What is Shadow AI?

How to mitigate the risks of unvetted AI software

Leon Brown | OCT 18, 2023

9 min read

The emergence of AI technology in the mainstream has the potential to accelerate your organization’s productivity — but if it’s not managed correctly, it could undermine it completely.

In recent years, AI has experienced a huge growth in demand, with an increase of 500% in its share of software spending. As a result, it’s now being integrated into just about every function of the modern business, from engineering right through to marketing.

But while the procurement of these AI tools will certainly drive up your software spend, the potential consequences aren’t just limited to your finances.

There’s also the risk of shadow AI and its implications for both security and productivity – a problem Gartner identified back in 2019 as being a pending issue for IT managers over the course of the 2020’s.

But what exactly is shadow AI? And how is it a problem?

Let’s explore the meaning, challenges and core mitigation strategies you need to know about for this burgeoning risk.

What is shadow AI?

Shadow AI refers to the use of AI-enabled tools that have not been approved by the organization’s IT department. It’s a relatively new variety of ‘shadow IT’, which more broadly encompasses the use of unapproved IT systems for work purposes.

What is the cause of shadow AI?

As SaaS tools continue to proliferate, the prevalence of shadow AI is on the rise. These tools can range from machine learning chatbots to predictive analytics platforms for budgeting, sourced from third-party software vendors.

AI usage is driven by various motivations, including the desire for enhanced productivity, efficiency and problem-solving capabilities. However, when these are combined with factors like an inefficient procurement process, employees are more likely to take it upon themselves to procure new solutions without the IT department’s involvement.

This is an increasingly common type of maverick spending that occurs when systems are purchased outside of official procurement processes. Maverick buying of AI tools is particularly common as they represent a niche of software arguably still in its infancy. Solutions are relatively affordable and could be easily overlooked as tail spend, as curious users sign up to experiment with these new tools and test how they fit into existing workflows.

In fact, data from IBM shows that 35% of companies are already using AI, while a further 43% are exploring its potential for future implementation.

The challenges of shadow AI

Shadow AI can offer select benefits for organizations looking to explore innovative new solutions, but it also presents a number of concerns. Considering that these tools are outside of the knowledge or control of the IT department, they pose risks to security, productivity and the return on investment taken from the broader SaaS portfolio.

Let’s take a look at some of the specific issues you may encounter.

Data security and compliance risks

Shadow AI poses significant data and security compliance risks. When employees independently adopt AI tools without the oversight and approval of the IT team, they may inadvertently expose the organization to vulnerabilities.

These tools are commonly used to access, process, and store sensitive company data — and without the appropriate security measures in place, they carry a high risk of breach or unauthorized access. Moreover, compliance with data protection regulations, such as GDPR, HIPAA, or industry-specific standards, often requires careful management of data, which can be easily disregarded in the absence of proper oversight.

As a result, leveraging unvetted AI systems could leave your organization vulnerable to severe financial or reputational consequences.

Feature overlap with existing tools

The unregulated use of AI tools is likely to result in feature overlap and tool redundancy, which can impede productivity and increase operational costs. When employees independently adopt AI tools to address specific needs, they may unintentionally introduce new tools to the organization’s stack that offer similar features to those already in use.

And with big names in SaaS such as Salesforce, Adobe and HubSpot rapidly integrating AI functionality into their existing suites of tools, shadow AI could easily lead to instances of feature overlap.

What’s more, the knock-on effects are significant — staff gravitating to their newly procured shadow AI tools could lead to your existing software becoming underutilized and providing a lesser return on investment. Plus, workflow fragmentation between staff members will make data transfer and collaboration more complicated, impairing operational efficiency.

Forgotten licenses

One common issue with shadow IT is the accumulation of forgotten licenses, or subscriptions that were procured without approval but not fully integrated into daily operations. This is especially common in the context of AI solutions, as curious users look to independently test out the capabilities of these exciting new tools.

Forgotten licenses can be a burden for several reasons.

In the first instance, they represent a waste of IT spending, but also a lack of accountability. When shadow AI is purchased, there is usually no designated person or team responsible for tracking and managing these licenses, which are likely to go overlooked and tie up IT resources that could be directed elsewhere.

