Shadow AI is now a line item in your breach report
Employee AI use tripled in a year; unapproved tools now show up in breach-cost data. Blocking failed. Build the sanctioned path instead.
Last updated
Verizon’s 2026 Data Breach Investigations Report put a number on something most engineering leaders already suspected: frequent AI use by employees went from 15% to 45% in one year, and shadow AI, meaning unapproved tools used at work, is now the third most common non-malicious data-leakage activity in the report’s data-loss dataset. The report adds two details that should worry you more than the headline. Most of that usage runs through non-corporate accounts. And the leading data type employees submit to unapproved AI platforms is source code.
The cost side is quantified too. IBM’s 2025 Cost of a Data Breach study found that organizations with high levels of shadow AI saw an average of $670,000 more in breach costs than those with little or none, and one in five breached organizations reported a breach due to shadow AI. In the same study, 63% of breached organizations either had no AI governance policy or were still writing one.
So the exposure is quantified, the behavior is near-universal, and most companies are governing it with a draft.
The ban already failed
The standard first response was a policy memo and a blocklist. The DBIR shows where the usage actually lives: two-thirds of it runs through non-corporate accounts, outside any block you can enforce and any log you can read. An engineer pasting a stack trace into a chatbot is trying to close a ticket faster. A policy that only says “no” is competing against that, and it loses every time, silently, on accounts you can’t see.
That’s the part worth sitting with. The 45% who use AI regularly include some of your most productive people responding rationally to a tool that works. The demand itself is healthy. What met it was consumer products under consumer terms.
This is a platform gap, not a discipline problem
People use personal ChatGPT accounts when there’s no corporate account to use. They paste source code into a free tool when the approved alternative doesn’t exist or sits behind a three-week ticket. Every hour spent drafting a sternly worded usage policy without building the sanctioned path is an hour spent making the shadow path more attractive.
The sanctioned path is unglamorous and structural:
- Approved tools, purchased on enterprise terms: training on your data off by contract, retention windows you chose, a data-processing agreement your counsel has read.
- Every AI tool behind your SSO. If access doesn’t go through your identity provider, you can neither see it nor revoke it.
- Usage logged somewhere your security team already looks, so “what went into that tool” is answerable during an incident instead of unknowable.
- A short allowed list that names real tools, next to a short never list that names real data classes: credentials, customer records, unreleased financials, source code for anything sensitive.
- An exception queue with a fast answer, because a slow “maybe” reads as “no,” and “no” reads as “use your phone.”
None of this is exotic engineering. All of it is procurement, identity, and logging work that dies without an owner.
The 63% problem is an ownership problem
A policy that’s been “in development” for a year is stuck because the work lands across IT, security, legal, and procurement, and no one of them owns the outcome. Meanwhile the DBIR clock keeps running: usage tripled in the year nobody finished the draft.
The fix is a name. One senior person who owns the allowed list, the contracts, the logging, and the exception queue, and who reports on shadow-AI exposure the way a CFO reports on spend. At mid-market scale that is genuinely not a full-time hire, which is exactly why it never gets hired for and never gets done.
If your company is at the 63% stage, with usage you can’t see and a policy that won’t finish itself, that’s the gap fractional platform leadership exists to close: a named, senior owner for the governed path, without the full-time headcount.
Questions this raises
Straight answers.
- What is shadow AI?
- Employees using AI tools their company hasn't approved, usually through personal accounts on corporate devices. It stopped being a fringe behavior: Verizon's 2026 Data Breach Investigations Report found frequent AI use jumped from 15% to 45% of employees in a single year, and ranks shadow AI as the third most common non-malicious data-leakage activity it tracks.
- Should we just block ChatGPT and the other AI tools?
- Blocking without offering an alternative is how most companies got here. The 2026 DBIR found roughly two-thirds of employees using AI at work did so through non-corporate accounts, where the company has no contract, no logs, and no controls. A block on the corporate network pushes usage to personal devices and accounts you can't see. The durable fix is a sanctioned path that's genuinely easier than the shadow one, plus a short, explicit list of what must never leave.
- What does shadow AI actually cost when something goes wrong?
- IBM's 2025 Cost of a Data Breach study put a number on it: organizations with high levels of shadow AI saw an average of $670,000 more in breach costs than those with little or none, and one in five breached organizations reported a breach due to shadow AI. Those figures come from IBM's annual study of real-world breaches, based on interviews with the breached organizations.
- Who should own AI usage governance?
- A named senior engineering or platform leader. The work cuts across IT, security, legal, and procurement — approved tools, enterprise contracts, logging, the exception queue — so by default nobody owns it, which is how 63% of breached organizations end up with no finished AI governance policy. At mid-market scale the scope rarely justifies full-time headcount, which is why it goes unowned.
Fractional Leadership
The writeup has a service behind it.
If this is your situation, the fractional leadership is where it gets fixed — by the person who wrote this.