Shadow AI is expanding the enterprise attack surface for 2026

At a glance

What this is: Shadow AI is unsanctioned AI use inside the enterprise, and the article argues it creates invisible data, compliance, and decision risk.

Why it matters: IAM, NHI, and governance teams need to treat shadow AI as an identity and access problem because unapproved tools can move sensitive data and make decisions outside policy and audit.

By the numbers:

• 92% agree governing AI agents is critical to enterprise security, yet only 44% have implemented any policies to do so.
• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials.

👉 Read Lasso Security's guide to shadow AI risks, tools, and best practices

Context

Shadow AI is what happens when employees adopt generative AI tools, embedded assistants, or models without security review, IT approval, or governance controls. The issue is not just unauthorized software use. It is the insertion of unreviewed identity, data access, and decision-making into enterprise workflows, which makes the topic directly relevant to AI agent governance, NHI oversight, and broader IAM programmes.

The problem is easiest to miss because shadow AI often looks like convenience rather than misconduct. Teams use chatbots, writing tools, or analytics add-ons to move faster, but those tools can retain prompts, expose sensitive data, and create records no one can audit later. That makes shadow AI a governance gap, not simply a tooling problem, and the article's starting position is typical of modern enterprises.

Shadow AI also blurs the line between sanctioned automation and unmanaged access. Once an AI tool can ingest corporate data, influence a business decision, or act inside a workflow without security review, it behaves like an identity-adjacent system that IAM, IGA, and NHI teams need to govern explicitly.

Key questions

Q: How should security teams govern shadow AI in the enterprise?

A: Security teams should govern shadow AI by treating it as an identity and access issue, not only a technology preference. Start with discovery of browser tools, plugins, embedded assistants, and model APIs, then classify which uses are approved, restricted, or prohibited. Governance must include data handling rules, logging, access review, and offboarding.

Q: Why does shadow AI create more risk than shadow IT?

A: Shadow AI creates more risk because it does not just add an unmanaged application. It adds unreviewed intelligence that can process sensitive data, influence decisions, and retain outputs without the visibility security teams rely on. That makes the blast radius larger and the evidence trail weaker than with ordinary shadow software.

Q: What breaks when AI tools are used without security review?

A: What breaks is the organisation's ability to control data flow, prove acceptable use, and reconstruct decisions later. Without security review, an AI tool may inherit user permissions, retain sensitive prompts, and generate outputs no one can audit, which leaves compliance, legal, and identity teams without a dependable record.

Q: Who is accountable when shadow AI causes a compliance failure?

A: Accountability usually spans the business owner, the data owner, security, and the team that approved or ignored the tool's use. The key governance test is whether the organisation defined who could authorize the tool, who could see its data, and who would revoke access when risk changed.

Technical breakdown

Why shadow AI bypasses enterprise control planes

Shadow AI often enters through browser-based tools, plugins, and embedded assistants that sit outside the normal procurement and security approval path. That matters because identity providers, DLP, SaaS discovery, and access reviews usually assume known applications and approved integrations. In practice, a user can paste data into a model, invoke an embedded assistant, or enable a freemium AI feature without creating the governance artefacts security teams expect. The result is not just missing inventory. It is missing policy enforcement at the point where data leaves the human workflow and enters the model.

Practical implication: build discovery for browser, plugin, and embedded AI usage, not just approved SaaS inventories.

Shadow AI and the breakdown of auditability

The article repeatedly points to the same failure mode: no reliable record of what was used, what was sent, or what the system returned. That is a governance problem because auditability is what lets security, legal, and compliance teams reconstruct decisions after the fact. When prompts, outputs, and data paths are invisible, organisations cannot prove acceptable use, cannot investigate leakage confidently, and cannot explain model-influenced decisions to regulators. Shadow AI therefore turns an access issue into an evidentiary gap.

Practical implication: require logging and review for AI interactions that touch corporate data or regulated workflows.

Why role-based controls still matter for AI access

The article's guidance on role-based access is important because not every AI user needs the same data scope. In identity terms, the risk is over-broad entitlement combined with unmonitored model access. When a writing assistant, CRM copilot, or analytics add-on inherits the user's privileges without additional guardrails, the AI becomes an amplifier for excess access. That is especially dangerous in HR, legal, finance, and customer-facing workflows where a single prompt can expose sensitive records or create material misstatements.

Practical implication: segment AI-enabled workflows by role, data sensitivity, and business function before rollout.

Threat narrative

Attacker objective: The objective is to extract sensitive enterprise data and manipulate decisions through ungoverned AI usage that leaves no durable audit trail.

1. Entry occurs when employees adopt unsanctioned AI tools, browser plugins, or embedded assistants and move sensitive information into them without approval.
2. Escalation occurs when those tools inherit the user's access scope, retain prompts or outputs, and process data outside the organisation's monitored control plane.
3. Impact follows when confidential data, inaccurate outputs, or untraceable decisions create compliance exposure and weaken trust in business processes.

Breaches seen in the wild

• Moltbook AI agent keys breach — Moltbook breach exposed 1.5M AI agent keys.
• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shadow AI is an identity governance problem before it is an AI governance problem. The article describes tools that enter the enterprise without approval, oversight, or auditability, which means the primary failure is uncontrolled identity and data access rather than model quality alone. That places shadow AI squarely within IAM, IGA, and NHI governance, because the governance question is who or what is allowed to act with data, not just which model is in use. Practitioners should treat unmanaged AI as an access channel that must be governed like any other enterprise identity surface.

