The unauthorized or unmanaged use of artificial intelligence tools, applications, and services within an organization without IT oversight or security controls.
Shadow AI creates significant insider risk as employees increasingly use generative AI tools like ChatGPT, Claude, or Copilot without organizational oversight. According to recent research, 78% of knowledge workers use third-party AI tools, but only one-third of organizations have clear AI usage policies. This creates risks of data exfiltration through AI prompts, intellectual property exposure, and compliance violations. Over 4% of GenAI prompts accidentally expose sensitive corporate data, while 20% of uploaded files contain confidential information employees didn't realize was sensitive.
The framework of policies, procedures, and controls that organizations implement to manage AI risks, ensure responsible AI use, and maintain compliance with AI regulations.
The unauthorized transfer or removal of data from a computer system, typically by an insider or attacker who has gained access to sensitive information.
Information technology systems, applications, or services used within an organization without explicit IT department approval or oversight.