Shadow AI sparks new cybersecurity race

The rise of Shadow AI—employees using unauthorized AI tools such as ChatGPT and Claude for tasks like drafting emails, coding, and research—is creating a major cybersecurity blind spot for enterprises. Over 40% of global companies are projected to experience security or compliance breaches due to Shadow AI by 2030, according to Gartner, with India facing heightened risks as rapid digitization outpaces AI governance frameworks. Shadow AI differs from past Shadow IT challenges because traditional security tools cannot detect data shared with external AI models, leaving companies vulnerable to leaks of proprietary code or intellectual property. When developers input sensitive data into public AI platforms, encrypted sessions prevent monitoring, eroding visibility and control over how information is handled. Startups are responding with specialized cybersecurity solutions. Deep Algorithm, backed by Unicorn India Ventures, offers tools to classify AI-related network traffic and flag unauthorized usage across sectors like finance, healthcare, and technology. The company’s Connection Classification Mechanism identifies both known and unknown AI services accessed by employees, addressing compliance and data protection concerns. AIONOS is targeting regulated industries with AI-powered zero-trust security systems, verifying users and devices before granting data access. Its real-time monitoring detects unusual data movements that could indicate unauthorized AI sharing, with strong demand from sectors where compliance risks are critical. Industry experts warn that AI’s expansion—through agents, copilots, and autonomous systems—creates new attack surfaces while driving demand for governance-focused security layers. As enterprises shift from AI experimentation to formal governance, visibility and control over employee AI usage will become a top priority for cybersecurity teams.