Tech & Dev Intelligence

The Shadow AI Surcharge

A lot of teams have invested in AI tools and licenses this year on the theory that giving people approved tools would solve the unapproved tool use problem. The current breach data shows that hasn't happened yet. Here's what the numbers actually say, where the cost comes from, and what the picture looks like across the sources that have studied it.

The current research on workplace AI use lands on the same point from four different angles. People are using AI tools at work in volumes nobody anticipated a year ago. Most of that use is happening through personal accounts rather than approved enterprise ones. Most organizations cannot see what data is moving through those sessions. And when something goes wrong, the cost runs well above an average breach.

This affects more than security teams. Practices, finance departments, operations groups, marketing teams, legal teams, and customer service teams are all sending content into these tools. The pattern shows up across industries because the behavior shows up across industries.

What the Behavior Looks Like on Corporate Devices

The 2026 Verizon Data Breach Investigations Report, drawing on analysis of over 22,000 confirmed breaches, found that 45% of employees now regularly use AI tools on corporate devices, up from 15% the year before.[a] Of those users, 67% are reaching AI tools through non-corporate accounts on company-managed devices.[a] Unapproved AI use also ranked as the third most common way employees, without any intent to cause harm, end up leaking company data, a fourfold increase from the previous year.[a]

45% → 67%

45% of employees now regularly use AI tools on corporate devices, up from 15% a year earlier. Of those users, 67% reach AI through non-corporate accounts.[a]

The most common type of data being sent into those tools, according to the same report, is company source code, followed by structured data, images, and internal research documents.[a] The pattern matters because it tells you what's actually leaving the building. People aren't pasting low-value content into AI sessions. They're pasting the work they're trying to get done faster, which by definition is the work that contains something the organization considers valuable.

What the Scale Looks Like Across Customer Environments

The 2026 Netskope Cloud and Threat Report, which tracks cloud and AI app usage across customer environments, found that 47% of people using generative AI tools at work are doing so through personal accounts.[b] That figure has stayed essentially flat year over year, while the volume of usage underneath it has grown sharply. The average organization is now seeing more than 200 data policy violations per month related to AI tool use, double the rate from the prior year.[b]

The growth in raw activity is the part most security and operations teams underestimate. The number of people using these tools at work tripled in a single year. The amount of content they're sending into the tools grew even faster. At the most active organizations, the number of prompts going through these tools climbed past 70,000 a month.[b]

Bans and policies didn't stop the behavior. The behavior is now the default, and the volume keeps growing.

Where the $670K Cost Premium Comes From

The financial impact of all this is documented in the most recent IBM Cost of a Data Breach Report, which analyzed 600 breaches across 17 industries and 16 countries between March 2024 and February 2025.[c] One in five of those breaches involved unapproved AI tools. Those breaches cost organizations an average of $4.63 million, compared to $3.96 million for breaches at organizations with low or no shadow AI activity. The $670K difference is the surcharge.

$670,000

The average additional cost of a breach involving unapproved AI tools, per the most recent IBM Cost of a Data Breach Report.[c]

The premium isn't one line item. It breaks down into measurable components that the same dataset isolates:

247 days Average detection and containment time for breaches involving unapproved AI, vs. 241 days global average[c]
65% Rate of customer personal information compromise, vs. 53% global average[c]
97% Of organizations with AI-related breaches lacked basic AI access controls[c]

The longer detection window is the biggest single driver. Breach costs scale with how long an incident takes to find and contain, and incidents involving unapproved AI tools take roughly a week longer than the global average to detect. The reason is operationally simple. There's no log of what was pasted into a personal AI session from a personal browser profile. The activity itself is invisible to the security tools the organization has in place.

The personal information compromise rate matters because most regulatory exposure runs through customer data. Healthcare practices have HIPAA obligations. Companies operating in California, Colorado, Virginia, and a growing list of other states have state privacy law obligations. Financial services and education face their own regimes. When the type of data leaving the building is disproportionately personal information, the downstream regulatory and notification costs are higher per incident.

Why the Enterprise License Approach Has Limits

A reasonable question is whether buying enterprise AI licenses for the workforce solves the problem. The logic is that if employees have an approved tool with the features they want, they'll stop using personal accounts.

Enterprise tiers do close one specific risk. The major enterprise AI products contractually exclude customer data from training, which addresses the most-discussed worry about putting company information into a public model. For the data that flows through the approved tool, that channel is genuinely closed.

What the current data shows is that this alone doesn't change behavior. The usage and scale numbers above are from organizations that include many with enterprise AI licenses already in place. The 67% figure for non-corporate account use is happening at companies with approved alternatives available. People log into their personal account in a separate browser profile, use the tool they're already used to, and the session is invisible to whatever the company bought to govern this.

The 2026 CrowdStrike Global Threat Report, looking at the same period from the attacker side, found an 89% year over year increase in adversary activity involving AI tools.[d] The behavior pattern works in both directions. Employees are using AI tools faster than governance can catch up, and so are the people trying to get into company systems.

What the Picture Looks Like Across Sources

Each of these reports covers a slice of the same problem. One measures the cost side, after a breach has happened.[c] Another measures employee behavior on corporate devices.[a] A third measures volume and scale across customer environments.[b] A fourth measures how the threat landscape is changing in parallel.[d] When you put them next to each other, the picture comes into focus.

The behavior is not changing because of policy. Bans, training, and acceptable use agreements address the behavioral side imperfectly because they rely on people choosing to comply. Enterprise licenses address the technical side imperfectly because they only govern the channels the security team can see. The organizations that have measurably reduced their exposure are the ones doing several things in combination, not just one of them.

Ways to Help Reduce Exposure

The patterns showing up across the data point toward a layered approach rather than a single fix:

The pattern that holds across organizations that have measurably reduced their exposure is environmental separation for the work that carries the most risk. Most employees do not need to work inside a locked environment. The highest-value, highest-risk work benefits disproportionately from environments where the question (would this person paste sensitive data into a consumer AI tool under deadline pressure?) does not need to be answered, because the option is not there.