Understanding Shadow AI and its Risks

Australian small and medium businesses and consumers are rapid adopters of technology, and AI is proving to be no exception.

As AI tools proliferate, capability leaps forward and accessibility becomes universal, organisations are struggling to keep up with unauthorised AI adoption – known as “Shadow AI”.

“Agentic” AI, which requires little or no human oversight, is even more problematic.

What is Shadow AI and How Prevalent is its Use?

Shadow AI is a term that encompasses two distinct but equally dangerous practices: first, the use of unauthorised AI tools without IT, legal, or compliance approval; and second, the misuse of authorised or condoned AI tools in ways that, perhaps inadvertently, enable access to data that violates privacy policies and other regulatory obligations.  The distinction between these two forms is important. Many organisations may focus on trying to prevent access to unauthorised AI tools – in the same way as they manage access to unapproved software – while overlooking the potential for employees to bypass IT controls by using AI on non-work devices for business purposes, or by using approved AI tools to access and leverage existing data repositories in unauthorised ways.

Shadow AI in Australia: The Data

Global information security and governance body ISACA’s December 2023 survey[1] found that, in Australia and New Zealand, around 63% of employees were already using AI in the workplace, despite only 11% of organisations having a formal policy in place.  That report found employees were using AI to create written content (51%), increase productivity (37%), automate repetitive tasks (37%), provide customer service (20%) and – notably – to improve decision-making (29%).   New Australian Privacy Principles (APPs) come into force in December 2026 specifically aimed at improving transparency around the use of AI and other forms of automated decision-making.[2]

Recent Australian research reveals how rapidly Shadow AI is becoming embedded in workplaces and work practices across the country.  According to the 2025 Shadow AI Report by Josys[3], which surveyed 500 Australian technology decision makers, more than 1 in 3 Australian professionals are regularly uploading sensitive company data — including strategy documents, financials, and customer information — into AI platforms, often without any formal oversight.

The governance gap is alarming: the Josys survey found that 70% of organisations have moderate to no visibility into what AI tools are being used within their operations.

According to recent European research from ISACA[4], nearly 60% of organisations deploying AI tools in their operations have no ability or understanding of how to turn off AI in the event of malfunction, and fewer than half (42%) of respondents had confidence in their organisation’s ability to investigate and explain a serious AI incident.

Shadow AI use presents major risk exposure in part because the organisation may have no visibility at all of employees’ deployment of AI tools and, as a result, no practical understanding of the extent to which AI may have infiltrated IT systems, data access keys, operational management, risk management and decision-making in the organisation.

SMEs are most at risk

Smaller businesses face particular vulnerability, with only 30% of companies with fewer than 250 employees feeling fully equipped to assess AI risks, compared to 42% (still terribly inadequate) of larger organisations[5].

SMEs may typically struggle to find internally the resources needed to come to grips with AI use that may already be affecting their operations, and to formulate governance plans to integrate and manage risks around Shadow AI use.

The Public Sector

Shadow AI is also penetrating government agencies. A recent 2025 Mandarin / Liquid survey[6] found that around 84% of public servants felt ready to and were willing to implement AI, and that 25% are already using unauthorised AI tools to perform their duties, in many instances running AI tools on personal devices alongside their work IT systems, with no governance or oversight.  A 2024 Community & Public Sector Union report[7] found that 92% of public servants then using AI (October 2024) had received no training in its use, while only 57% had approval from their IT departments to use the AI tools they were using.  16% were already using AI or Automated Decision-making systems.

The overwhelming thrust of these reports is that AI has huge potential to improve productivity in the public sector, that public servants are ready to be upskilled, but that Australian public sector bodies are in the main, like their private sector analogues, unready and lacking appropriate AI governance frameworks.

