Shadow IT in 2026: Risks, detection, and how to manage it

Shadow IT in 2026 looks nothing like it did five years ago. The problem now is AI agents with persistent OAuth tokens, LLM sessions quietly processing proprietary source code, and orphaned SaaS accounts no one remembers provisioning. Each one extends the corporate attack surface well past anything a traditional network perimeter was designed to handle.

According to UpGuard's State of Shadow AI report, over 80% of employees use unapproved AI tools. A Gartner survey of 302 cybersecurity leaders (March–May 2025) found that 69% of organizations either suspect or have confirmed employees using prohibited public GenAI tools. Gartner predicts that by 2030, more than 40% of enterprises will experience a security or compliance incident tied to unauthorized shadow AI.

The DTEX/Ponemon 2026 Cost of Insider Risks report puts the annual cost of insider negligence driven primarily by shadow AI at $10.3 million per organization. That figure covers incidents where no malicious intent was involved: just employees using tools IT never approved, and budgets quietly funding infrastructure no one can see or secure.

Key takeaways

• Shadow IT in 2026 is an AI problem as much as a SaaS problem. AI agents with persistent OAuth tokens, LLM sessions processing proprietary source code, and orphaned SaaS accounts that outlive their owners are now the highest-severity risks.
• Shadow AI is categorically different from traditional shadow IT. Unsanctioned SaaS tools store data in the wrong place. Unsanctioned AI tools process, analyze, and act on it.
• The financial exposure is quantified. IBM's 2025 Cost of a Data Breach Report found that shadow AI involvement adds $670,000 to the average breach cost of $4.44 million. The DTEX/Ponemon 2026 Cost of Insider Risks report puts the annual cost of AI-driven insider negligence at $10.3 million per organization.
• Detection requires at least five data sources working in parallel. CASB, DNS log analysis, EDR, expense data review, and email integration scanning each cover a different slice of the environment. No single method sees personal devices, free-tier accounts, and managed endpoints simultaneously.
• European organizations face layered regulatory exposure. Unsanctioned SaaS tools violate GDPR Article 28 the moment they process personal data without a signed DPA. NIS2 Article 21 treats unvetted third-party tools as supply chain risk. DORA Article 28 requires financial entities to register every ICT provider — shadow or otherwise.
• Blocking without enabling consistently fails. Nearly half of employees continue using personal AI accounts after an organizational ban. The effective response is making the approved path faster than the workaround: a lightweight approval workflow, centralized credential management, and a security awareness program that makes the risk concrete.
• The 6-step Shadow IT Governance Framework — discover and classify, centralize credentials, establish policy, streamline approvals, automate offboarding, build security awareness — addresses both the technical and behavioral sides of the problem. Tooling handles detection. The framework changes the incentive structure that drives shadow IT adoption in the first place.

What is shadow IT?

Shadow IT is any technology (software, cloud service, AI tool, or hardware) that employees use for work without IT's knowledge or formal approval. It ranges from a personal Dropbox folder used to share project files, to an AI coding assistant with OAuth access to production repositories. The common thread: no security review, no procurement record, no audit trail.

Shadow IT is not a niche problem. Gartner puts the share of IT spending consumed by unsanctioned tools at 30-40% in large enterprises. Harmonic Security's analysis of 22.4 million enterprise AI prompts identified 665 distinct generative AI tools running across enterprise environments — yet only 40% of those organizations had purchased an official AI subscription. GenAI traffic surged more than 890% in 2024 alone.

Shadow IT vs. Shadow AI: How the risks compare

What drives employees to use shadow IT?

Employees turn to unsanctioned tools when approved alternatives are too slow, too limited, or simply don't exist yet. The friction is the cause: a developer waiting three weeks for a licensed AI assistant will find a free one by end of day.

