Back to Posts

Like Humans, AI Requires Zero Trust

Updated June 9, 2026

Man working at desk with shadow AI behind him

Originally published: Feb. 22, 2026.

By Tracey Birkenhauer, journalist and Chief Impact Officer, STACK Cybersecurity

Executive Summary

Shadow AI refers to corporate use of artificial intelligence tools and systems that aren't approved, monitored, or governed. In 2026, this risk is no longer limited to employees experimenting with public chat tools. AI capabilities are now embedded into business platforms and can be deployed through low-code tools with minimal oversight.

The core issue is visibility. Most companies can't fully see how AI is being used, what data is being shared, or what actions AI agents are taking across systems. That lack of visibility creates operational, security, and compliance exposure.

The risk isn't limited to data leakage. AI agents can access files, trigger workflows, and interact with multiple systems using existing permissions. If that activity isn't tied to identity and logging, it becomes difficult to understand or investigate after the fact.

For most businesses, the immediate priority is making AI usage visible and governable. That means understanding where AI is already in use, defining clear rules for data handling, and applying the same identity, access, and vendor controls used for any other system handling sensitive information.

Generative artificial intelligence (GenAI) workplace adoption has advanced much faster than anticipated. As such, many corporate security policies have failed to maintain momentum.

Nearly every company uses AI agents. But few have implemented technical controls. This has led to the proliferation of shadow AI, which is employees using unauthorized AI tools.

AI chat tools and agentic assistants have quietly become the new shadow IT. Not because people are reckless, but because these tools are fast, accessible, and genuinely helpful. But they can turn productivity habits into an untracked data-export pipeline.

An AI system is a machine-based system that, for explicit or implicit objectives, infers, from the input it receives, how to generate outputs such as predictions, content, recommendations, or decisions that can influence physical or virtual environments, according to The Organisation for Economic Co-operation and Development (OECD), international public policy organization.

Artificial Intelligence Readiness Evaluation (AIRE)

STACK Cybersecurity developed a custom evaluation tool for businesses of all sizes to gauge their AI readiness. Our comprehensive assessment offers you a custom score. Select the button below to start your evaluation.

Whether you're a small business owner, a team leader, or simply curious about the technology, this guide explains what AI can (and can't) do, how businesses are using it today, and how to adopt AI tools more safely and effectively. According to recent industry research, more than 75% of organizations now use AI in at least one business function, yet only a small percentage consider their AI adoption fully mature. That means businesses still have time to implement AI thoughtfully, securely, and strategically without falling behind competitors.

Different AI systems vary in their levels of autonomy and adaptiveness after deployment. The European Union, Council of Europe, United States, United Nations, and other jurisdictions use the OECD’s definition of an AI system in their legislative and regulatory frameworks.

"The most effective and efficient way to reduce risks... is by providing people with authorized platforms," said Marcelo Felman, Microsoft's general manager of enterprise security for Latin America. The goal, he said, is not to eliminate risk entirely by stopping the use of technology, but to strike a balance.

Shadow AI Means Unsanctioned Usage

When companies share data with AI systems without controls, they’re effectively exposing proprietary information to third-party models. That can increase risk by broadening the potential attack surface available to hackers.

There’s also a deeper operational challenge. AI systems are not deterministic, like calculators.

A probabilistic system like AI works differently. It generates outputs based on statistical likelihoods learned from data patterns. When you ask the same question twice, you might get two wildly different answers. Both may be reasonable. One might contain an error. That’s because the model calculates the most likely next word at each step, not executing a fixed decision tree.

Operational security risks expand further with what some refer to as the “double agent” problem. If an AI agent isn’t properly secured and validated, a malicious actor could manipulate it to act against your company’s interests. That’s why some cybersecurity leaders argue users should assume AI agents are already compromised.

"We talk a lot about securing people and devices, but AI agents demand the same level of scrutiny," said Rich Miller, Founder and CEO of STACK Cybersecurity. "If you can't see what an AI tool is accessing, you can't govern it. And if you can't govern it, you can't secure it. That's the shadow AI risk most businesses aren't prepared for."

Shadow AI is any AI usage that isn't reviewed, governed, or logged the way you'd expect for tools handling confidential information. That can be public AI chat tools, browser plugins, desktop apps, or AI features turned on inside Software-as-a-Service (SaaS) platforms.

