Shadow AI: Risks from Unsecured Applications

A recent investigation has found that employees are increasingly using Shadow AI to independently develop applications and integrate them into production systems. This development often occurs without the knowledge or consent of IT departments. The study, known as the Shadow Builders Report, analyzed over 2,000 applications created in this manner. The use of Shadow AI has evolved from simple inputs in ChatGPT to complex applications published on open internet platforms. These applications are often inadequately secured, significantly increasing the attack surface for cybercrime.

The researchers warn that the risks associated with this practice can have far-reaching consequences for the data security of companies. A central issue is that many of these applications process sensitive data without implementing security protocols. The study highlights that 65% of the examined applications lack basic security measures. This poses a significant risk for companies that rely on the integrity of their data. The researchers also identified that most of these applications were developed by employees in areas not directly related to IT or security.

This leads to a gap between the technical capabilities of employees and the security requirements of companies. 70% of surveyed employees reported that they do not feel adequately informed about their company's security policies. Another aspect of the study is the lack of oversight of these Shadow AI applications. Many companies do not have effective mechanisms to identify and control applications developed outside the official IT infrastructure. This results in potential security vulnerabilities remaining undetected and facilitating cyberattacks.

The study recommends that companies develop clear guidelines for the use of AI tools and provide training to raise awareness of security risks. 80% of companies that have implemented such training reported a significant reduction in security incidents related to Shadow AI. Additionally, it is advised that companies conduct regular audits of their IT infrastructure to identify unauthorized applications. The implementation of monitoring tools could help better oversee the use of Shadow AI and detect security gaps early. 45% of companies using such tools have noted an improvement in their security posture.

Results from the Shadow Builders Report underscore the need to rethink security strategies in companies. The integration of AI into everyday work requires an adjustment of security protocols to meet new challenges. By the end of 2026, many companies plan to update their security policies to better address the risks posed by Shadow AI. The study was conducted by a team of security experts examining the impact of Shadow AI on corporate security. The findings are intended to serve as a foundation for future security strategies and help companies prepare for the challenges of digital transformation.