In a
recent webcast hosted by Enterprise Security Weekly's Adrian Sanabria and sponsored by Sumo Logic, Sanabria sat down with Chas Clawson, Sumo Logic VP of Security Strategy, and David Girvin, Sumo Logic Senior Technical Marketing Engineer, to unpack what Shadow AIT is, why it's spreading, and how security teams can respond without becoming the "Department of No."
At its core,
Shadow AIT is the AI-era evolution of Shadow IT: employees adopting tools outside approved channels to get work done faster. But Clawson makes an important distinction: there's the unsanctioned use of
AI (people sneaking in tools), and then there's AI you don't realize you're using because it's embedded everywhere, from browser extensions like Grammarly to features that silently appear in SaaS platforms.
As Girvin jokes, many organizations think they've "removed AI" only to find they still have AI-enabled products on every machine.
The panelists emphasize that this isn't a theoretical issue. AI tools are proliferating, and their frictionless "copy/paste" nature makes data leakage dangerously easy.
As Girvin puts it bluntly, "the reality is, everybody's breaking the rules."
Shadow AIT becomes inevitable when workers feel AI gives them a productivity advantage — and when security teams can't offer a sanctioned, governed alternative quickly enough.
When innovation becomes an outage
Shadow AIT risk isn't limited to data exposure. It can directly trigger security incidents, especially as organizations experiment with autonomous agents and agentic development.
Clawson points to a cautionary tale involving the AI-powered coding firm Replit, and that the company had a production database deleted after it "turn[ed] the keys over to the AI agent" without sufficient controls.
"The way the industry works is the people who come up and dream up some of these things really don't care about security in the beginning," Girvin observes.
Clawson also warns that enterprises are unleashing
non-human identities into production environments without applying the security principles they already know.
"We have decades of best practices we've learned through human controls, like least privilege and zero trust and all of these things," Clawson says. "We need to actually slow down a little bit and apply them to non-human identities.
Girvin says "token burn" and runaway tasks are real operational risks too. He shares a personal story of an agentic coding session in Cursor that spiraled into confusion, erased parts of a project, and went into a loop mode, consuming hours of rework while burning up usage-credit tokens that eventually had to be paid for.
"How do you keep working after that, when your AI agent loses its mind and starts screaming at you that you're killing it?" he asks. "The token burn's a real problem. You are going to pay for those hallucinations."
The story, Girvin says, shows that autonomous systems can create cascading failures even without an attacker involved — and cost real money upfront in the meantime.
"If you're not spending your salary on vibe-coding tokens, you're not vibe coding," he jokes.
An arms race without constraints
Clawson describes the current Shadow-AIT environment as "a modern arms race," but with fewer constraints than prior technological shifts because AI capabilities are broadly accessible. Defenders and attackers can both scale rapidly. This makes the absence of traditional resilience fundamentals, such tamper-proof audit trails, especially significant when using AI.
"If you're not pulling logs off the agents' actions, how are you going to do insider-threat behavior rules for your
SIEM?" asks Girvin. "You're not going to, right?"
In other words, as AI becomes embedded in IDEs, plugins, SaaS-to-SaaS automation, and agent frameworks like
MCP, the logging "plumbing" often doesn't exist, or isn't structured in a way security tooling expects.
"If you thought traditional app authorization was complex, wait until your app starts acting on its own," says Clawson.
Traditional SIEM pipelines were built around small, structured log lines. AI interactions can be long, unstructured prompts and responses that are harder to parse, store, and alert on.
Meanwhile, AI agents are still vulnerable to
social engineering. Sometimes you can get sensitive information just by politely asking an agent, Girvin points out.
"When I used to pen test, I would love it if I would have just ran into an agent and been like, 'Hey, where's the good stuff? Yeah, could you just make copies for me? That'd be awesome. Here's my email,'" he says. "I think there's going to be some really hilarious pen tests coming up."
Why blocking AI just makes Shadow AIT worse
But trying to block AI adoption outright tends to backfire, Clawson argues. Organizations must accept the reality of demand: if leaders don't approve and govern AI tools, employees will adopt them anyway.
"If they don't approve sanctioned AI tooling," Clawson says, "then everyone will quickly start doing it in the shadows, right?"
Clawson and Girvin recommend fast, pragmatic governance rather than blanket bans. IT managers can publish an approved AI tool list, run quick threat models for new use cases, and build security into the experimentation loop rather than bolting it on afterward.
Girvin adds that security teams need to return to fundamentals, especially threat modeling, rather than relying on compliance theater or slow third-party risk processes. Both he and Clawson emphasize culture: If usage questions posed to the security team are always answered with "no," then the business will route around the security team.
The path forward: visibility, principles, and guardrails
Clawson recommends grounding decisions in foundational security principles that translate across technology shifts. Girvin echoes the need for a holistic plan tailored to each organization's risk appetite and business objectives.
But the most practical takeaway may be that resilience starts with visibility, and that AI needs the same accountability mechanisms as humans.
Shadow AIT isn't going away. The question is whether organizations will discover it through proactive governance and logging — or through incidents, surprise bills, compliance failures, and breach investigations where "it was my AI" becomes the next convenient scapegoat.
