DEV Community

Cover image for Enterprise AI Risk Is Increasing Through Shadow AI and Power Users
IntelligenceX
IntelligenceX

Posted on

Enterprise AI Risk Is Increasing Through Shadow AI and Power Users

A new enterprise AI usage report kind of revealed that security risks connected with AI inside organizations are being pushed a lot by a small group of “AI power users” and by AI tools that are basically left unmanaged, operating outside whatever normal governance controls there used to be.

Researchers reported that even if AI adoption is growing really fast across workplaces, only a comparatively small percentage of employees actually use AI tools in an intensive way. Still, these users create a disproportionate amount of AI activity, often tapping into several different platforms at once and holding longer and more complicated conversations, where sensitive company data is involved.

The same report also points out that enterprise AI usage is getting more fragmented over time. Employees are not sticking to just one AI assistant anymore; instead, they bounce between multiple browser extensions, coding copilots, AI search engines, embedded assistants, and external AI platforms, all during the same day-to-day workflow. It feels like everything is happening in parallel.

One big worry is the very common practice of personal AI accounts being used inside corporate environments. Researchers noticed that a sizable portion of enterprise AI conversations go through personal identities, not through corporate-managed accounts. That leads to governance blind spots, because organizations lose the ability to see clearly how company data is stored, processed, or even potentially used for model training.

Finally, the report says sensitive information is already being shared regularly with AI systems. Personal data, financial information, and internal IT-related details showed up in enterprise AI interactions. Consumer-facing AI platforms turned out to have much higher exposure rates when compared to enterprise-managed AI environments.

Researchers also warned about the growing risk posed by AI browser extensions and AI connectors, which, yes, sounds kind of obvious, but it's still escalating. A lot of extensions ask for high-level browser permissions, while the connectors now tend to hand AI systems straight through direct access to enterprise tools like GitHub, SharePoint, Slack, and Google Workspace.

Security experts think the classic “block or allow” setup just is not cutting it anymore for AI governance. What they are pushing instead is more real-time monitoring, inline guardrails, and clearly approved AI usage policies. Plus, organizations need stronger visibility into AI-related activity across their enterprise environments, not just at the perimeter.

Cybersecurity-focused organizations like IntelligenceX keep stressing AI governance, identity management, and secure AI adoption. Especially because businesses are integrating AI tools into everyday operations faster than anyone can really audit.

Top comments (0)