Your IT team can name about five AI tools running in your enterprise. The real number is closer to fourteen. That gap is not a rounding error. It’s the difference between the AI you govern and the AI quietly processing your source code, your customer data, and your board memos on accounts you’ve never seen.

This is the CIO problem of 2026. The AI you didn’t buy is bigger than the AI you did.

The footprint you reported is the smallest part of the footprint

Most CIOs were handed the same question in the last quarter: what AI are we actually using? Most answered with a sanctioned vendor list, a Copilot seat count, and the enterprise ChatGPT contract.

That answer describes the tip. Most AI use never reaches IT. Microsoft research found 71% of workers have used unapproved consumer AI tools at work, and 51% do so weekly. Its Work Trend Index found 78% of AI users bring their own tools rather than company-approved ones. Not a rounding error. The majority runs on accounts IT never approved.

So the picture inverts. The sanctioned stack you report to the board is the minority of the AI in your building. The majority is shadow. And the stack you inherited to track software was never built to see it.

What is shadow AI?

Shadow AI is any AI tool, model, or agent running inside an enterprise that hasn’t been sanctioned, inventoried, or budgeted.

That includes free-tier ChatGPT, Claude, and Gemini accounts. IDE assistants like Cursor, Windsurf, and Copilot on developer laptops. AI features switched on by default inside SaaS you already pay for. Browser extensions that route prompts through third-party models. And the long tail of single-purpose agents employees spin up on personal cards. Same shape as shadow IT. Different velocity. Shadow IT took a decade to compound. Shadow AI compounds every quarter.

Why is shadow AI so much bigger than IT thinks?

Because the question your tools answer is the wrong question. SaaS management indexes by invoice. Endpoint security indexes by installed binary. Cloud cost tools index by cloud account. Shadow AI lives in the gaps between all three, and most of it never generates an invoice at all.

Three things make the real footprint balloon past the reported one:

It's mostly free at the point of use. A free ChatGPT tab, a personal Claude login, a no-cost browser extension. None of it hits procurement, so none of it appears on the list procurement keeps. And much of the sensitive data flowing into AI ends up in exactly these unsanctioned accounts.

It’s bundled into tools you already trust. Notion, Slack, Zoom, and Salesforce all shipped AI features in the last 18 months, most on by default. They don’t register as “an AI tool” in your inventory. They register as the tool you approved last year.

It hides inside the IDE. Coding assistants make thousands of model calls per developer per day. They never touch your SSO, rarely touch finance, and never show up in a SaaS audit. In most engineering orgs, the IDE is now the single largest AI surface, and the one your stack sees least.

What does shadow AI actually put at risk?

Start with the breach math, because it’s the number that gets a board’s attention. IBM’s 2025 Cost of a Data Breach Report found shadow-AI-related breaches cost organizations $670,000 more on average than breaches without it. Shadow AI was a factor in 20% of breaches studied, 65% of those breaches involved customer PII, and 97% of the organizations breached through AI had no AI access controls in place when it happened.

But the breach is the end of the story. The leak starts earlier, and quieter. Every prompt typed into a personal ChatGPT or Claude account leaves your environment and lands with a third party you have no contract with. The most exposed material is exactly what you most need to protect: source code, legal documents, and unreleased deal data, pasted into a free tab to "just clean this up quickly."

It has already happened in public. Within 20 days of allowing ChatGPT, Samsung engineers had pasted semiconductor source code and internal meeting notes into the tool, and the company banned it outright. The pattern is always the same. The data leaves before anyone knew the tool was in use.

This is why shadow AI is a CISO problem before it’s anything else. Customer PII, employee records, proprietary code, and unreleased strategy are all moving through accounts your SSO never provisioned and your DLP never inspects. The CISO inherited a risk surface nobody told her existed. The CIO inherited the question.

How does a CIO get ahead of it?

You can’t govern what your SSO can’t see, and you can’t inventory by survey. People underreport, and the fastest-growing surfaces (IDE and SaaS-embedded AI) are the ones employees don’t even think of as “tools.” The only durable answer is a discovery layer that asks a different question than your existing stack: not “what did we buy,” but “what AI is being called in our environment, by whom, against which model, at what cost.” Surfacing that across SaaS, cloud, and IDE in one view is what Guickly was built to do.

The board is going to ask. Know the real number first.

The CIOs who win the next 18 months won’t be the ones with the boldest AI strategy. They’ll be the ones who can state the real footprint, sanctioned and shadow, without flinching. The honest number is bigger than the one in your last board deck. Better that you’re the one who finds it.

You can’t optimize what you can’t see. And right now, you can see about a third of it.

FAQ

What is shadow AI? Shadow AI is any AI tool, model, or agent in use across an enterprise that hasn’t been sanctioned, inventoried, or budgeted. It includes free-tier LLM accounts, IDE coding assistants, AI features auto-enabled inside sanctioned SaaS, browser extensions that route prompts to third-party models, and single-purpose agents employees provision on personal accounts.

How much bigger is shadow AI than the AI IT knows about? Most AI use never reaches IT. Microsoft's Work Trend Index found 78% of employees who use AI at work bring their own tools rather than company-approved ones, so what IT can see is only a fraction of what is running.

Why doesn’t our existing software stack detect shadow AI? Because SaaS management tools index by invoice, endpoint security indexes by installed binary, and cloud cost tools index by cloud account. Most shadow AI is free at the point of use, embedded inside SaaS you already approved, or running in the IDE. It lives in the gaps between those three systems and often never generates an invoice.

What are the risks of shadow AI? The primary risk is data exposure. When employees use personal AI accounts, company data leaves the environment for a third party you have no contract with. When that exposure becomes a breach, IBM found shadow-AI-related breaches cost $670,000 more on average, and 65% of them involved customer PII.

How is shadow AI different from shadow IT? Shadow IT was about SaaS bought outside procurement. Shadow AI is about AI capability flowing through tools you already bought, IDEs you already issued, and cloud accounts you already approved. The surface is wider, the velocity is faster, and each tool sends prompts that often contain customer or proprietary data to a third-party model.

How should a CIO report shadow AI to the board? Lead with the inventory, not the roadmap. Report the count of AI tools detected, the share sanctioned versus shadow, the spend mapped to each, the departments with the highest concentration, and the data classes being processed. Then layer the plan on top. Boards trust the CIO who leads with a number.