
Shadow AI at Work: 55% of UK employees use unapproved AI tools, KnowBe4 report finds
Published by AINave Editorial • Reviewed by Ramit
More than half of UK employees are using unapproved AI tools at work, and one in ten knowingly shares sensitive company information with them. That is the finding from a new KnowBe4 UK risk report, which defines this behavior as "shadow AI" and highlights a persistent gap between AI adoption and enterprise governance.
What happened
The KnowBe4 report surveyed UK employees and cybersecurity decision-makers. Key findings include:
- 55% of UK employees admit to using unapproved AI tools at work.
- Around 10% knowingly share sensitive company information with these unauthorized tools.
- 58% of UK cybersecurity decision-makers view shadow AI as the biggest risk their organization faces.
- Only 16% believe their organization is effective at managing AI's safe use today.
- 46% have set targets to improve AI agent safety within the next 12 months.
- 19% report that AI agents already take autonomous actions across multiple workflows with limited human oversight.
These numbers align with broader trends. A BlackFog survey found that 49% of workers admit to adopting AI tools without employer approval, and a Salesforce study reported that over half of generative AI adopters use tools without formal approval.
Why AI builders should care
For teams building and deploying AI products inside enterprises, shadow AI is not just a compliance problem. It is a signal that employees need better tools. The KnowBe4 report notes that 27% of employees occasionally source their own tools on top of what they are given, suggesting that companies are failing to provide the right AI tooling.
If your product is designed for enterprise use, unapproved adoption means you are losing visibility into how your tool is used, what data flows through it, and whether it meets security requirements. It also means your users may be feeding sensitive data into models without your knowledge, creating liability for both your company and theirs.
Practical implications
For AI builders and operators, the report points to several concrete actions:
- Provision sanctioned tools. The report's lead CISO, Javvad Malik, argues that simply providing workers with the tools they demand could go a long way to reducing shadow AI's impact. If your product is not on the approved list, employees will find alternatives.
- Govern AI agents carefully. With 19% of organizations already reporting AI agents taking autonomous actions across multiple workflows with limited oversight, builders need to implement guardrails, logging, and human-in-the-loop controls by default.
- Address data leakage risks. The 10% of employees knowingly sharing sensitive data with unapproved tools is a floor, not a ceiling. Builders should assume that any API or tool with a free tier will be used with enterprise data, and design accordingly.
Caveats
The KnowBe4 data is UK-centric and may not represent global trends. The report defines shadow AI as unapproved AI use, not AI use that goes under the radar, which is a narrower definition than some other studies use. The survey relies on self-reported data, which may undercount actual usage. The findings on AI agent autonomy (19%) are based on decision-maker reports, not direct measurement.
FAQs
What is shadow AI at work and why does it matter?
Shadow AI refers to the use of AI tools without formal approval or governance from an organization. It matters because it creates data leakage risks, security vulnerabilities, and governance gaps. The KnowBe4 report found that 55% of UK employees use unapproved AI tools, and 58% of cybersecurity decision-makers view it as the biggest risk. A BlackFog survey found that 49% of workers admit to using AI tools without employer approval.
How can my organization govern and sanction AI tools used by employees?
The KnowBe4 report emphasizes governance, policy, and tool provisioning as key mitigations. Organizations should define clear policies for AI use, provide sanctioned tools that meet employee needs, and communicate those policies clearly. The report notes that 27% of employees source their own tools because companies fail to provide the right ones. A Salesforce study also found that over half of generative AI adopters use tools without formal approval, reinforcing the need for better provisioning.
What are the risks of using unapproved AI tools at work (data leakage, security, privacy)?
The primary risks include data leakage, security breaches, and privacy violations. The KnowBe4 report found that around 10% of employees knowingly share sensitive company information with unapproved AI tools. Additionally, 19% of organizations report AI agents taking autonomous actions across multiple workflows with limited human oversight, creating process risks. The report also highlights threats such as deepfakes and phishing. A BlackFog survey found that many employees using free versions of AI tools are freely sharing sensitive enterprise data.
What steps can a company take to improve AI safety and governance within 12 months?
The KnowBe4 report suggests several steps: set clear governance and tool provisioning policies, provide sanctioned AI tools to reduce shadow AI, and aim for measurable targets in AI agent safety. Nearly half (46%) of organizations have already set targets to improve AI agent safety within 12 months. A Salesforce study also recommends that companies provide approved tools and communicate policies clearly to reduce unapproved usage.
Sources
- More than half of employees are using unapproved AI tools at work
- More than Half of Generative AI Adopters Use Unapproved Tools ...
- Roughly half of employees are using unsanctioned AI tools ...
- More than half of employees are using unapproved AI tools at work
- Shadow AI at Work: Employees Using AI Without Approval - Forbes
- 59% of employees use unapproved AI tools at work - Cybernews
- New study claims most of us are now using unauthorized AI tools at work
- Shadow AI could be causing major issues at businesses everywhere
- 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
- 52% of UAE, Saudi employees admit they could be tricked to deepfake scam at work
- TrustedTech Global and U.S. Data Reveals Senior Leaders Are the Biggest Source of Shadow AI Risk in Organizations
- 59% of employees hide AI use from their bosses | Cybernews
- One in three professionals are using unauthorized AI tools at work, report finds
- Workers are increasingly using unapproved AI tools at work, despite knowing the risks
- Your Employees Aren't Sabotaging Your AI Strategy—They're Telling You It Doesn't Work
- Nearly Half of Employees Are Using Banned AI Tools at Work






















