Bosses blinded by confidence about shadow AI use by workers
Jump to main content
REG AD
AI + ML
Bosses blinded by confidence about shadow AI use by workers More than half of orgs in Okta survey faced an AI-related security incident or near miss last year
O'Ryan Johnson O'Ryan Johnson
Published wed 27 May 2026 // 18:20 UTC
More than half of businesses had an AI-related security incident or a scare in the past year — even as executives remain overwhelmingly confident in their ability to manage the risks of employees using AI tools, according to a study commissioned by identity and access management leader Okta. “For the purposes of this survey, an AI security issue is defined as an actual incident, i.e. a breach, data exposure, or system disruption, or a close call, meaning an issue was identified before it caused harm to the organization,” Harish Peri, SVP and GM for AI Security at Okta, told The Register. Of those respondents who reported a security problem, 26.7 percent described an actual incident — a breach, data exposure, or system disruption — while 31.2 percent identified a close call caught before it caused harm. Yet, overall, 58 percent of executives reported that their organization experienced an AI-related security problem in the past 12 months and the data is pointing to “shadow AI” use by employees as the culprit, Peri said.
REG AD
“The old adage in cybersecurity is that you can’t protect what you can’t see. Our research shows that 52 percent of knowledge workers admit to using unapproved AI tools,” Peri told us. “Security and compliance teams can’t govern the usage of AI tools they don’t know are being used. Organizations must implement an effective AI governance framework that prioritizes identity-centric controls, automated discovery, and secure sandboxes to test drive AI tools safely.”
REG AD
The AI Agents at Work 2026 report was commissioned by Okta and conducted by Apprize360 in March. It surveyed 292 executives and 492 knowledge workers across seven countries: the US, UK, Australia, Canada, Japan, France, and Germany.It also showed a disconnect between how leaders believe AI is being used within their organizations and what employees actually do. Whether it's coding assistants, browser extensions, or industry-specific utilities, the study said what unites all of the tools is their need for data and, in many cases, access to an organization’s internal systems. Peri said the survey found risky employee behavior when it came to interacting with AI models. Knowledge workers actively used unapproved AI tools, shared confidential company documents with those tools, handed over HR information to AI, and in 16 percent of cases, provided their login credentials."These risky behaviors — whether intentional or not — increase the attack surface across an organization," Peri told The Register.Despite that, 90 percent of executives had confidence in their organization's visibility into AI tools, even as more than half of knowledge workers admitted to using AI tools without approval, with 24 percent adding that they do so regularly. MORE CONTEXT 4 in 10 AI agents headed for demotion or the rubbish bin
Shadow AI invades the workplace, up 4x in the last year
Agent harnesses, like OpenClaw, are changing how we build and run AI models
Shadow IT has given way to shadow AI. Enter AI-BOMs
Apart from the security issues, the survey found that AI agents and AI tools are gaining widespread adoption. Ninety-two percent of executives surveyed said autonomous AI agents are already in widespread or moderate use across their organizations, while nearly two-thirds of knowledge workers reported using an AI tool at least daily. Among those workers, 68 percent used AI agents, while 62 percent regularly used LLMs and AI-infused chatbots.
REG AD
The results of the survey vary by geography, too.The United States led all surveyed countries, with 67 percent - more than two-thirds - of workers reporting they use unsanctioned AI tools. Australia came in second, with 60 percent of workers saying they engaged in unapproved AI usage. In the United Kingdom, some 55 percent of workers ignore the rules, while roughly 50 percent of Canadian workers reported using unauthorized AI tools. Workers in France and Germany reported the lowest rates of unauthorized AI usage with each at around 30 percent.The gap between executive confidence and employee reality is widest in the UK, where 96 percent of executives expressed confidence in their AI visibility, while more than half of workers used unapproved tools. Peri said there’s no easy fix.“For most organizations, shadow AI emerges unintentionally and isn’t intended to be malicious,” he told The Register. “Shadow AI primarily causes headaches for leaders because they don’t have the proper visibility, governance, and security controls for tools the organization isn’t managing.” Okta’s survey recommends that organizations should assume shadow AI exists and make discovery a priority. They should make the secure use of AI the easiest path, and define an AI governance strategy now.Peri said strict AI bans may actually make the problem worse by pushing more usage underground. A more effective approach, he said, involves talking with employees to understand what they need and making approved tools easier to use than unsanctioned alternatives. ®
ai + ml ai authentication security okta
REG AD
public sector
ICE to keep an eye on your eyes under $25M biometric scanner deal
And you thought a face recognition app was intrusive?
Security
No fix yet for critical RCE bug in open-source Git service Gogs - exploit module is out
Researcher reported the vuln in March. Maintainers haven't responded to his messages since
PARTNER CONTENT
AI and data sovereignty in Postgres: An answer to the datacenter energy crisis
A billion AI agents walk into a power grid
Legal
23andMe inherits lawsuit over 'disturbing' DNA data breach
California AG claims genetics biz downplayed 2023 mega-leak while paying ransom to attacker
Systems
EU's digital sovereignty boo-boo may be the best thing to ever happen to the project
DIY or die. Just don't let the CIA buy it
software
UCLA seeks pre-litigation resolution with Oracle
Discussion understood to concern delayed SaaS transformation project
MOST POPULAR