At CruiseCon East 2026, Chief Information Security Officer (CISO) at Noma Security, Diana Kelley, captured the scale:

"The most important thing to know here is that pretty much everybody at your company has the ability to start creating agents."

Microsoft research shows more than 80% of the Fortune 500 deploying low-code/no-code agents. Creating an agent in the paid version of Microsoft Copilot takes less than a minute with zero code or technical expertise required.

And it isn't only employees. Kelley also warned AI agents are appearing in the software you already pay for:

"Your SaaS providers are creating agentic systems, too, and are using them behind the scenes on the SaaS. So, can you get away from agents? Not really at this point, not the AI-driven."

Visibility Gap

A lot of companies still assume AI use is rare, centralized, or obvious. It's not.

  • In a recent survey, 38% of employees admitted to sharing sensitive information with AI tools without employer knowledge.
  • A Microsoft-linked report found 71% of workers surveyed in the UK had used unauthorized consumer AI tools at work.
  • A global KPMG and University of Melbourne study reported 57% of employees said they hide their AI use, and 48% said they've uploaded sensitive company data into AI tools.
  • Only about 25-41% of companies have a formal AI policy, according to KPMG.

How STACK Cybersecurity Monitors Shadow AI

At STACK Cybersecurity, we treat shadow AI as a visibility, identity, and data governance problem. We want to make AI usage visible, governed, and defensible.

Our Managed AI program uses the same security and operational discipline we apply to other managed services. For shadow AI specifically, that means identifying what tools are already in use, monitoring for new unsanctioned platforms, documenting approved AI environments, and giving clients a governed alternative to public AI tools.

Kaseya SIEM

STACK uses Kaseya SIEM to analyze logs and identify access to known AI platforms from client environments. This allows us to detect when users are reaching public AI tools and to establish a baseline of current AI activity inside the business.

That matters because most executives don't realize how much AI usage is already happening until they look at the traffic. Kaseya SIEM helps surface that activity and supports the monthly shadow AI reporting included in our Managed AI offering.

Microsoft Defender for Cloud Apps

STACK uses Microsoft Defender for Cloud Apps to discover and categorize cloud application usage, including AI tools. Defender for Cloud Apps provides deeper inspection than basic log review by identifying unsanctioned AI applications, assigning risk context, and supporting alerting or policy enforcement when needed.

For clients on Microsoft 365 Business Premium or above, this becomes a critical control point. It allows STACK to see which AI applications are being used, assess whether they're sanctioned, and respond when usage falls outside policy.

AI Acceptable Use Policy and Documentation Controls

Monitoring alone isn't enough. Every Managed AI client receives an AI Acceptable Use Policy drafted and customized by STACK. That policy defines approved AI tools, prohibited uses, sensitive data restrictions, and employee responsibilities.

STACK documents the approved AI environment, policy signoff, project inventory, and monitoring baseline in IT Glue. This creates a defensible record of how AI is governed, what systems are approved, and how shadow AI findings are addressed over time.

Autotask and Monthly Governance Reporting

Managed AI is not a one-time setup. STACK uses Autotask to track onboarding, recurring governance tasks, and support activity tied to the AI service line. That operational discipline matters because AI environments change quickly.

Each month, STACK reviews shadow AI findings, verifies that approved AI projects are functioning as expected, updates documentation, and delivers a governance report to clients. That is what turns AI from an unmanaged experiment into a managed service.

AWS and Secrets Management for Connected AI Workflows

When AI is connected to live business systems through Model Context Protocol (MCP), STACK uses isolated AWS environments and AWS Secrets Manager to store credentials securely. No credentials are hardcoded. Each client environment is documented and managed as part of the service.

This is important because AI risk doesn't stop at chat usage. Once AI connects to business systems, the security model has to extend to infrastructure, credentials, logging, and change management.

The Goal Is Controlled Adoption

The purpose of this stack isn't to stop employees from using AI, which isn't realistic or desirable. It's to replace unsanctioned AI usage with approved, monitored, and policy-governed alternatives. That is the difference between shadow AI and managed AI.

Free Download

Deepfake Compliance Checklist

TAKE IT DOWN Act requirements, 30-state election disclosure obligations, and internal controls for every business type.

Confidentiality Risk

When someone pastes client information, HR details, financial data, legal drafts, product plans, or proprietary code into a public AI tool, you have to assume it has left your controlled environment. Whether it can be retained, logged, reviewed, or used for product improvement depends on the provider and the service tier.