Three patterns repeat across organizations of every size:

• Speed over process. Employees reach for whatever gets the job done fastest. When approved tools don't match what's freely available outside the enterprise, the choice is obvious: use what works.
• Procurement lag. Enterprise software cycles run on quarters. AI tooling ships on weeks. By the time IT evaluates and approves a tool, employees have already built workflows around its free-tier equivalent.
• Functional gaps. Approved tools often don't cover edge cases. A data analyst who needs a quick Python environment, or a designer who needs a specific image generator, will reach for whatever works, not whatever's on the approved list.
• No feedback loop. Employees rarely report the tools they're using because there's no easy channel to do so. IT doesn't know what to govern. Security doesn't know what to audit. The gap between actual tool usage and approved inventory widens silently.
• Bans don't hold. Nearly half of employees continue using personal AI accounts after an organizational ban. Prohibition doesn't eliminate shadow IT. It just pushes it out of sight, making detection harder and response slower.

These patterns are a predictable response to governance structures that haven't kept pace with how fast tooling moves. That gap is exactly what makes shadow IT a systemic risk rather than a discipline problem.

The evolution of shadow IT in 2026

Shadow IT in 2026 has moved well beyond unmanaged cloud storage. It now spans AI tools, autonomous agents, and entire SaaS ecosystems that IT never approved, never inventoried, and cannot monitor. The average enterprise runs 305 SaaS applications, spends $55.7 million on SaaS annually, and has seen AI-native app spend jump 108% year over year — most of that growth happening faster than governance teams can track it.

From SaaS sprawl to shadow AI

The 305-application figure comes from Zylo's 2026 SaaS Management Index, which draws on real-world spend data across thousands of organizations. A significant share of those applications were never formally approved. Employees adopt tools independently and IT finds out months later, if at all.

Shadow AI accelerates this dynamic. Free AI assistants, code generators, and autonomous agents became widely available faster than procurement cycles could respond. Check Point's 2026 Cloud Security Report found that 78-80% of workers use personal AI tools at work. Most of those sessions happen through personal accounts, outside SSO, outside DLP, and with no audit trail.

The distinction is worth being precise about: 

• Traditional shadow IT creates unmanaged data residency: files sitting in an unsanctioned service. 
• Shadow AI creates unmanaged data processing: proprietary information being analyzed, summarized, and acted upon by systems your security team has never reviewed.

Why the attack surface keeps expanding

Three structural forces drive this:

• Remote and hybrid work removed the network perimeter as a natural control point. Employees working from home adopt tools without routing requests through IT.
• Free tiers are everywhere. Most SaaS tools offer a no-cost entry point. No purchase order, no approval ticket, no visibility.
• AI agent proliferation changed the stakes. Agents operate through delegated OAuth permissions — reading data, triggering workflows, and modifying records autonomously. A developer who connects an AI coding assistant to their GitHub account may have granted that agent read/write access to repositories. When the developer leaves, the OAuth grant stays.

Gartner projects that by 2027, 75% of employees will acquire, modify, or create technology outside IT's visibility — up from 41% in 2022. The direction is unambiguous.

The hidden risks of shadow IT (the 2026 reality)

Shadow IT in 2026 is not just a data leakage problem. Unmanaged tools create persistent unauthorized access, expose credentials, trigger regulatory violations, and increasingly feed enterprise data into AI models that no security team has approved or can monitor.

The shadow AI risk multiplier: Data processing vs. data storage

Traditional shadow IT stores data in the wrong place. Shadow AI does things with it. Pasting a customer contract into a public LLM sends that data into at least three places: a training pipeline, a logging system, and potentially a model that other users can query.

IBM's 2025 Cost of a Data Breach Report puts a number on this: breaches involving high levels of shadow AI added an average of $670,000 to the total breach cost, bringing the shadow-AI-involved average to approximately $5.11 million against a global baseline of $4.44 million. The same report found that 97% of AI-related security incidents involved systems lacking proper access controls.

Credential exposure and password reuse

Shadow IT is, at its root, an identity problem. Every unsanctioned app is a new account. Every new account is a credential. And most of those credentials are reused.

