Gartner says 40 percent of enterprises will face a shadow AI related breach by 2030 as unapproved and unmanaged AI tools continue to spread across workplaces.
Shadow AI covers any AI system or workflow used without formal oversight, such as employees putting company data into public models or teams deploying internal tools with no security review. Gartner notes that rapid adoption of generative AI has already created visibility gaps in many organisations.
The firm points to risks including accidental data leaks, unsafe integrations, unmanaged API access, and insecure model deployment. Growing AI sprawl, fuelled by low code platforms and consumer AI services, is making it easier for staff to build or adopt tools that sit entirely outside IT governance.
Gartner places the warning within its AI TRiSM framework, arguing that many organisations still lack basic inventories of where AI is used and what data models can reach.
Clear AI governance, approved platforms, strict data handling rules, and active monitoring of AI use across the business can help reduce exposure to these emerging risks.