Unreviewed AI access creates a new form of ephemeral entitlement risk. A user can expose data to an AI tool, receive output, and move on before any review cycle or security workflow begins. That makes conventional access review cadence too slow for the behaviour being introduced, especially when the tool is embedded in everyday work rather than formally procured. The implication is that governance programmes need to recognise AI-mediated access as a distinct entitlement class, not a normal application usage pattern.

Shadow AI exposes the limits of policy-only security. The article recommends policies, training, monitoring, and audits, but the deeper lesson is that policy does not control what the organisation cannot see. If discovery is incomplete, then enforcement is partial and compliance evidence is fragile. This is where NHI-style visibility matters: unmanaged AI tools behave like hidden identities with delegated access, and practitioners should assume their current inventory is already incomplete.

AI agent sprawl will amplify the shadow AI problem unless enterprises separate sanctioned automation from unmanaged intelligence. The more AI functionality is embedded across CRM, productivity, and analytics platforms, the more likely it is that identity teams will lose track of which systems can access regulated data. That creates a named concept worth tracking: shadow intelligence sprawl, the uncontrolled expansion of AI-enabled access across business systems faster than governance can classify it. Practitioners should respond by defining where AI is allowed to act, not just where it is allowed to exist.

Existing IAM models were built for visible applications and stable privilege boundaries. Shadow AI undermines both assumptions because the tool can appear inside a workflow without a traditional onboarding event, and its data use can vary by prompt, user, or plugin. That is why the operational answer is not only more monitoring, but a redefinition of what counts as an application identity, an access path, and a reviewable event. Teams should adjust their governance model before AI adoption outruns the control plane.

From our research:

• 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems, inappropriately sharing sensitive data, and revealing access credentials, according to AI Agents: The New Attack Surface report.
• 52% of companies can track and audit the data their AI agents access, leaving 48% with a complete blind spot for compliance and breach investigation.
• AI agent governance research shows why visibility and policy must be designed together, not added after adoption.

What this signals

Shadow intelligence sprawl: enterprises are now dealing with AI-enabled access expanding faster than their inventory and review processes can keep up. If a tool can be adopted in-browser and start touching regulated data the same day, then the programme needs discovery, classification, and lifecycle controls that operate at the speed of user behaviour, not annual governance cycles.

The practical signal for identity teams is that AI usage can no longer sit in a generic software governance bucket. The right control pattern combines sanctioned-tool inventory, prompt-level monitoring, and role-based data scope, with internal linkage to the Top 10 NHI Issues where hidden access and secret exposure converge. That is especially true when AI features are embedded into systems already carrying enterprise credentials.

As AI adoption spreads, the control boundary shifts from application approval to ongoing access stewardship. Organisations that cannot see who is using AI, what data it can touch, and how outputs are retained will struggle to satisfy audit, legal, and security requirements at the same time.

For practitioners

• Inventory AI-enabled access paths now Map browser-based tools, embedded assistants, plugins, and model APIs that can touch corporate data, then classify them by approved, restricted, or prohibited use. Include the systems users actually reach in day-to-day work, not only the tools procurement knows about. Use the OWASP NHI Top 10 as a reference point for hidden identity and access risk.
• Separate sanctioned AI from unmanaged AI Create a formal approval list for AI tools, model endpoints, and embedded assistants with clear data-handling rules. Make the approval decision depend on data sensitivity, user role, and integration path, then remove ambiguity for teams that currently improvise with freemium tools.
• Add prompt and output controls to monitoring Extend logging beyond application access to capture prompts, model outputs, and data categories where the tool touches enterprise content. Pair that telemetry with alerting for high-risk behaviours such as regulated-data prompts, bulk copy activity, or unusual assistant usage.
• Review AI access through lifecycle governance Treat AI assistants, embedded models, and automation features as governed identities during onboarding, change review, and offboarding. Reassess who owns the tool, which data it can see, and how access is revoked when the business use case changes.

Key takeaways

• Shadow AI is a governance failure because it inserts unreviewed identity and data access into normal work.
• The strongest evidence of the risk is loss of auditability, not just model error or user convenience.
• Identity teams should govern sanctioned AI, unmanaged AI, and embedded AI features as distinct access surfaces.

Key terms

• Shadow AI: Shadow AI is the use of AI tools, models, or assistants inside an organisation without security review or approved governance. It creates hidden access paths, uncontrolled data movement, and decision-making that security teams cannot easily audit or revoke.
• AI-enabled access path: An AI-enabled access path is any route by which a model, assistant, or plugin can read, process, or influence enterprise data. In practice, it behaves like an identity surface because it can inherit privileges, move information, and create governance obligations.
• Prompt-level monitoring: Prompt-level monitoring is the collection and review of AI inputs and outputs to understand what data was sent, how the system responded, and whether use stayed inside policy. It is essential when models are embedded in business workflows and standard SaaS logging is insufficient.
• Shadow intelligence sprawl: Shadow intelligence sprawl is the uncontrolled spread of AI capabilities across business systems faster than governance can classify and control them. It describes the operational reality where AI features appear in many tools, but ownership, visibility, and lifecycle management do not keep pace.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Lasso Security: What is Shadow AI? Risks, Tools, and Best Practices for 2026. Read the original.