According to Verizon's 2026 Data Breach Investigations Report, stolen credentials appeared in 39% of all confirmed breaches, not just as the initial access vector, but throughout lateral movement and persistence. When an employee reuses their corporate password on a free SaaS tool that later suffers a breach, attackers don't need to break anything. They just log in.

Infostealers make this worse. In 2025, Recorded Future indexed 1.95 billion malware-sourced credential exposures, 31% of which included active session cookies that bypass MFA entirely. Shadow IT accounts, unmonitored, often without MFA configured, are exactly the kind of target infostealers are built for.

The password reuse risk is a documented, automated, industrial-scale attack pattern.

The offboarding nightmare: Orphaned accounts

When an employee leaves, their managed accounts get deprovisioned. Their shadow IT accounts don't. Nobody knows they exist.

That former developer's Figma workspace, the sales rep's personal HubSpot trial with exported CRM data, the contractor's Notion page with internal architecture notes: all of these persist indefinitely after the person walks out the door.

The consequences can be severe. In one documented case, a former Cisco employee accessed an AWS-hosted virtual machine infrastructure five months after termination and deleted 456 virtual machines, taking down more than 16,000 WebEx Teams accounts for nearly two weeks. =

The US Department of Justice confirmed the incident cost Cisco approximately $2.4 million in remediation and customer refunds, and the former employee was sentenced to 24 months in federal prison (United States v. Sudhish Kasaba Ramesh, Case No. 5:20-cr-00102). That was a managed system. Orphaned shadow IT accounts are harder to find and take longer to close — if they're ever closed at all.

AI agents and unmanaged OAuth permissions

This is the threat most organizations aren't tracking yet. AI agents operate through delegated OAuth permissions: a user grants the agent access to Google Drive, GitHub, or Slack, and the agent can read, write, and act on that access continuously — not just during the session.

When the user logs out, the OAuth grant remains. When the user leaves the company, the OAuth grant remains. The agent may still have access to corporate repositories, email threads, and shared drives weeks or months after the person who authorized it is gone.

Okta's AI Agents at Work 2026 report found that 58% of organizations suffered an AI-related security incident in the past year, yet 90% of executives reported lacking full visibility into which AI agents are operating within their organization. The gap between adoption and governance is where the risk lives.

Compliance violations and regulatory fines

Unsanctioned apps don't comply with GDPR Article 32's requirement for "appropriate technical and organisational measures" to protect personal data. They don't satisfy HIPAA's technical safeguard requirements under 45 CFR § 164.312. They don't meet PCI-DSS Requirement 12.8 for managing third-party service providers.

The EU AI Act adds another layer. High-risk AI systems used without proper governance carry penalties of up to €15 million or 3% of global annual turnover under Article 99(4).

The financial services sector has already seen what regulatory enforcement looks like in practice. In September 2022, the SEC and CFTC fined 16 Wall Street firms a combined $1.8 billion for employees using WhatsApp and other unapproved messaging apps for business communications — a textbook shadow IT violation that regulators treated as a recordkeeping failure. The SEC's press release makes clear that "widespread and longstanding" use of off-channel communications is not a mitigating factor; it's an aggravating one.

European regulatory exposure: GDPR, NIS2, and DORA

For organizations operating in the EU, shadow IT creates layered regulatory exposure across three distinct frameworks. Each targets a different dimension of the problem, and together they leave very little room for "we didn't know."

GDPR: Unauthorized processors and cross-border transfers

GDPR Article 32 is the provision most organizations cite. But Article 28 is the one shadow IT actually violates first. Every unsanctioned SaaS tool that processes personal data is, in GDPR terms, a data processor. Article 28 requires a written data processing agreement (DPA) with every such processor before processing begins. An employee who signs up for a free AI tool using their corporate email and feeds it customer data has created an unauthorized processor relationship — with no DPA, no due diligence, and no record.

