Index  ›  ai  ›  TechRadar

‘You fix it by making the secure option just as fast and frictionless as the risky one’: Practical advice on addressing shadow AI

TechRadar Published Jul 4, 2026 Reviewed Jul 4, 2026 ✓ Reviewed by citations.press editors
Citation-ready fact
Teramind reported that 86% of organizations lack visibility into how data moves to and from AI tools.
86 · organizations
View source ↗
Citation-ready fact
Teramind reported that 67% of enterprise AI usage runs through unmanaged personal accounts on corporate-licensed platforms.
67 · enterprise AI usage
View source ↗
Citation-ready fact
Teramind reported that 69% of C-suite leaders prioritize speed over security when using AI tools, versus just 37% of frontline employees.
69 · C-suite leaders37 · frontline employees
View source ↗
Citation-ready fact
Teramind reported that 60% of employees said productivity benefits outweigh security risks when deadlines are involved.
60 · employees
View source ↗
Citation-ready fact
Teramind reported that 48% of employees said they would use AI even if it were explicitly banned.
48 · employees
View source ↗

AI’s timeline is very much still being written, but one thing is clear – companies are now in the midst of shifting from experimentation to widespread implementation after having determined strong use cases, with security and trust now becoming higher priorities.

The question is no longer about whether employees are willing to embrace AI, because that much is clear. It’s now about whether their employers know how AI tools are actually being used, whether they’re providing the right type of solutions, and whether their governance supports real-world use cases.

Off the back of that, companies are now struggling to tame shadow AI as workers go off to explore their preferred tools, rather than being confined to workplace-provided alternatives. But while organizations have years of experience handling shadow IT, shadow AI is presenting new challenges.

Rather than being blocked from downloading certain software, workers can almost painlessly head to their chosen AI tool directly from the browser or via a personal account without approval or restrictions. As much as two-thirds (67%) of enterprise AI use now takes place through unmanaged personal accounts, even when an organization already provides enterprise-grade licenses.

But those sanctioned AI tools are clearly working for employees, who are seeing higher productivity. At the end of the day, this is a major win for companies who are under pressure to prove ROI, but shadow AI presents security risks that enterprise-grade software generally negates.

Teramind has revealed that 86% of organizations lack visibility into how data moves to and from AI tools, and it’s not just knowledge workers who are to blame. Nearly seven in 10 C-suite execs also admitted to prioritizing speed over security.

I spoke with Teramind VP of Strategy Leeron Walter to understand why shadow AI has become more of an issue than we might’ve thought, and what organizations can realistically do to regain visibility and control while continuing to meet workers where they feel most comfortable and productive.

Shadow AI is any AI usage that operates outside organizational visibility and governance - whether through banned apps, personal accounts, or AI features embedded in tools you already pay for.

The reason it's hiding inside approved platforms is simple: vendors are racing to embed AI into everything. Your licensed Microsoft 365, your PDF reader, your CRM - they all have AI features now.

Our research shows 67% of enterprise AI usage runs through unmanaged personal accounts on corporate-licensed platforms. The perimeter didn't move. It dissolved.

Not always. Our data is unambiguous: 69% of C-suite leaders prioritize speed over security when using AI tools, versus just 37% of frontline employees.

Executives feel competitive pressure more acutely, so they rationalize bypassing policies.

They're doing a fast cost-benefit calculation: "Missing this deadline hurts me now. A data breach is someone else's problem later." 60% of employees in our research said productivity benefits outweigh security risks when deadlines are involved.

You don't fix that with more restrictions - 48% said they'd use AI even if it were explicitly banned. You fix it by making the secure option just as fast and frictionless as the risky one. Remove the tradeoff entirely.

Yes, but not because they're reckless - because they're impatient with policies that feel arbitrary. For them, AI is a basic utility, like a search engine.

Blocking it doesn't register as a security measure; it registers as the company being behind. Meet them with speed and enablement, not bureaucracy.

Because they were built to catch files moving, not ideas being processed. Shadow IT was about unauthorized storage - a file uploaded to Dropbox.

Shadow AI is about unauthorized processing - sensitive data pasted into a chat prompt. There's no file transfer to intercept. The data moves through an encrypted browser session, and legacy DLP tools are pattern-matching against file types and network transfers, not semantic content in a chat box.

The threat model changed; the tools didn't.

Days 1–30: Observe, don't block. Deploy behavioral telemetry to build a full Shadow AI inventory - browser extensions, clipboard activity, personal account usage inside approved platforms. Understand what's actually happening before you touch anything.

Days 31–60: Categorize risk. Which tools train on user data? Which departments depend on them? This is when you find out Engineering lives in an unvetted coding assistant.

Days 61–90: Enable and enforce. Roll out approved alternatives for high-risk tools. Implement real-time coaching - block the risky action, surface the safe alternative immediately. Goal: not zero AI usage, but 100% visible AI usage.

You build paved roads. Give employees a fast, secure, approved AI path so they don't need to go off-road. That means enterprise AI tools with zero-retention data policies, integrated into existing workflows - not buried in a separate portal.

To avoid it becoming theater, your AI tool approval process needs to be agile. If the review takes six months, employees use the consumer version today and say nothing. Govern the data, not the application - allow the tool, but monitor and control what data flows through it in real time.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website builders and web hosting when DHTML and frames were in vogue and started narrating about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium.

Please logout and then login again, you will then be prompted to enter your display name.

This article was originally published by TechRadar ↗. citations.press indexes the source-backed facts above and links to the original. Something wrong? Corrections policy · Report an error