Half of Employees Use Shadow AI 

Uploaded on 2025-03-31 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research carried for Software AG on the AI habits of 6,000 knowledge workers. has found that half of all employees are using Shadow AI (AI tools not issued or approved by their employer). 

Furthermore, the research report entitled 'Chasing Shadows - Getting ahead of Shadow AI' suggests that personal AI tools are so valuable that half of workers (46%) would refuse to give them up, even if their organisation banned them completely. 

This is a powerful signal to organisations that they need more robust and comprehensive AI strategies, to prevent inviting significant risk into their business.

Director at Software AG, Steve Ponting commented: “If 2023 was a year of experimentation, 2024 will be defined as the year that GenAI took hold. While 75% of knowledge workers use AI today, that figure will rise to 90% in the near future because it helps to save time, makes employees’ jobs easier and improves productivity (71%). “As usage increases, so does the risk of cyber attacks, data leakage or regulatory non-compliance. Consequently, business leaders need to have a plan in place for this before it’s too late.”

The survey also found that not only does AI have a day-to-day impact on individuals, but nearly half (47%) of workers believe these tools will help them to be promoted faster. This suggests a future where AI tools are wholly ingrained in many roles due to their criticality in job success.

Most knowledge workers said they use their own AI tools because they prefer their independence (53%). An additional 33% said it’s because their IT team does not currently offer the tools they need. This suggests that if businesses want their employees to use officially issued tools, a different process is needed for determining which ones are actually made available.

Over 705 of employees are ware of the risks of their AI choices and recognise that cyber security, data governance and inaccuracy of information are potential hazards. However, businesses should be concerned that few employees take adequate precautions like running security scans or checking data usage policies.

There is some evidence that regular users of AI are better prepared to mitigate risks compared to occasional users and this should encourage organisations to implement more rigorous training programs,

According to Software AG's J-M Erlendson, “We need this now, because the future, where 90% of workers use AI, is just around the corner and will bring more of the occasional users, which is a problem. This group is far less adept at taking risk management precautions compared to their more experienced counterparts, but they’re just as likely to take the risks.

Shadow AI is supercharging the operational chaos already engulfing many organisations. “A transparent framework for their processes, coupled with an understanding of the tools employees want, and the training they need, are good building blocks for better incorporating Shadow AI. It’s clear that AI is not going away, and, collectively, we need to address it in the right way now.” Erlendsen concludes.

Image: ismagilov

You Might Also Read: 

The Shadow IT Problem No One Talks About:

If you like this website and use the comprehensive 7,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

« Staying Ahead Of First-Party Fraud & Abuse
Oracle Cloud Denies It Has Been Breached »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

DMH Stallard

DMH Stallard

DMH Stallard is a mid-market law firm. Areas of expertise include cyber security and cyber crime.

Infrascale

Infrascale

Infrascale specialise in providing cloud backup and disaster recovery services.

PlaxidityX

PlaxidityX

PlaxidityX (formerly Argus Cyber Security) is a global leader in mobility cyber security, provides DevSecOps, vehicle protection and fleet protection technologies and services.

EverC

EverC

EverC (formerly EverCompliant) is a leading provider of cyber intelligence that allows acquiring banks and payment service providers (PSP) to manage cyber risk.

herdProtect

herdProtect

herdProtect is a second line of defense malware scanning platform powered by 68 anti-malware engines in the cloud.

European Healthcare Fraud & Corruption Network (EHFCN)

European Healthcare Fraud & Corruption Network (EHFCN)

EHFCN is the only organisation dedicated to combating fraud, corruption and waste in the healthcare sector across Europe.

Vilnius Tech Park

Vilnius Tech Park

The region‘s most complex and integrated ICT hub, Vilnius Tech Park aims to attract and unite innovative talent from big data, cyber security, smart solutions, fintech and digital design.

Blackwall

Blackwall

Blackwall (formerly BotGuard) is a security infrastructure company focused on protecting web ecosystems from automated threats, while optimizing performance for hosting environments.

Reflectiz

Reflectiz

Reflectiz empowers digital businesses to make all web applications safer by non-intrusively mitigating any website risks without a single line of code.

Innovex Global

Innovex Global

Innovex is a full-service executive search and advisory business that engages with early-stage startups, scale-ups, and established businesses in the Fintech, Cybersecurity and Technology industries.

Naq Cyber

Naq Cyber

Naq is the number one platform for SMEs looking to become legally compliant and protect against cybercrime and other data-related incidents.

StarLink

StarLink

StarLink is an acclaimed Value-Added Distributor across the Middle East, Turkey and Africa regions with on-the-ground presence in 20 countries including UK and USA.

Serbus

Serbus

Serbus Secure is a fully managed suite of secure communication, enterprise mobility and mobile device security tools.

Evervault

Evervault

Evervault provides engineers easy solutions to complex data security and compliance problems.

GoCloud Systems

GoCloud Systems

GoCloud is an IT consulting firm. We provide IT strategy and cloud adoption services to the New Zealand Government, Non-Profit Organisations and private industry.

Aryon Security

Aryon Security

Aryon Security is redefining cloud security with the ability to enforce cloud strategy with confidence, enabling organizations to prevent risks before they emerge.