Articles 44 through 49 compound the exposure. Many US-based SaaS and AI tools transfer personal data outside the European Economic Area. Without a valid transfer mechanism (Standard Contractual Clauses, an adequacy decision, or Binding Corporate Rules), that transfer violates GDPR regardless of how the tool was adopted. Employees choosing tools independently have no visibility into where data is processed or stored.

European DPAs have enforced both provisions. In 2023, the Irish Data Protection Commission fined Meta €1.2 billion under Article 46 for unlawful data transfers to the US — the largest GDPR fine to date. While that case involved a platform operator rather than an enterprise end user, the underlying principle applies: the absence of a valid transfer mechanism is a violation, regardless of intent.

NIS2: Access control and supply chain obligations

The NIS2 Directive (Directive EU 2022/2555), applicable to essential and important entities across the EU since October 2024, directly addresses the conditions that shadow IT creates. Article 21(2) sets out ten minimum cybersecurity risk-management measures. Three are directly implicated by shadow IT:

• Article 21(2)(d): Supply chain security, including security aspects concerning the relationships between each entity and its direct suppliers or service providers. Every unsanctioned SaaS tool is, in effect, an unvetted supplier relationship.
• Article 21(2)(i): Policies and procedures regarding the use of cryptography and, where appropriate, encryption.
• Article 21(2)(j): Human resources security, access control policies, and asset management.

NIS2 penalties reach €10 million or 2% of global annual turnover for important entities, and €7 million or 1.4% for others. Member state transposition varies, but the framework is now active across the EU.

Passwork's NIS2 compliance page covers how centralized credential management maps to NIS2 Article 21 requirements in detail.

DORA: ICT third-party risk for financial entities

The Digital Operational Resilience Act (DORA, Regulation EU 2022/2554) has been in force since January 2025 for financial entities operating in the EU: banks, insurers, investment firms, payment processors, and their critical ICT providers. Article 28 requires financial entities to maintain a register of all ICT third-party service providers and conduct pre-contractual due diligence before onboarding any new provider.

Shadow SaaS is directly in scope. An employee at a bank who adopts an unsanctioned project management tool or AI assistant has created an unregistered ICT third-party relationship. Under DORA, that's not an IT governance issue; it's a regulatory breach. The European Supervisory Authorities (EBA, ESMA, EIOPA) have supervisory authority to investigate and sanction. In jurisdictions where national transposition provides for it, management-level criminal liability may also apply.

For financial sector IT and compliance teams, shadow IT discovery is no longer a best practice. Under DORA, it's a legal obligation.

The financial impact: Quantifying the cost of shadow IT

Shadow IT carries two distinct financial costs: breach exposure and wasted spend. IBM's 2025 Cost of a Data Breach Report found that shadow AI involvement adds $670,000 to the average breach cost of $4.44 million. On the spend side, Zylo's 2026 SaaS Management Index puts average wasted license spend at $21 million per year — driven by redundant tools, unused seats, and purchases IT never knew about.

IBM 2025 data: the $670K shadow AI penalty

IBM's 2025 Cost of a Data Breach Report is the most authoritative benchmark available for understanding the financial consequences of unmanaged AI. The headline numbers:

• Global average breach cost: $4.44 million
• Shadow AI involvement adds $670,000 to that average, bringing the shadow-AI-involved figure to approximately $5.11 million
• 97% of AI-related incidents involved systems without proper access controls
• 20% of organizations reported a security incident directly linked to shadow AI in 2025

The $670,000 adder is the incremental cost of investigation, containment, notification, and remediation when AI systems are involved that security teams didn't know about.

Wasted IT spend and redundant licensing

Organizations pay for approved tools while employees quietly adopt free or cheaper alternatives. The result: duplicate functionality, stranded licenses, and spend that nobody owns.

According to Zylo's 2026 SaaS Management Index, the average organization wastes $21 million a year on unused SaaS licenses alone — and the average utilization rate across enterprise SaaS portfolios sits at just 47%. For mid-market firms running 500 or fewer employees, that figure still reaches $4.2 million annually in wasted license spend.

