Shadow AI: A Growing Concern for Data Breaches and Security Costs

A recent report by IBM underscores the significant increase in data breach costs attributed to 'Shadow AI'—the use of unauthorized AI tools within organizations. This phenomenon is not merely a technical inconvenience; it poses substantial security threats as many companies fail to implement the necessary protections around their AI platforms, leading to alarming breaches.

Key findings from the report indicate that 63% of organizations that experienced data breaches reported lacking a formal AI governance policy. Even among those with policies, many are criticized for their ineffectiveness and insufficient security measures. For instance, only 34% of these organizations routinely monitor their networks for unauthorized AI tools, facilitating the rise of Shadow AI.

"Weak authentication controls are a significant factor in AI platform hacks," the report notes, emphasizing that these vulnerabilities contribute to a troubling trend of supply-chain intrusions—identified as the most common entry point for attacks against AI tools. Shockingly, once attackers gain access to an AI system, 60% of breaches lead to the compromise of additional data stores, while 31% result in operational disruptions.

Moreover, the influence of generative AI in cyberattacks cannot be underestimated; it is involved in 16% of data breaches, predominantly through tactics like AI-generated phishing and deepfake impersonation, which constitute 37% and 35% of such attacks, respectively.

IBM's findings are based on interviews with 470 individuals across 600 organizations affected by data breaches between March 2024 and February 2025. The trends highlight a pressing need for improved governance and security practices to safeguard against these evolving threats. As Shadow AI becomes more prevalent, organizations must act quickly to address these vulnerabilities to mitigate the rising costs and risks associated with data breaches.