There are two ways to mismanage AI in an enterprise. The first: let it run wild. The second: lock it down. Both lead to the same place — a silent disaster, slow to surface, expensive to fix.
This piece is about the second case. The one that feels responsible.
The false comfort of control through prohibition
Since 2023, the natural reflex of many CIOs facing the LLM explosion has been restriction: block access to ChatGPT on the corporate network, prohibit pasting code into external tools, publish an acceptable use policy nobody reads. Understandable. Human. And strategically suicidal.
The problem isn’t the policy. It’s the assumption underneath it: that employees will wait for an official solution to be provided.
They don’t wait.
According to Menlo Security, AI websites saw a 50% traffic increase between February 2024 and January 2025, reaching 10.5 billion monthly visits. 68% of employees who use generative AI at work do so through personal accounts, on unsanctioned tools. And among them, 57% admit to entering sensitive company data.
Prohibition doesn’t eliminate usage. It makes it invisible.
Shadow AI isn’t a culture problem. It’s an infrastructure problem.
There’s a tendency to treat shadow AI as a behavioral symptom — irresponsible employees, leadership that doesn’t communicate enough. That’s the wrong diagnosis.
Shadow AI is a supply and demand problem. Public AI tools are good, fast, free or near-free. The official alternative, when it exists, is slow to validate, often less capable, and generates administrative friction. In that context, the employee who bypasses policy isn’t showing bad faith — they’re showing economic rationality.
The imbalance is massive. According to Reco, organizations manage an average of 490 SaaS applications, of which only 47% are authorized. In companies with fewer than 50 employees, there are on average 269 unsanctioned AI tools per 1,000 employees. And according to Kiteworks, 86% of organizations are blind to data flows toward AI tools.
A prohibition policy has never stopped a single employee from opening a Chrome tab.
The numbers compliance isn’t looking at hard enough
The cost of this complacency is starting to add up.
IBM, in its Cost of a Data Breach Report 2025 — the first edition to specifically measure AI — found that 1 in 5 organizations experienced a data breach linked to shadow AI. The average additional cost associated with high shadow AI exposure: $670,000 per incident, compared to organizations maintaining low exposure levels.
Meanwhile, 97% of organizations that suffered an AI-related breach reported lacking adequate access controls. And 63% of breached organizations had no AI governance policy — or were still drafting one.
Gartner is even more blunt: 40% of companies will be hit by a shadow AI security incident by 2030. And through a side effect few anticipate, 50% of enterprises will face rising maintenance costs or delayed AI upgrades from the invisible technical debt accumulated in systems fed by uncontrolled LLMs.
These aren’t consulting firm projections. These are observations on real data, collected between March 2024 and February 2025, across 600 global organizations.
The paradox of phantom governance
There’s a striking irony in Deloitte’s data: 33% of executives claim to have comprehensive tracking of AI usage in their organization. Independent research puts the real figure at 9%.
In other words: three quarters of those who think they’re in control are not.
This illusion of mastery is arguably the most serious risk. It disarms vigilance without removing exposure. The organization believes it has done its part — a policy is in place, a committee exists, an email was sent. Meanwhile, client contracts flow through third-party LLMs, proprietary code feeds commercial models, and personal data circulates through systems whose server locations nobody knows.
ISACA confirms the pattern: in a 2025 study, 60.2% of employees reported using AI tools at work, but only 18.5% were aware of any official policy on the subject within their company.
A policy nobody knows about isn’t a policy. It’s a liability waiver.
The real risk isn’t AI. It’s information asymmetry.
What most analyses miss is that the problem isn’t AI usage — it’s the absence of visibility into that usage. A company that knows exactly which models are being used, by whom, with what data, can manage its risk. A company that prohibits and looks away cannot.
That’s the distinction between sovereignty and prohibition.
Prohibition creates opacity. Sovereignty creates traceability.
A controlled LLM proxy — one that routes requests to chosen models, traces usage, isolates data by user, and enforces budgets and policies at the infrastructure layer rather than through good intentions — is not a surveillance tool. It’s the minimum condition for an organization to know what it’s doing.
Without it, the IT department is in the same position as IT in the 2010s facing shadow IT: managing the appearance of a perimeter that no longer exists.
What the shadow IT era should have taught us
We’ve seen this movie before. In the 2000s and 2010s, enterprises tried to ban Dropbox, Google Docs, personal smartphones at work. The result: employees used all of it anyway, just covertly. The response that finally worked wasn’t enforcement — it was providing managed alternatives as good as the market tools, inside a governed perimeter.
Microsoft 365, Google Workspace, enterprise MDMs: the win didn’t come through prohibition but through quality substitution within a controlled boundary.
AI follows the exact same arc. The organizations that come out ahead won’t be those with the strictest internal rules. They’ll be those that gave their employees tools as good — or better — than ChatGPT, with real confidentiality guarantees, built-in traceability, and frictionless access.
MIT Sloan, in its State of AI in Business 2025 report, identifies the same dynamic: the strongest enterprise AI deployments emerged from power users — those who had already experimented outside official channels. It didn’t succeed despite bottom-up adoption. It succeeded because of it, once channeled into infrastructure that gave it legitimacy and governance.
Sovereignty isn’t a luxury. It’s a competitive posture.
There’s a final dimension that compliance analyses consistently miss: competitiveness.
Deloitte 2026: 66% of organizations report productivity and efficiency gains from AI. But those gains are concentrated among those who actually deployed — not those running perpetual pilots. The organization that prohibits while competitors instrument is creating a structural gap.
PwC estimates that productivity growth in AI-exposed sectors quadrupled between 2018–2022 and 2018–2024: from 7% to 27%. That acceleration doesn’t distribute evenly. It concentrates among those who solved the governance problem fast enough to scale.
Hesitation has an opportunity cost. So does prohibition.
What this means in practice
The conclusion isn’t to deploy without guardrails. It’s to build the infrastructure that makes responsible deployment possible.
That means a single controlled entry point for all LLM requests — one that audits flows without blocking them. Strong, identity-based authentication — not by tool, not by department — so you know who does what, not just which service. User-level data isolation so contexts don’t cross-contaminate. Budget and quota enforcement built into the infrastructure layer, not reliant on trust.
This isn’t a surveillance platform. It’s the definition of standard network infrastructure, applied to AI.
You don’t let every employee plug in their own internet connection bypassing the firewall. You don’t let every team deploy its own servers without an inventory. AI is not an exception to these fundamental principles — it’s their new application.
Conclusion
The real risk of AI in the enterprise isn’t that it gets used. It’s that it gets used entirely outside any framework, by organizations that believe they’re protected because they said no.
No protects no one. It just moves the risk into the shadows.
The question isn’t whether your employees are using LLMs. They are. The question is whether you know about it.
And if you don’t, the problem isn’t them. It’s your infrastructure.
Sources: IBM Cost of a Data Breach Report 2025 (Ponemon Institute) · Deloitte State of AI in the Enterprise 2026 · Gartner, Arun Chandrasekaran, 2025 · Reco State of Shadow AI Report 2025 · Menlo Security AI Traffic Report 2025 · ISACA Industry News, September 2025 · MIT Sloan / NANDA State of AI in Business 2025 · Kiteworks Enterprise AI Security Research 2025 · PwC Global AI Jobs Barometer 2025