Litcius/Paper detail

From Shadow It to Shadow AI–Threats, Risks and Opportunities for Organizations

Mario Silić, Dario Silić, Kathrin Kind‐Trüller

2025Strategic Change12 citationsDOI

Abstract

ABSTRACT The proliferation of artificial intelligence (AI) tools in organizations has given rise to “Shadow AI”—the unsanctioned use of AI systems outside approved governance frameworks. While Shadow AI shares roots with Shadow IT, its generative, opaque, and autonomous nature introduces novel risks related to data privacy, algorithmic bias, hallucination, and governance drift. This study investigates Shadow AI through a mixed‐methods design, combining survey responses from 140 professionals with in‐depth interviews of 10 executives. We examine how employees perceive and justify Shadow AI, what risks it introduces in practice, and how organizational structures fail to regulate its spread. Findings reveal that while AI is widely seen as a productivity tool, governance frameworks often lag behind employee practices, leading to a “governance drift zone” where formal policies exist but lack real‐world traction. Shadow AI also exposes responsibility gaps in high‐risk functions such as HR and legal, where AI‐generated outputs may go unchecked. The study contributes to organizational and cybersecurity literature by conceptualizing Shadow AI as a sociotechnical governance failure. We propose practical strategies—such as AI tool registries, role‐specific training, internal audits, and escalation protocols—to help organizations shift from restriction to controlled enablement, allowing them to leverage AI's benefits while managing its evolving risks.

Topics & Concepts

Shadow (psychology)BusinessPsychologyPsychotherapistInformation and Cyber SecurityCybercrime and Law Enforcement StudiesNetwork Security and Intrusion Detection