Shadow AI is a term that describes the unsanctioned or ad-hoc use of generative AI within an organization, which is outside of IT governance. This can occur when AI applications are developed or used without being officially sanctioned or monitored by an organization’s IT department.

In many ways Shadow AI is the next generation of Shadow IT. Likewise Shadow IT also refers to employees using desktop applications that are outside the control of an organization’s IT department. However, the rapid pace of the deployment of AI is unprecedented. Thus, the potential for business users to build and develop AI apps that compromise an organization’s ability to detect, risk assess, and mitigate AI risk is equally unprecedented.