Shadow AI Joins Shadow IT, Creating New Challenges for Risk & Security Teams
Solutions Review, Thursday, December 18th, 2025
People are always searching for a simpler way to do things. 'There's an app for that' has become a cliche as developers look for new ways to make the lives of their users easier. But while a scheduling app or a notetaking feature might be helpful in your personal life, the dynamic changes when these applications are used in a work environment.
If a shady calendar app steals your personal information, that's one thing. But if it steals your employer's data-or worse, customer or client data-that's an unacceptable risk. The use of unapproved applications on company devices has become known as 'shadow IT,' and it poses a significant problem for security and IT departments.
The advent of AI has exacerbated the issue even further. After all, AI is the ultimate Swiss army knife-employees are using generative AI tools to do everything from summarize articles to analyze complex data sets-and this is creating significant challenges for security and risk management teams. Much of the risk around today's generative AI tools centers around improper sharing of sensitive or confidential data, and if risk management teams cannot control (or even see) what information is being shared with those tools, that's a real problem. Today's organizations don't just need to worry about shadow IT-they need to recognize and mitigate the threat of shadow AI as well.