The numbers that matter most
The eight headline statistics on shadow AI, drawn from primary research published 2024 to 2026. Hover any card for a permalink to that specific stat.
of organisations have sensitive data exposed to AI
Varonis analysed nearly 10 billion files across 1,000 real-world environments and found essentially every organisation has sensitive data that AI tools could surface.
added to the average breach cost by shadow AI
Breaches involving high levels of shadow AI cost roughly USD 670,000 more than those with low or no shadow AI (USD 4.63M versus USD 3.96M).
Source: IBM Cost of a Data Breach 2025
of AI users bring their own AI to work
Microsoft and LinkedIn's 2024 Work Trend Index (31,000 workers, 31 markets) found most AI users supply their own tools rather than waiting for an approved option.
Source: Microsoft 2024 Work Trend Index
of workplace AI use runs through unsanctioned personal accounts
Cyberhaven's telemetry found the large majority of corporate AI activity happens via personal accounts that bypass enterprise governance entirely.
of breached organisations had no AI governance policy
IBM found nearly two-thirds of breached organisations lacked any policy governing AI use or detecting unauthorised use.
Source: IBM Cost of a Data Breach 2025
of sensitive-data exposures involved ChatGPT
Across 22.4 million enterprise AI prompts, Harmonic Security attributed 71.2% of all sensitive-data exposures to ChatGPT alone.
Source: Harmonic Security, 2025
growth in corporate data sent to AI tools in one year
Cyberhaven measured a 485% rise in the volume of corporate data flowing into AI tools between March 2023 and March 2024.
How widespread shadow AI is
Unsanctioned AI use is no longer an edge case. Across independent datasets, the behaviour is close to universal in the knowledge workforce.
of knowledge workers already use generative AI at work
Microsoft's 2024 Work Trend Index found three in four knowledge workers use generative AI at work, with 46% having started in the prior six months.
Source: Microsoft 2024 Work Trend Index
of organisations have unverified apps including shadow AI
Varonis found almost every organisation runs unsanctioned or unverified applications, increasing the risk of data exposure and breaches.
of cybersecurity leaders have evidence or suspect employees use public GenAI at work
A Gartner survey of cybersecurity leaders found more than two-thirds believe public generative AI is being used in their organisation, sanctioned or not.
weekly active ChatGPT users by late 2025
OpenAI reported ChatGPT surpassed 800 million weekly active users, the consumer tool most often reached for at work without sanction.
Source: OpenAI / TechCrunch
of corporate AI tools present high or critical data-security risk
Cyberhaven's 2025 assessment rated the majority of AI tools in corporate use as high or critical risk, with 83.8% of enterprise data going to AI flowing to risky tools.
What data leaks into shadow AI
The risk is not that employees use AI; it is what they put into it. The data flowing into unsanctioned tools is disproportionately sensitive.
of enterprise AI prompts contained sensitive data
Harmonic Security detected 579,113 sensitive instances across 22.4 million prompts in 2025 - a small share of an enormous and growing volume.
Source: Harmonic Security, 2025
of sensitive-data exposures flowed through free or personal accounts
Harmonic found nearly one in six sensitive exposures came via free and personal-tier accounts - the usage that billing and licensing controls cannot see.
Source: Harmonic Security, 2025
of sensitive data sent to AI is source code
Source code was the single largest category of sensitive data put into AI tools in Cyberhaven's analysis, ahead of R&D material (17.1%).
of organisations with an AI-related breach lacked proper AI access controls
IBM found nearly all organisations that suffered an AI-related breach had no proper access controls governing AI - the control most predictive of exposure.
Source: IBM Cost of a Data Breach 2025
ChatGPT-specific exposure
ChatGPT is the dominant shadow AI tool, and the data on what employees paste into it is the most studied of any AI application.
of everything employees paste into ChatGPT is confidential
Cyberhaven found that more than one in ten of all pastes into ChatGPT contained confidential company data.
Source: Cyberhaven Labs
of employees account for 80% of data egress into ChatGPT
A tiny fraction of employees drive the overwhelming majority of confidential-data egress - a finding that shapes where detection and coaching should focus.
Source: Cyberhaven Labs
of knowledge workers have tried ChatGPT at work
Cyberhaven's earlier measurement found roughly one in nine knowledge workers had used ChatGPT at work, with 8.6% having pasted data into it.
Source: Cyberhaven Labs
How enterprises are responding
The corporate reaction spans outright bans, delayed AI rollouts, and a widening recognition that governance, not prohibition, is the durable answer.
of IT leaders delayed Microsoft 365 Copilot by 3+ months
A Gartner survey of 132 IT leaders found data oversharing prompted 40% to delay their M365 Copilot rollout by three months or more.