The pattern is predictable: decentralized purchasing means teams sign up for tools independently, often unaware that an enterprise contract for the same category already exists. When a security incident occurs on top of that, remediation costs compound the baseline waste into a material financial exposure.

How to detect shadow IT and shadow AI

Detecting shadow IT in 2026 requires combining at least five data sources: CASB (Cloud Access Security Broker) deployment, DNS log analysis, EDR (Endpoint Detection and Response), expense data review, and email integration scanning. Each method covers a different slice of the environment. None covers all of it. Blind spots are structural, not incidental — no single tool sees personal devices, free-tier accounts, and managed endpoints simultaneously.

Endpoint monitoring and browser extensions

EDR tools and browser extension audits can surface unauthorized SaaS usage directly on the device. Browser history analysis, extension inventories, and agent-based monitoring catch activity that never touches the corporate network.

The limitation: BYOD (Bring Your Own Device) environments and personal devices used for work are largely invisible to endpoint tools unless the organization has deployed MDM (Mobile Device Management) with appropriate scope.

Network analysis: DNS and proxy logs

DNS query logs and web proxy data reveal which domains employees are accessing. Spikes in traffic to unknown SaaS domains, AI services, or file-sharing platforms show up clearly in DNS logs even when the content is encrypted.

This method works well for corporate network traffic. It misses everything that happens over cellular connections, home networks, or VPNs that route outside the corporate proxy. DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) encrypt queries end-to-end, bypassing traditional DNS inspection entirely without additional firewall policy to block them.

CASB: strengths and limitations

A CASB (Cloud Access Security Broker) sits between users and cloud services, providing visibility, policy enforcement, and data loss prevention for sanctioned and unsanctioned apps. CASBs are the most purpose-built tool for shadow IT detection and can identify thousands of cloud services in use across an organization.

The practical limitation is coverage. CASBs work best when traffic routes through them — most effective for managed devices on corporate networks. Employees using personal accounts on personal devices, or AI tools accessed via browser without SSO, may not be visible. Shadow AI features embedded inside already-sanctioned SaaS tools are also typically undetected, since the parent domain is already approved.

A 6-step framework to manage shadow IT

The Shadow IT Governance Framework is a six-step process: discover and classify, centralize credentials, establish policy, streamline approvals, automate offboarding, and build a security awareness program. It addresses both the technical and behavioral dimensions of the problem. Blocking unsanctioned tools without enabling faster approved alternatives consistently fails.

Step 1. Discover and classify

You cannot govern what you cannot see. Start with a comprehensive discovery sweep using a combination of DNS log analysis, CASB deployment, endpoint monitoring, and expense data review. The output should be a classified inventory: sanctioned, tolerated (known but not formally approved), and unsanctioned.

Classify each application by data sensitivity. A free grammar checker accessing email drafts is a different risk profile than an AI coding assistant with repository access.

Step 2. Implement secure credential management

Every shadow IT account is an unmanaged credential. The fix is not to prohibit accounts; it's to bring credentials under centralized control.

A centralized vault with role-based access control (RBAC) gives employees a secure, convenient place to store and share credentials for both approved and newly-approved tools. When access is centralized, offboarding becomes deterministic: revoke vault access, and the employee loses access to every credential stored there.

Passwork is available as a self-hosted deployment or in the cloud, giving teams the flexibility to choose where credential data lives. The self-hosted model keeps everything within your own infrastructure with no dependency on third-party cloud services; the cloud option gets you up and running without managing your own server stack. Either way, administrators get full visibility into who has access to what and a complete audit log of every credential operation. See the technical guides for deployment and integration details.

Step 3. Establish clear AI and SaaS policies

A blanket prohibition will be ignored even by the people enforcing it. A policy that defines how to get tools approved, what data classifications are permissible in AI tools, and what happens to OAuth grants when an employee leaves is actionable.

