eliminates the root cause rather than treating symptoms. We cover the specifics of building a sanctioned alternative in How to Build a Sanctioned AI Alternative to ChatGPT for Your Enterprise.

    2. Establish Policy and Enforcement

    Policy without enforcement is a memo. Enforcement without policy is arbitrary. You need both.

    An effective AI usage policy must specify:

    • Which tools are sanctioned and which are prohibited
    • What data categories may and may not be used with AI tools (including sanctioned ones)
    • Personal account usage — explicitly prohibited for work-related AI tasks
    • Consequences for violations, aligned with existing data handling policy consequences
    • Escalation paths for edge cases where employees need AI capabilities not covered by sanctioned tools

    The policy must be integrated into existing employee training, not published as a standalone document that no one reads.

    3. Implement Monitoring

    You cannot manage what you cannot see. AI usage monitoring needs to cover:

    • Network-level detection of outbound connections to known AI service domains (api.openai.com, claude.ai, gemini.google.com, etc.)
    • Browser extension audits — employees install AI browser extensions that capture page content and send it to external services
    • DLP policy updates to include AI tool uploads as a monitored egress vector
    • SaaS spend analysis — check expense reports and credit card statements for individual AI subscriptions that indicate unsanctioned usage

    The monitoring does not need to be punitive. Its primary purpose is visibility: understanding what tools are being used, by whom, and for what categories of data. This visibility informs both policy refinement and the feature requirements for your sanctioned alternative.

    For a detailed audit process, see our Shadow AI Audit Checklist.

    4. Train Continuously

    A one-time training session is forgotten within weeks. AI usage training must be:

    • Integrated into onboarding for new employees
    • Refreshed quarterly as new tools and risks emerge
    • Role-specific — developers need different guidance than legal teams, who need different guidance than sales teams
    • Positive, not punitive — frame the sanctioned tools as a benefit, not the restrictions as a burden

    Training should include concrete examples of what constitutes a policy violation, what the real-world consequences look like (not hypothetical scary scenarios, but actual enforcement actions and breach costs), and how to use the sanctioned alternative effectively.

    The Economics of Inaction

    The $19.5 million average cost figure includes investigation costs, remediation, legal expenses, regulatory penalties, and business disruption. But it does not include the harder-to-quantify costs: competitive intelligence leaked to a model provider's training data, legal privilege waived by pasting privileged communications into a consumer tool, or the reputational damage when a breach becomes public.

    Consider what a single incident looks like: a developer pastes a proprietary algorithm into ChatGPT to debug it. That code is now in OpenAI's system. Even if OpenAI does not train on it (per their current policy for API users — but this developer was using the free consumer tier), the code has left your control. If that algorithm represents $5M in R&D investment, you have created an unquantifiable risk for the cost of zero dollars in employee tooling investment.

    The math favors action. An on-premise AI deployment for a 100-person company costs $5,000–$15,000 for hardware and setup, plus minimal ongoing costs for power and maintenance. That is less than 0.1% of the $19.5M average insider risk cost. Even if your actual risk is a fraction of the average, the ROI on providing sanctioned alternatives is overwhelming.

    Where to Start

    If you suspect shadow AI is a problem in your organization (and if you have more than 20 employees, it almost certainly is), start with three immediate actions:

    1. Run the audit. Use our Shadow AI Audit Checklist to map what tools are being used and what data is flowing into them.

    2. Quantify the exposure. Multiply the number of employees × estimated daily AI prompts × 1.6% violation rate × the sensitivity of your data. This gives you a rough order-of-magnitude risk figure.

    3. Start the sanctioned alternative evaluation. You do not need to solve the whole problem before you start. A single-server on-premise AI deployment can be operational in days, not months, and immediately begins reducing shadow AI usage by giving employees a legitimate option.

    Shadow AI is not a problem that goes away on its own. Every day without a sanctioned alternative is another day of unmonitored data exfiltration. The structural fix is not complicated — it just requires treating the problem as what it is: a gap in your enterprise tooling, not a gap in employee judgment.

    Turn unstructured data into AI-ready datasets — without it leaving the building.

    On-premise data preparation with full audit trail. No data egress. No fragmented toolchains. EU AI Act Article 30 compliance built in.

    Book a Discovery CallSee how Ertas Data Suite works →

    Keep reading

    77% of Employees Are Leaking Data to AI Tools: What CISOs Need to Know
    Enterprise

    77% of Employees Are Leaking Data to AI Tools: What CISOs Need to Know

    Most employees are pasting sensitive company data into external AI tools. The numbers are worse than you think, and blocking access only pushes usage underground. Here's what actually works.

    Shadow AI Audit Checklist: Find Every Unauthorized AI Tool in Your Organization
    Enterprise

    Shadow AI Audit Checklist: Find Every Unauthorized AI Tool in Your Organization

    A step-by-step audit process to discover unauthorized AI tools in your organization. Covers network traffic analysis, browser extension audits, SaaS spend analysis, employee surveys, DLP reviews, and API key audits — with a 25-item checklist you can use immediately.

    Shadow AI Policy Template for Regulated Industries
    Enterprise

    Shadow AI Policy Template for Regulated Industries

    A practical, immediately usable AI acceptable use policy template for healthcare, financial services, and other regulated organizations. Includes data classification tables, regulatory overlays, and enforcement frameworks.