
Features 19.08.2025
Shadow AI is Driving Data Breaches: Here’s How to Illuminate It
Some useful insights from IBM’s Cost of a Data Breach report
Features 19.08.2025
Some useful insights from IBM’s Cost of a Data Breach report
IBM has been reporting on data breaches now for two decades. When it began its Cost of a Data Breach report in 2005, times were very different. Back then, nearly half of all breaches were caused by lost or stolen devices, with just one in 10 coming from “hacked” systems. Ransomware and cloud misconfigurations weren’t threats at all. And AI was still in its infancy. How times have changed.
Today, one of the biggest opportunities and risks for digital-first businesses is AI. Fail to adopt and you could be left behind by your competitors. But embrace it without adequate guardrails and the technology could cause more problems than it solves. Unfortunately, as IBM warns, adoption is currently outpacing oversight.
How CISOs respond could have major implications for their organisation’s risk exposure.
The good news from this year is that the global cost of a data breach fell 9% annually to $4.4m, and in the UK by a similar amount to $4.1m. That’s largely thanks to faster identification and containment of threats. However, 13% of organisations reported a security incident on an AI model or application that resulted in a breach. IBM expects this figure to grow significantly as enterprise use of the technology expands.
The challenge with unauthorised or shadow AI use is that CISOs can’t protect or manage what they can’t see. Employees might share sensitive customer or corporate information with a publicly available generative AI (GenAI) tool, as Samsung developers did when they asked ChatGPT to optimise confidential source code they were working on. Any data shared with such tools will be used to train the underlying large language model (LLM) and could theoretically be regurgitated to other users.
“13% of organisations reported a security incident on an AI model or application that resulted in a breach”
“Workers often use personal logins to access free tiers of powerful GenAI tools, without realising that prompts and responses are shared back with the tool’s training model. Without guardrails in place around the data entered, users will simply copy-and-paste or upload content to get their jobs done, magnifying the possibilities of data loss or exposure of sensitive information,” Menlo Security senior cybersecurity strategist, Roslyn Rissler, tells Assured Intelligence.
“Most shadow AI tools are those that workers are accessing via personal credentials and, because prompts and responses are contained in browser traffic, may slip past traditional security detection.”
At the very least this could land the organisation in hot water with GDPR and other regulators. It also exposes such data to third parties working for the GenAI provider or its partners. And it puts it at risk of exposure if that provider is breached, or accidentally leaks the information as Chinese firm DeepSeek did earlier this year. It should be of some concern that an estimated one in 12 UK and US employees uses Chinese GenAI tools.
The GenAI tools themselves may also contain vulnerabilities, which increases the corporate attack surface. One report from January reveals that several fine-tuned DeepSeek models have the ability to run arbitrary code upon loading, or have “suspicious architectural patterns”. Enterprise employees could also be tricked into downloading malware masquerading as legitimate GenAI tools, exposing the organisation to further risk.
So just how bad is shadow AI? Quantifying a problem that by its very nature lies hidden from view is tricky. But Netskope estimates that around half of enterprise AI use is unsanctioned.
“68% of employees use free versions of AI tools like ChatGPT via their personal accounts, with 57% inputting sensitive data”
What is not in any doubt is the potential impact. IBM claims that security incidents involving shadow AI accounted for 20% of breaches over the past year – seven percentage points higher than incidents involving authorised AI. A further 11% of breached organisations were unsure if they experienced a shadow AI incident, which suggests that they probably did.
Separate research from Menlo Security claims that 68% of employees use free versions of AI tools like ChatGPT via their personal accounts, with 57% inputting sensitive data. The vendor observed 155,005 copy and 313,120 paste attempts in a single month. Even employees that should know better are culpable. Almost three-quarters (73%) of cybersecurity professionals polled at two industry events last year claim they used unsanctioned apps including AI in the previous year, according Next DLP.
If such activity remains unchecked, it “raises serious questions and concerns” about data protection and compliance, especially in the current regulatory climate, argues Darktrace field CISO and SVP, Nicole Carignan.
“This drives an increasing need for AI asset discovery, and the ability for companies to identify and track the use of AI systems throughout the enterprise,” she tells Assured Intelligence. “It is imperative that CIOs and CISOs dig deep into new AI security solutions – asking comprehensive questions about data access and visibility.”
Tellingly, a majority (63%) of organisations polled by IBM say they don’t have governance policies to manage shadow AI. Such policies would vary depending on the organisation’s risk appetite. But any governance strategy should start by gaining visibility into usage, according to Netskope CISO, James Robinson.
“Once you have visibility, CISOs should align the business around a clear policy that distinguishes between approved and unapproved AI”
“This means going beyond browser-based SaaS AI to detect API calls, on-premises frameworks like Ollama or LangChain, and downloads from AI marketplaces such as Hugging Face,” he tells Assured Intelligence.
“Once you have visibility, CISOs should align the business around a clear policy that distinguishes between approved and unapproved AI. Real-time user coaching can be more effective than outright blocks, especially when it redirects employees to approved alternatives without stalling their work.”
Good AI governance must also be backed by the right tools, Robinson adds.
“Data loss prevention controls must be tuned for AI contexts, ensuring sensitive data is not sent to unvetted models,” he continues. “Where possible, approved platforms should be deeply integrated into workflows to reduce the temptation to resort to unapproved tools.”
In fact, many of the tools that will help to support good governance are themselves powered by AI – to monitor network and endpoint activity, flag and block data loss, enforce context-aware access policies, and more.
“All of these areas are enhanced by what AI is great at; analysing lots of data quickly and spotting trends a human worker may miss,” Acceletrex CTO, Mark Townsend, tells Assured Intelligence. “On the detection front, behavioural analytics products are excellent at detecting unapproved tooling, including AI, and alerting or interrupting the use of these tools; especially when they are integrated into an incident response framework.”
But if CISOs want their AI strategy to be accepted by end users, they must work with them, rather than impose rules from above, argues Netskope’s Robinson.
“Good governance means identifying the individuals driving early AI adoption and partnering with them to create policies and deployment patterns that are both secure and practical,” he says. “By working with these early adopters, CISOs can ensure that governance reflects real-world use cases rather than theoretical controls. This is particularly important for agentic AI, where autonomous agents could be accessing enterprise data and executing actions without oversight.”
According to IBM, shadow AI can increase breach costs more than almost any other factor: by $200,321 (£149,420). It’s time CISOs turned up the lights.