The policy should specifically address:

• Prohibited data classifications for AI tool input (PII, source code, financial data, credentials)
• OAuth grant approval and review cycles
• Maximum time-to-approval for new SaaS requests (slow approval processes are the primary reason employees go around IT)
• Consequences for policy violations

Step 4. Streamline the approval process

Shadow IT exists because the approved path is too slow. If an employee needs a tool today and the approval process takes three weeks, they'll use the tool without approval and ask for forgiveness later, if they ask at all.

Build a lightweight approval workflow: a short intake form, a 48-hour SLA for low-risk tools, and a clear decision framework based on data sensitivity and vendor security posture. The goal is to make "go through IT" faster than "figure it out yourself."

Step 5. Automate offboarding workflows

Manual offboarding is where orphaned accounts are born. When an employee leaves, IT typically deprovisions the accounts it knows about. Shadow IT accounts, by definition, aren't on that list.

Automated offboarding workflows, triggered by HRIS termination events, should:

• Revoke SSO and IdP access immediately
• Rotate or invalidate all credentials stored in the centralized vault for that user
• Audit and revoke OAuth grants associated with the user's corporate identity
• Transfer ownership of shared resources before access is cut

The Passwork user guides cover credential vault offboarding workflows in detail, including how to handle shared passwords and service account credentials that need to be rotated, not just revoked.

Step 6. Build a security awareness program

Policy and tooling alone don't change behavior. Employees adopt shadow IT because they don't understand the risk, don't know the approved alternative exists, or find the approved path too slow. A security awareness program addresses the first two directly.

• Make the risk concrete: showing employees a real example of how a credential reuse attack works lands harder than a slide about "data protection." Publicize the approved toolkit; employees who know a fast, sanctioned alternative exists are less likely to reach for an unapproved one. 
• Create a reporting culture: employees should feel comfortable flagging tools they're already using without fear of immediate punishment. Discovery through self-reporting is faster and cheaper than discovery through a breach.
• Annual training is not enough. Quarterly micro-training sessions (10-15 minutes, scenario-based) consistently outperform annual compliance modules in retention studies. Phishing simulations that include fake SaaS sign-up prompts — not just email lures — test exactly the behavior shadow IT governance is trying to change.

Track the program's effect on shadow IT discovery rates, not just training completion percentages. Completion is an input metric. Reduction in unsanctioned tool adoption is the output that matters.

Conclusion: Make the approved path faster than the workaround

The organizations that manage shadow IT effectively are the ones that made the approved path faster than the workaround. Not the ones with the strictest blocking policies.

That means a discovery program that runs continuously. A credential vault that employees actually want to use because it saves them time. An offboarding workflow that fires automatically the moment an HRIS termination event triggers. An AI policy that tells employees what they can do with AI tools, not just what they can't. And a security awareness program that makes the risk real rather than abstract.

For European organizations, the stakes are higher still. GDPR Article 28, NIS2 Article 21, and DORA Article 28 don't treat shadow IT as a governance inconvenience; they treat it as a compliance failure with quantified penalties attached. The $670,000 shadow AI cost adder from IBM's 2025 report isn't an abstraction. It's what happens when governance lags adoption. Close that gap /before the next breach makes the case for you.

Frequently asked questions

10 Remote Work Security Fails (And How to Fix Them)

10 remote work security fails — and the one principle behind all of them: security breaks where the secure path has more friction than the insecure one. Real cases, realistic fixes, a 5-layer baseline your team can audit against.

Passwork BlogAlex Muntyan

Shadow IT vs Shadow AI: Why AI is the bigger threat

Employees are using AI tools you didn’t approve, on accounts you can’t monitor, with data you can’t recover. Here’s what the risk actually looks like and what governance needs to address.

Passwork BlogAlex Muntyan

Supply chain security guide: Vendor risks, regulations, access control in 2026

48% of breaches now involve a third party. This guide covers the attack patterns behind SolarWinds, MOVEit, and XZ Utils — and the access controls, credential management practices, and regulatory requirements that actually stop them.

Passwork BlogAlex Muntyan