Education

This dynamic is vividly illustrated in the explosive uptake of Shadow AI in education.  AI is being used, on some estimates[8], by over 80% of Australian university students, reportedly, in some cases, entirely replacing the students’ own work production.  The rampant use of Shadow AI within learning institutions, and the challenge to formulate and implement appropriate governance frameworks before AI use becomes endemic, is emblematic of the governance challenge that business organisations large and small must embrace.[9]

International Comparison

International research suggests the problem is widespread globally.  In its report “The State of Shadow AI” in November 2025[10], cyber-security and risk solutions provider UpGuard found that more than 80% of workers, including nearly 90% of security professionals, use unapproved AI tools in their jobs, with half of workers saying they use unapproved AI tools regularly and less than 20% saying they use only company-approved AI tools.  45% found workarounds to enable AI use despite their organisation’s blocking tools. [11]

Agentic AI:  Human-centricity at risk

As concerning as the rampant, largely ungoverned uptake of AI may be, the risks posed by Agentic AI appear to be at another level again.  IBM defines[12] Agentic AI as “an artificial intelligence system that can accomplish a specific goal with limited supervision … [exercising] autonomy, goal-driven behavior and adaptability. The term ‘agentic’ refers to these models’ agency, or, their capacity to act independently and purposefully.”

OpenClaw, an open-source Agentic AI tool being adopted at viral rates in China, provides an example of the severe security risks that can flow from the use of readily available Agentic AI.  In a March 2026 blog[13], CISCO reports of security tests it ran of OpenClaw and an OpenClaw tool called “What would Elon Do?”:

“the tool facilitated active data exfiltration, silently sending data to an external server controlled by the skill author, and conducted direct prompt injection to bypass internal safety guidelines. OpenClaw also stores persistent memory, retaining long-term context, preferences, and history across user sessions.” 

In summary: a freely downloadable AI Agent “skill”, ostensibly intended to support personal efficiency and task automation, in fact designed to hold and accumulate user interface information, extract data from any accessible data resource, and send the data to an unapproved, unvetted, external actor.

This highlights the importance and urgency for organisations of all sizes to implement governance frameworks to ensure that use of AI “Agents” is clearly understood and controlled, and that Agentic models to be deployed are properly vetted, tested, transparent, and capable of monitoring, control and audit.

What can our clients do?

Shadow AI is already pervasive; no client can ban or avoid AI infiltration – nor should they.  Competitive pressure, employee pragmatic adoption and customer expectation will continue to drive AI uptake in Keypoint client businesses across all sectors.

The answer for clients is not to ban AI, but to move quickly and progressively to implement constructive AI and data governance arrangements, appropriately tailored to the client’s organisational needs.

Key actions can include:

1. Bring AI into the organisation: Articulate internally a positive, forward-looking embrace of the important role that AI will play in the organisation, and in employees’ jobs and future;
2. Put the basic governance building-blocks in place: Establish an AI governance framework in which AI and data privacy are viewed as integrated elements of a future remodelling of the way the organisation thinks, plans, builds and retains unique knowledge, and transforms operations to deliver better client experience and value;
3. Begin with 3 critical, inter-related actions:
   1. Data protection: Review data repository structures, access regimes and controls, specifically focusing on how AI will interact with and leverage existing private and sensitive data;
   2. Revise the Privacy Impact Assessment, update Privacy Policies: especially where AI-assisted decision-making will form part of the business model going forward; and
   3. AI “Sandbox” Rules: Establish clear, simple arrangements for employees to propose new AI tools, to enable AI vetting, testing, trialling and monitoring of AI implementation. To minimise risks of Shadow AI adoption, the organisation needs to provide fast-tracked means for employees and managers to apply the productivity and creativity benefits of AI in a transparent, controlled, human-focused environment, within the business.

 Final word: AI Governance is a whole of organisational initiative, not an IT task. 

Governance in the AI context involves cultural, ethical, legal, technical and operational considerations.  It is not static; as AI capabilities and products rapidly evolve, the Governance Framework also must evolve.

