Risk Analysis 7 min read

Shadow AI: The Governance Gap That's Driving Your Next Data Breach

Three quarters of CISOs have already discovered unsanctioned GenAI tools running in their environments. The data suggests the breach hasn't happened yet -- but the conditions are in place.

CISO Brief May 29, 2026

Three in four CISOs have already found unsanctioned generative AI tools running in their environments, according to Cybersecurity Insiders’ 2026 AI Risk and Readiness Report. In most cases, they did not find them proactively — they found them because something went wrong: a DLP alert, a data classification incident, or an employee report.

The tools themselves are not the problem. The problem is the structural gap between how quickly employees adopt AI productivity tools and how slowly enterprise governance processes follow. That gap is where the risk lives.

The Scale of the Problem

The numbers from the past 12 months are consistent across multiple research sources:

Usage exceeds policy: Only 16% of employees use employer-authorised AI tools. The rest are using consumer accounts, personal subscriptions, or tools procured informally through credit cards. Nearly half of all GenAI usage occurs through personal accounts — ChatGPT, Claude, Perplexity, Gemini — entirely outside corporate oversight.

Data loss is already happening: The average organisation experiences 223 data policy violations involving generative AI applications every month. For organisations in the upper quartile of AI adoption, this rises to over 2,100 incidents per month. Source code accounts for 42% of these violations — developers pasting proprietary code into AI assistants is the single largest category of AI-related data exfiltration.

Governance infrastructure is not keeping up: 86% of security leaders lack or do not enforce access policies for AI identities. Only 19% govern even half of their AI accounts. Many organisations either do not have an AI governance policy or are still in the process of drafting one.

The breach prediction: 48% of security leaders expect that governance failures — specifically shadow AI and overpermissive access — will trigger the next major AI-related breach within 24 months.

Why Traditional DLP Misses It

Data loss prevention tools were designed around known data patterns moving to known egress points. HTTPS uploads to sanctioned SaaS applications, email attachments, USB transfers. The controls are perimeter-based.

Shadow AI breaks this model in two ways.

First, the traffic is indistinguishable from ordinary HTTPS browsing. An employee pasting source code into Claude.ai in a browser looks, at the network level, exactly like an employee reading documentation. Without endpoint-level controls inspecting clipboard contents or application context, the data movement is invisible.

Second, the data does not leave to a known destination. Corporate DLP rules typically block uploads to consumer file-sharing services because those are well-known exfiltration vectors. claude.ai, chatgpt.com, and gemini.google.com were not on those lists 18 months ago, and many organisations still do not have visibility rules for them.

The result: employees are sending proprietary data to external AI services, the data cannot be recalled, and in most cases the CISO’s team does not know it happened.

The Risk Categories

Understanding where exposure concentrates is useful for prioritising controls:

Source code and intellectual property: Developers using AI coding assistants (Copilot, Claude, Cursor) will paste code for review, debugging, or refactoring. If the assistant is accessed via a personal account, the terms of service may permit model training on inputs, and the code is certainly processed on external infrastructure. The risk is both IP exposure and, if the code contains hardcoded credentials, direct compromise.

Legal and regulatory documents: Legal teams using AI assistants for contract review, HR teams using AI for policy drafting, and finance teams using AI for analysis are all handling data subject to privilege, confidentiality obligations, or regulatory classification. Uploading this to a consumer AI tool is a potential breach of professional confidentiality or data protection law regardless of intent.

Customer and employee PII: Customer service staff using AI to draft responses, HR teams summarising performance reviews, and sales teams summarising CRM data are creating GDPR/DPA exposure when they do this via consumer accounts without data processing agreements.

Client confidential information: For professional services firms — law, accountancy, consulting — using a personal AI account to process client data may constitute a breach of client confidentiality obligations and professional regulatory requirements.

What Governance Actually Looks Like

The organisations managing this well are not blocking all AI use. They are channelling it.

Establish an approved tools list: Define which AI tools employees may use for which categories of work. Enterprise tiers of ChatGPT, Microsoft Copilot, and Google Gemini for Workspace all provide data processing agreements, zero-retention options, and corporate account management. Personal accounts of the same tools do not. The policy distinction is not which AI, but whether it is under corporate agreement.

Classify data before it moves: If employees understand which categories of data cannot be processed on external AI tools — code repositories, client data, financial forecasts, legal documents — they can self-govern more effectively. Data classification training is more scalable than trying to detect every policy violation after the fact.

Extend DLP to cover AI destinations: Modern DLP solutions now include AI application categories. Netskope, Zscaler, and Microsoft Purview all support policy rules for AI application usage, including the ability to allow enterprise tiers while blocking consumer tiers of the same service. This is the most effective technical control currently available and it is worth implementing quickly if it is not already in place.

AI-specific vendor risk assessment: Any enterprise AI tool that processes business data needs to go through a vendor risk assessment process, including data processing agreement review, subprocessor disclosure, retention policies, and security certification. The standard procurement process often does not require this — it needs to be added for AI tools specifically.

Incident response planning: Define what happens when an AI data incident is discovered. Who is notified? What is the notification obligation under GDPR if personal data was involved? How is the affected data classified? Organisations that have thought through these questions in advance respond faster and more coherently when an incident actually occurs.

Board Reporting Metrics

Three metrics that give an accurate picture for board reporting:

  1. AI tool audit coverage: What percentage of AI tools used in the organisation have gone through approved procurement? This is measured through software asset management, DLP tool logs, and browser extension inventory.

  2. Data policy violation trend: Monthly count of AI-related DLP violations, with breakdown by data type (source code, PII, confidential). Trend matters more than absolute number.

  3. Policy acknowledgement rate: What percentage of employees have acknowledged the AI usage policy? For regulated industries, this may be relevant to demonstrating due diligence in a regulatory investigation.

The broader governance ask is not complicated: know which AI tools are in use, know which ones have data processing agreements, and have a clear policy about what data can go where. The organisations that get this right are not more risk-averse — they have just built the governance infrastructure before they needed it rather than after.

shadow-AIGenAIAI-governancedata-lossCISOrisk-managementpolicyvendor-risk
Related Risk Analysiss All briefings ›