Half  Of US, UK & German Employees Are Using Shadow AI

Uploaded on 2025-07-18 in TECHNOLOGY-Key Areas-Artificial Intelligence, NEWS-Cybersecurity News, FREE TO VIEW

Research from the international enterprise software & data analytics firm, Software AG, has found that half of US, UK, and Germany employees are using Shadow AI - meaning non-company issued AI tools. This is according to a new study of the AI usage and habits of 6,000 knowledge workers. 

The research indicates that personal AI tools are so valuable that almost half of workers (46%) would refuse to give them up, even if their organisation banned them completely. 

This is a powerful signal to organisations that they need more robust and comprehensive AI strategies, to prevent inviting significant risk into their business. According to Software AG's UKI Sales & Solutions Director, Steve Ponting, “If 2023 was a year of experimentation, 2024 will be defined as the year that GenAI took hold... While 75% of knowledge workers use AI today, that figure will rise to 90% in the near future because it helps to save time (83%), makes employees’ jobs easier (81%) and improves productivity (71%). 

“As usage increases, so does the risk of cyber attacks, data leakage or regulatory non-compliance. Consequently, business leaders need to have a plan in place for this before it’s too late.” Ponting warns

The survey also found that not only does AI have a day-to-day impact on individuals, but nearly half (47%) of workers believe these tools will help them to be promoted faster. This suggests a future where AI tools are wholly ingrained in many roles due to their criticality in job success.

Most knowledge workers said they use their own AI tools because they prefer their independence (53%). An additional 33% said it’s because their IT team does not currently offer the tools they need. This suggests that if businesses want their employees to use officially issued tools, a different process is needed for determining which ones are actually made available.

Most employees are aware of the risks of their AI choices and high volumes recognise cyber security (72%), data governance (70%), and inaccuracy of information as potential pitfalls. However, businesses should be concerned that few employees take adequate precautions like running security scans (27%) or checking data usage policies (29%).

J-M Erlendson, Global Evangelist at Software AG, commented “There is some comfort that regular users of AI are better prepared to mitigate risks compared to occasional users. This fact alone should encourage organizations to implement more rigorous training programs, because many still don’t have anything robust in place."

"We need this now, because the future , where 90% of workers use AI, is just around the corner and will bring more of the occasional users, which is a problem. This group is far less adept at taking risk management precautions compared to their more experienced counterparts, but they’re just as likely to take the risks."

“Shadow AI is not going anywhere, but it is supercharging the operational chaos already engulfing many organisations. A transparent framework for their processes, coupled with an understanding of the tools employees want, and the training they need, are good building blocks for better incorporating Shadow AI. It’s clear that AI is not going away, and, collectively, we need to address it in the right way now.” Erlenson concludes.

Software AG

Image: LinkedIn

You Might Also Read: 

Managing API Sprawl: The Growing Risk Of Shadow APIs & How To Mitigate It:

If you like this website and use the comprehensive 8,000-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« President Trump Orders Federal Cyber Security Responsibilities Be Reduced
Major Data Breach Exposes Five Million Jobseekers »

ManageEngine
CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

Exploit Database (EDB)

Exploit Database (EDB)

The Exploit Database is a CVE compliant archive of public exploits and corresponding vulnerable software, developed for use by penetration testers and vulnerability researchers.

Cysec Resource Co (CRC)

Cysec Resource Co (CRC)

We offer expertise in information and cyber security, sourcing individuals and teams who provide information security expertise to the public and private sector.

BCS Financial

BCS Financial

BCS Financial delivers financial and insurance solutions. Specialty risk products include Cyber and Privacy Liability insurance.

Nexthink

Nexthink

Using our solution, hundreds of IT departments effectively balance offering a productive and enjoyable end-user experience with making the right decisions to secure and transform the digital workplace

Cybersixgill

Cybersixgill

Cybersixgill was founded with a single mission: to protect organizations against malicious cyber attacks that come from the deep and dark web, before they materialize.

CETIC

CETIC

CETIC is an applied research centre in the field of ICT. Key technologies include Big Data, Cloud Computing, the Internet of Things, software quality, and trust and security of IT systems.

Cyber Threat Alliance

Cyber Threat Alliance

CTA is working to improve cybersecurity of our digital ecosystem by enabling near real-time cyber threat information sharing among companies and organizations in the cybersecurity field.

Blueskytec (BST)

Blueskytec (BST)

Blueskytec has applied its experience of over three decades of working in the field of embedded systems and encryption to provide a scalable and appropriate technology for cyber-physical devices.

ABCsolutions

ABCsolutions

ABCsolutions is dedicated to assisting businesses and professionals achieve compliance with federal anti-money laundering regulations in an intelligent and pragmatic way.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Framatome

Framatome

Framatome Cybersecurity portfolio is directly inspired by its unique experience in nuclear safety for critical information systems and electrical systems design.

Secure Diversity

Secure Diversity

Secure Diversity is an innovative non-profit organization with leaders that think out of the box to create strategies & solutions to increase diversity in the cybersecurity industry.

Unciphered

Unciphered

Unciphered was created as the first company providing services for opening locked hardware cryptocurrency wallets.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

Career Smarter

Career Smarter

Career Smarter offers accredited online courses in cybersecurity and other sectors, helping learners gain industry-recognised certifications.

Minimus

Minimus

Minimus, a pioneering application security startup, offers a groundbreaking platform that eliminates over 95% of Common Vulnerabilities and Exposures (CVEs) from software supply chains.