Source: Gartner (via Computerworld)
said information governance and security risks consumed significant time during AI deployment
In the same Gartner survey, nearly two-thirds reported that governance and security risk required significant time and resources to manage during rollouts.
Source: Gartner (via Computerworld)
of organisations will suffer shadow-AI security incidents by 2030
Gartner predicts that by 2030 more than 40% of global organisations will experience security and compliance incidents caused by unauthorised AI tools.
of companies have technical controls to prevent unauthorised AI uploads
Analysis of IBM's findings indicates only about 17% of companies have technical controls to stop unauthorised data uploads to AI tools, leaving most reliant on policy and training alone.
Source: Kiteworks analysis of IBM 2025
Australia and APAC
Australia regulates AI through obligations that already apply rather than a dedicated AI Act, and its regulators have moved decisively on unsanctioned and high-risk AI.
Australia banned DeepSeek from government devices
The Department of Home Affairs directed government entities to remove all DeepSeek products from Australian Government systems and devices over data-security and foreign-access concerns.
Source: The Register (Feb 2025)
APRA wrote to all regulated entities setting minimum AI-governance expectations
APRA's letter to banks, insurers, and superannuation trustees found AI systems are too often deployed without inventory and that boards must maintain sufficient understanding of AI to provide effective oversight.
of enterprise AI traffic went to China-based tools
Harmonic found 925,519 prompts (4.1% of AI usage) went to platforms such as DeepSeek and Kimi Moonshot - a data-residency concern central to Australia's DeepSeek ban.
Source: Harmonic Security, 2025
Shadow AI incident timeline
A short timeline of the public incidents that defined the shadow AI risk category. Samsung remains the canonical case.
Samsung suffered three source-code leaks within about 20 days (April 2023)
Within roughly 20 days of allowing ChatGPT, Samsung engineers leaked semiconductor source code, defect-detection algorithms, and a confidential meeting transcript into the tool.
Source: TechCrunch (May 2023)
Samsung banned generative AI on company devices and networks
Samsung restricted ChatGPT, Bing, Bard, and similar tools on company-issued devices and internal networks, citing the difficulty of retrieving data once sent to external servers.
Source: TechCrunch (May 2023)
of Samsung staff said generative AI carries a security risk
An internal Samsung survey conducted before the ban found about 65% of participants believed using generative AI tools carries a security risk.
Source: TechCrunch (May 2023)
Market context: the AI-security M&A wave
Shadow AI created a market. Through 2024 and 2025, the largest security vendors acquired purpose-built AI-security startups to address it.
Palo Alto Networks moved to acquire Protect AI (April 2025)
Palo Alto Networks announced its intent to acquire AI-security firm Protect AI, with reporting placing the deal in the USD 650-700 million range, to anchor its Prisma AIRS platform.
Source: CNBC (April 2025)
Cisco acquired AI-security firm Robust Intelligence
Cisco completed its acquisition of Robust Intelligence in September 2024 to secure AI applications across the enterprise; terms were not disclosed.
Source: SecurityWeek
SentinelOne acquired Prompt Security (August 2025)
SentinelOne agreed to acquire generative-AI security startup Prompt Security in a deal valued at approximately USD 250 million to advance its GenAI and agent-security strategy.
Source: SentinelOne / Dark Reading
Methodology
This page aggregates third-party research. Areebi did not run a primary survey for these figures. Each statistic above links to its primary source - a named, dated, publicly accessible report or news article. We verified every figure against its source and dropped any number we could not confirm rather than estimating it. Where a figure is derived (for example, a percentage computed from a count), we say so and link the source data.
Definitions of "shadow AI" and "unsanctioned" vary across sources - some count personal-account use only, others count any unreviewed tool or AI feature - so figures from different studies are not always directly comparable. We report each in its original framing rather than forcing a single definition. Time coverage spans 2023 to 2026; the Samsung incident (2023) is included as the canonical case that defined the category.
Corrections. If you believe a statistic is misattributed or out of date, tell us via our contact page and we will correct it. This page is refreshed quarterly.
How to cite this page
Areebi Research Team. "Shadow AI Statistics 2026: 40+ Stats on Unsanctioned AI at Work." Areebi, June 2026. https://www.areebi.com/resources/research/shadow-ai-statistics
This page is released under the Creative Commons Attribution 4.0 International (CC BY 4.0) license. You may quote, redistribute, and build on these statistics for any purpose, including commercially, with attribution to Areebi Research and a link back to this page. When you cite an individual figure, please also credit and link the underlying primary source named on that statistic.
See where these numbers come from in your own environment
Areebi detects unsanctioned AI use, then redirects users to a governed workspace with real-time DLP, immutable audit, and policy enforcement. See the detect-and-redirect flow against your own stack.