For example, OpenAI explains that data handling differs across offerings and settings, and it publishes its consumer and enterprise policy approach publicly. The details matter, because "we don't train on your data" isn't the same thing as "this is governed, logged, and contractually protected."

This kind of exposure has already happened in the real world. In 2023, Samsung restricted employee use of generative AI after engineers reportedly entered sensitive code into ChatGPT.

AI Agents Raise Forensic Stakes

AI agents can take actions, not just generate text. They can connect to tools, call APIs, retrieve files, and run workflows. If that activity isn't tied to identity and access management, incident response gets ugly fast.

Kelley called out the forensics challenge directly:

Diana Kelley

Diana Kelley

Chief Information Security Officer (CISO) at Noma Security

"We will not be able to forensically track and understand what they did if we can't tie them into identities. If we give them that golden login, it's going to be really hard to figure out when what went wrong after the fact."

Privacy, Breach Obligations Still Apply

AI doesn't create a legal free pass. If regulated data is shared with a third party in an uncontrolled way, it can trigger contractual obligations, privacy requirements, and potentially breach notification duties depending on what happened and what data was involved.

All 50 states have data breach notification laws, which is a useful reminder that disclosure obligations aren't rare edge cases.

And the AI-specific regulatory landscape is accelerating too. The Transparency Coalition’s 2025 report found 73 new AI-related laws were enacted across 27 states, with California leading the country in 2025 enactments. We track that momentum in our AI Hub and our roundups on AI state laws and California AI legislation.

Governance, Not Panic

Bans usually don't work. People still need the capability, so usage goes underground. A better approach is setting clear rules, offering approved options, and making sure your controls extend to AI the same way they do to other third parties.

  1. Get visibility into what AI tools are already being used (logs, CASB, endpoint telemetry, surveys).
  2. Make your AI acceptable-use rules explicit, especially around sensitive data categories.
  3. Require review before deploying agents or automations that can take actions across systems.
  4. Make identity non-negotiable. No shared "golden logins" for agents, bots, or integrations.
  5. Assess AI vendors like any other third party handling confidential data, including retention, logging, and contractual safeguards.

If you're building a program and want a deeper primer, start with our Shadow AI post, then browse the AI Hub for governance and legislation updates.

Of note: Shadow AI isn't a future risk. It's already present in most environments. Prioritize bringing it under control.

Frequently Asked Questions (FAQs)

What is shadow AI in a business context?

Shadow AI is the use of artificial intelligence tools, agents, or features that aren't approved or governed in a company. This includes public chat tools, browser extensions, and AI capabilities embedded in software platforms that employees use without formal oversight.

Why is shadow AI considered a security risk?

The primary risk is loss of visibility. When AI tools operate outside approved systems, companies can't track what data is being shared, how it's processed, or where it's stored. That can lead to confidentiality, compliance, and operational risks, even when the user’s intent is legitimate.

Do enterprise AI tools eliminate shadow AI risk?

No. Enterprise tools improve visibility and provide governance controls, but they don't eliminate shadow AI. Employees may still use unapproved tools, and AI features are increasingly built into platforms already in use. Governance requires both approved tools and enforcement of usage policies.

What's the difference between shadow AI and shadow IT?

Shadow IT refers to any unauthorized technology use. Shadow AI is a specific category where the technology in use can process data, generate content, or take actions. Because AI systems can operate probabilistically and access multiple data sources, the scope of risk is broader than traditional shadow IT.

What should businesses do first to address shadow AI?

Start by identifying where AI is already in use. This includes employee tools, Software-as-a-Service (SaaS) platforms, and embedded AI features. Then define clear usage guidelines for sensitive data and ensure AI activity is tied to identity, access controls, and logging wherever possible.

Are AI agents more risky than AI chat tools?

AI agents introduce additional risk because they can take actions rather than only generate responses. They may access systems, retrieve data, and execute tasks. Without identity controls and logging, those actions can be difficult to trace or audit after the fact.

Questions about AI governance, visibility, or zero data retention? Contact Us

Cybersecurity Consultation

Is your company secure against cyber threats? If you're not sure, it's time for a cybersecurity risk assessment (CSRA). STACK Cybersecurity's CSRA will meticulously identify and evaluate vulnerabilities and risks within your IT environment. We'll assess your network, systems, applications, and devices. You'll get a detailed report and action plan to improve your security posture. Don't wait until it's too late.

Schedule a Consultation Explore our Risk Assessment