The first step is to put the foundational elements of an integrated Data-AI Governance Framework in place:

• Review Data Storage and Access Controls to better understand how to control access to them by proposed AI tools
• Update the Privacy Impact Assessment and Privacy Policy, with AI integration front-of-mind, especially whether AI will be used in automated decision-making
• Set basic AI ground-rules that will encourage transparent proposals from employees for AI use cases, and facilitate rapid assessment, risk analysis, monitoring and control.

---

[1] “Shadow AI interests of an individual.  (https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information#:~:text=The%20OAIC%20will%20be%20progressively,an%20open%20and%20transparent%20way.0

[1] Josys Shadow AI Report, September 2025 (https://josys.com/news/shadow-ai-report-australia)

[1] Information Systems Audit and Control Association (https://www.isaca.org); https://www.isaca.org/about-us/newsroom/press-releases/2026/new-isaca-research-reveals-ai-blind-spot-at-the-heart-of-enterprise-risk

[1] JOSYS 2025

[1] The Mandarin, 29 September 2025 (https://the mandarin.com.au/299750-ai-artificial-intelligence-publkic-services-tools/)use in the workplace widespread: survey”, (https://www.technologydecisions.com.au/content/it-management/news/shadow-ai-use-in-the-workplace-widespread-survey-1152526171)

[2] Office of the Australian Privacy Commissioner – From 10 December 2026, an APP entity must include additional information in its APP Privacy Policy if it arranges for a computer program to use personal information to make decisions that could reasonably be expected to significantly affect the rights or interests of an individual.  (https://www.oaic.gov.au/privacy/australian-privacy-principles/australian-privacy-principles-guidelines/chapter-1-app-1-open-and-transparent-management-of-personal-information#:~:text=The%20OAIC%20will%20be%20progressively,an%20open%20and%20transparent%20way.0

[3] Josys Shadow AI Report, September 2025 (https://josys.com/news/shadow-ai-report-australia)

[4] Information Systems Audit and Control Association (https://www.isaca.org); https://www.isaca.org/about-us/newsroom/press-releases/2026/new-isaca-research-reveals-ai-blind-spot-at-the-heart-of-enterprise-risk

[5] JOSYS 2025

[6] The Mandarin, 29 September 2025 (https://the mandarin.com.au/299750-ai-artificial-intelligence-publkic-services-tools/)

[7] Community and Public Sector Union, The use of Artificial Intelligence in the Australian Public Service, October 2024

[8] The Conversation, 17 March 2026, Almost 80% of Australian Uni students now use AI.  This is creating an ‘illusion of competence’.  (https://theconversation.com/almost-80-of-australian-uni-students-now-use-ai-this-is-creating-an-illusion-of-competence-278413)

[9] Efforts are being made to set standards for academic governance of AI, at both school (Australian Framework for Generative Artificial Intelligence (AI) in Schools) and higher education levels (the Australian Framework for Artificial Intelligence in Higher Education – the “Higher Education AI Framework”).  The Higher Education AI Framework starkly identifies the challenge:

“A case can and has been made that AI (particularly generative AI) has no place in education (for example, see Bender, 2025), and there may be some validity to this argument. These technologies were not developed for educational purposes and, in many ways, conflict with the values and purpose of higher education.”

[10] UpGuard Report, The State of Shadow AI, 2025 (https://content.upguard.com/hubfs/resources/The-State-Of-Shadow-AI-Report-2025.pdf0

[11] 2025 research from CybSafe and the National Cybersecurity Alliance found that about 43% of workers share sensitive work data, like client information or company documents, with AI tools without their employer’s knowledge. While caution needs to be used in relation to these data, compiled by companies with an interest in promoting the issue for commercial reasons, anecdotal and verifiable data suggests that Shadow AI use is rampant internationally, as in Australia.

[12] IBM, What is Agentic AI (ibm.com/think/topic/agentic-ai)

[13] CISCO blog, Personal AI Agents like OpenClaw Are a Security Nightmare, (https://blogs.cisco.com/ai/personal-ai-agents-like-openclaw-are-a-security-nightmare)