2025年影子人工智能状况报告

Table of Contents Executive Summary: The Shadow AI Era Is Here03 0911131517Recommendations for Security LeadersFinding 5 - Understaffed and Overexposed: 27% of Small Company Employees Use Shadow AIFinding 4 - Shadow AI Isn't Temporary: Uncovering Months of Unsanctioned AI UsageFinding 3 - OpenAI Accounts for 53% of All Shadow AI Usage Across EnterprisesFinding 2 - ThePopularity Trap:High AdoptionDoesn't MeanHigh SecurityFinding 1 - 10 Shadow AI AppsPuttingYourData at Risk Executive Summary: The Shadow AI EraIs Here Security leaders face an unprecedented reality: Shadow AI has infiltrated nearly every corner of theenterprise, creating massive blind spots that traditional security approaches cannot address.Our in-depth analysis of shadow AI usage across our customer base reveals five critical findings thatdemand immediate action. Sb Shadow AI runs deeper than most realize.These tools do not disappear after the testingand experimentation ends. For example, someapps run unsanctioned for over 400 days onaverage. In our study, we found CreativeX andSystem.com to have the longest standingaccess on average. Once embedded inworkflows for months, these applicationsbecome nearly impossible to remove withoutdisrupting business operations and upsetting itsusers. Every day they persist, the security debtcompoundsƒ ibThe threat is real and it's massive. Weidentified the 10 riskiest AI applicationscurrently proliferating across our customerbase, with security scores so low they shouldalarm any CISO.Three applications (JivrusTechnologies, Happytalk, and Stability AI)received failing grades meaning that they lackfundamental security controls like RBAC, MFA,and audit logging.These aren’tjust any tools,they're processing corporate data dailyƒ ObMass adoption doesn't equal enterprisereadiness.The most widely adopted AI toolsaren't the most secure. CreativeX and Otter.aiboast thousands of users despite securityscores that should disqualify them fromenterprise use.Organizations are choosing AItools like they choose consumer apps: basedon features and convenience, not security Db Smaller organizations facedisproportionate risk. The smaller theorganization, the bigger the shadow AI problem.Companies with 11-50 employees show thehighest risk concentration: 27% of theirworkforce uses unsanctioned AI tools. Theseorganizations face the perfect storm: maximumAI adoption with minimum security resources tomanage it. AbThe OpenAI monopoly.OpenAI commands53%of all shadow AI usage across theorganizations we assessed, processing datafrom over 10,000 enterprise users in our study.This unprecedented concentration means halfof all AI-related risk flows through a singleplatform.Any security incident, policy change,or service disruption at OpenAI couldsimultaneously impact the majority ofenterprise AI workflows. Shadow AI is here, running loose across enterprises andThe bottom line: invisible to traditional security tools. Smart security teamsare implementing shadow AI discovery and governancesolutions to turn this challenge into competitiveadvantage.The path forward is clear: AI adoption won'tslow down because of security concerns. Security teamsmust get ahead of shadow AI now or face mounting risksand compliance challenges later. Methodology Reco identified high-risk shadow AI applications through detailed analysis of anonymized, real-worldusage data collected across its customer base. This comprehensive assessment included: LN Internal telemetry and SaaS audit logs: Identifying unsanctioned AI apps actively usedby employees. ¬N Evaluation across multiple security-relevant factors:k{ Total user count: Number of employees actively using each AI app‹ { Usage duration and frequency: Level and pattern of employee engagement with the app‹{ Registration type: Whether employees registered using corporate credentials orpersonal email accounts‹{ Authorization visibility: Assessment of whether apps integrated transparentlyvia standard corporate channels or operated covertly‹{ Security policy compliance: Alignment with essential enterprise security controls, such as SSO, dataretention policies, and encryption standards. ÚN Correlation of policy violations and risk signals:ÀÅ Data Loss Prevention (DLP) and shadow AI discovery alertÐ Å Abnormal data flows or other suspicious activities linked to shadow AI app usage. -NDetailed Security IndicatorAssessment.ÅSpecific security indicators assessed includedEncryption atRest,PasswordComplexity,Auto- RenewalSubscription status,SSOSupport,UserGeo-LocationControl,ContentSecurity Policy (CSP),Audit Logs,ValidCertificate,TransportSecurity (HTTPS),2FA Provisioning,DataClassification,EncryptionKeyRotation,User Audit Logs,and DataRetention Policies‹ ÅEach indicator was classified with clear statuses (Pass,Warn,orFail),contributing to a compositerisk score. Here’s an example of how Reco assesses the risks of an AI app across 20 indicators:Here'sanexampleofhowRecoassessestherisksofanAIappacross2Oindic