Shadow AI at Work: 55% of UK employees use unapproved AI tools, KnowBe4 report finds
techradar.com

Shadow AI at Work: 55% of UK employees use unapproved AI tools, KnowBe4 report finds

Tech News
3 min read

Published by AINave Editorial • Reviewed by Ramit

TL;DRKnowBe4's UK risk report finds 55% of employees use unapproved AI tools, with 10% knowingly sharing sensitive data. Only 16% of organizations manage AI safety effectively, and 19% report AI agents acting autonomously with limited oversight.

More than half of UK employees are using unapproved AI tools at work, and one in ten knowingly shares sensitive company information with them. That is the finding from a new KnowBe4 UK risk report, which defines this behavior as "shadow AI" and highlights a persistent gap between AI adoption and enterprise governance.

What happened

The KnowBe4 report surveyed UK employees and cybersecurity decision-makers. Key findings include:

  • 55% of UK employees admit to using unapproved AI tools at work.
  • Around 10% knowingly share sensitive company information with these unauthorized tools.
  • 58% of UK cybersecurity decision-makers view shadow AI as the biggest risk their organization faces.
  • Only 16% believe their organization is effective at managing AI's safe use today.
  • 46% have set targets to improve AI agent safety within the next 12 months.
  • 19% report that AI agents already take autonomous actions across multiple workflows with limited human oversight.

These numbers align with broader trends. A BlackFog survey found that 49% of workers admit to adopting AI tools without employer approval, and a Salesforce study reported that over half of generative AI adopters use tools without formal approval.

Why AI builders should care

For teams building and deploying AI products inside enterprises, shadow AI is not just a compliance problem. It is a signal that employees need better tools. The KnowBe4 report notes that 27% of employees occasionally source their own tools on top of what they are given, suggesting that companies are failing to provide the right AI tooling.

If your product is designed for enterprise use, unapproved adoption means you are losing visibility into how your tool is used, what data flows through it, and whether it meets security requirements. It also means your users may be feeding sensitive data into models without your knowledge, creating liability for both your company and theirs.

Practical implications

For AI builders and operators, the report points to several concrete actions:

  • Provision sanctioned tools. The report's lead CISO, Javvad Malik, argues that simply providing workers with the tools they demand could go a long way to reducing shadow AI's impact. If your product is not on the approved list, employees will find alternatives.
  • Govern AI agents carefully. With 19% of organizations already reporting AI agents taking autonomous actions across multiple workflows with limited oversight, builders need to implement guardrails, logging, and human-in-the-loop controls by default.
  • Address data leakage risks. The 10% of employees knowingly sharing sensitive data with unapproved tools is a floor, not a ceiling. Builders should assume that any API or tool with a free tier will be used with enterprise data, and design accordingly.

Caveats

The KnowBe4 data is UK-centric and may not represent global trends. The report defines shadow AI as unapproved AI use, not AI use that goes under the radar, which is a narrower definition than some other studies use. The survey relies on self-reported data, which may undercount actual usage. The findings on AI agent autonomy (19%) are based on decision-maker reports, not direct measurement.

FAQs

What is shadow AI at work and why does it matter?

Shadow AI refers to the use of AI tools without formal approval or governance from an organization. It matters because it creates data leakage risks, security vulnerabilities, and governance gaps. The KnowBe4 report found that 55% of UK employees use unapproved AI tools, and 58% of cybersecurity decision-makers view it as the biggest risk. A BlackFog survey found that 49% of workers admit to using AI tools without employer approval.

How can my organization govern and sanction AI tools used by employees?

The KnowBe4 report emphasizes governance, policy, and tool provisioning as key mitigations. Organizations should define clear policies for AI use, provide sanctioned tools that meet employee needs, and communicate those policies clearly. The report notes that 27% of employees source their own tools because companies fail to provide the right ones. A Salesforce study also found that over half of generative AI adopters use tools without formal approval, reinforcing the need for better provisioning.

What are the risks of using unapproved AI tools at work (data leakage, security, privacy)?

The primary risks include data leakage, security breaches, and privacy violations. The KnowBe4 report found that around 10% of employees knowingly share sensitive company information with unapproved AI tools. Additionally, 19% of organizations report AI agents taking autonomous actions across multiple workflows with limited human oversight, creating process risks. The report also highlights threats such as deepfakes and phishing. A BlackFog survey found that many employees using free versions of AI tools are freely sharing sensitive enterprise data.

What steps can a company take to improve AI safety and governance within 12 months?

The KnowBe4 report suggests several steps: set clear governance and tool provisioning policies, provide sanctioned AI tools to reduce shadow AI, and aim for measurable targets in AI agent safety. Nearly half (46%) of organizations have already set targets to improve AI agent safety within 12 months. A Salesforce study also recommends that companies provide approved tools and communicate policies clearly to reduce unapproved usage.

Sources

Latest Tech News