Factor in that many will be subject to auto-renewal clauses, and you see the problem clearly. We’ve found that an average of 89% of software vendors include these terms in their contracts, allowing subscriptions to roll over without due notification. As a result, any AI solutions purchased through the organization may be draining budgets without being monitored or utilized.

89% of software vendors include auto-renewal clauses in their contracts, allowing subscriptions to roll over without due notification.

Reduced buying power

Lastly, shadow AI has the potential to disrupt an organization’s ability to negotiate favorable vendor agreements. As departments autonomously procure AI tools, IT spending may be diverted from strategic initiatives to cover these uncoordinated expenses. This can result in financial inefficiency and hinder the organization’s ability to allocate resources effectively.

Shadow AI also diminishes the organization’s centralized purchasing power. Organizations are typically able to negotiate better terms with vendors, secure advantageous agreements, and streamline procurement processes when they have full visibility into the usage happening within the organization to leverage for volume-based discounts.

Shadow AI and other decentralized procurement makes it increasingly challenging to obtain cost-effective deals. As software prices rise and procurement budgets are pinched, this can have costly effects on your IT spending.

How to manage shadow AI

Shadow AI presents a new challenge for businesses that leverage digital tools, raising the need for organizations to develop policies to manage the problem. This way, you can leverage AI for positive business outcomes rather than work at odds with this new frontier in technology.

1. Educate staff on AI benefits and risks

First and foremost, it’s essential to educate staff about the applications of AI. Openly discussing the challenges and prospective benefits of AI use will help to create a culture of transparency so that employees learn the risks of shadow AI and feel comfortable requesting the tools they need.

Over the coming years, many organizations will need to develop and communicate clear policies for AI adoption within the organization, defining what constitutes shadow AI and educating staff on the consequences of unapproved tools.

For example, you may choose to offer training programs or workshops to help promote AI literacy. Then, once you have the foundations of AI best practices in place, you can encourage employees to report and discuss any instances of shadow AI they are aware of. This ensures that potential issues are highlighted and addressed before snowballing into larger problems.

2. Establish central channels for procurement

It’s vital to set up and make staff aware of the appropriate channels to pursue if they would like to subscribe to an AI solution. When teams have confidence in the organization’s ability to efficiently procure new SaaS tools, they are less likely to purchase any desired subscriptions autonomously.

A well-signposted approach to new procurement helps to reduce siloed procurement practices and their associated costs. This way, organizations can research, vet, purchase and distribute licenses to the procured SaaS tools as required, ensuring that each new acquisition is subject to scrutiny by the relevant authorities within the organization.

This not only helps in risk management but also promotes cost-efficiency and organizational alignment, reducing the prevalence of unmanaged shadow AI that could pose compliance, security, and financial risks.

3. Manage SaaS usage and access control

Lastly, organizations should actively work to discover which tools are being used by employees, whether approved or not. For example, you may deploy SaaS discovery methods to cover instances of sign-on and ensure that any unauthorized IT use is identified.

Once discovered, shadow AI usage can be monitored to ensure that only authorized personnel can access approved AI tools. Improved access control will help to manage secure employee offboarding, ensuring that access is smoothly revoked as and when staff move on from the organization.

As part of effective ongoing SaaS management, you may also conduct regular legal and compliance reviews for AI tools, ensuring that data security practices meet your organizational requirements.

Have full control of your AI tools with Vertice

At Vertice, we offer a one-stop solution for the management of your entire software portfolio — AI tools included. With automatic contract tracking, usage analytics and SaaS discovery, we help teams to monitor all software use and gain unparalleled visibility into their stack.

But that’s not all we do.

As well as tracking all software being used, we’ll identify any cost-saving opportunities that exist within your SaaS stack and assist you with procuring best-in-class contracts by negotiating on your behalf.

See for yourself how Vertice helped one company save $170,000 on a single contract, or alternatively find out how much you could be saving on your own annual SaaS spend.

SaaS pricing

Get InsideSaaS