Shadow AI data risk: Okta finds 52% use unapproved tools

Executives may think generative AI is under control. Okta’s latest survey suggests the harder problem is happening outside the approved stack, where staff are already feeding company information into tools security teams cannot see.

Okta’s AI Agents at Work 2026 survey puts numbers around a governance gap many CIOs have treated as an edge case. The company said 52 per cent of knowledge workers use unapproved AI tools, while 58 per cent of organisations have already had an AI-related security incident or close call. The same report found 90 per cent of executives were confident they had visibility into AI use.

Those numbers make the story. Shadow AI is no longer a side issue about staff trying ChatGPT to rewrite an email. It is a data-handling problem inside ordinary enterprise workflows, and the Australian read-out is sharper: Okta said 94 per cent of local executives were confident in their visibility even as nearly 60 per cent of Australian workers used shadow tools.

Harish Peri, Okta’s senior vice president and general manager for AI Security, gave the blunt version in comments reported by The Register:

Security and compliance teams can’t govern the usage of AI tools they don’t know are being used.
Harish Peri, Okta

In Australia, enterprise teams are facing the finding at an awkward time. Boards want generative AI pilots to move faster. Workers already have access to consumer tools that can summarise documents, draft client notes and clean up spreadsheets. The control layer, from identity to data loss prevention to vendor disclosure, is still catching up.

The payload is company data

In Okta’s report, the most important number is not the share of workers using unapproved tools. It is what those workers are putting into them. Okta said 54 per cent of employees using shadow AI had shared internal messages or emails, 45 per cent had shared HR data, 39 per cent had shared confidential documents and 16 per cent had entered login credentials.

Seen that way, shadow AI turns from a productivity loophole into a security architecture problem. The risk is not only that an employee receives a poor answer from an unauthorised model. Internal context, staff information or credentials can leave the company’s governed environment before anyone records the event.

CIO Dive’s coverage made the same point from the enterprise-data side: employees are not waiting for sanctioned deployments before moving business material into AI workflows. Once that material is copied into a consumer service or a poorly disclosed vendor integration, the governance question becomes harder than a policy memo can handle.

Vendor risk is spreading the same concern beyond employees. A DataGrail report covered by VentureBeat warned that approved vendors may themselves be sending customer data into AI systems a buyer never assessed. Procurement, privacy, legal and security teams now need to know not only which AI tools employees use, but which AI systems their suppliers have quietly added.

CISOs inherit the gap

The CISO usually inherits that gap. Security leaders are being asked to support AI adoption, reduce data exposure, educate staff and satisfy boards that policies exist. They are doing it while workers route around controls whenever the approved path is slower than the public web.

Business Insider’s reporting on the CISO role described a high-paid job being squeezed by personal liability, board pressure and the spread of AI-related risk across business units. Shadow AI adds another layer because the exposure often begins as a normal work request: summarise this contract, rewrite this performance review, analyse this customer list.

Steve MacIntyre, a senior vice president at Fidelity Investments, put the operating principle plainly in ZDNet Australia’s piece on cautious AI rollouts:

We have to know what’s being used.
Steve MacIntyre, Fidelity Investments

Simple as it sounds, that sentence describes a hard programme. Knowing what is used means discovering unsanctioned services, mapping the data they touch, giving workers a safe alternative and deciding which use cases should be blocked outright. It also means explaining to executives that adoption dashboards do not prove control if the real usage sits outside the dashboard.

Okta’s executive-confidence number matters for that reason. A board can be genuinely committed to AI governance and still be wrong about the visibility its teams have. Shadow usage exposes the difference between policy coverage and operational coverage.

The market is moving from models to controls

Enterprise AI budgets are likely to shift in the same direction. Model selection still matters, but the harder budget questions are moving towards discovery, identity, sandboxing, audit trails and data boundaries. In other words, the control stack around AI is becoming a product category of its own.

That framing suits Okta. Identity is its business. But the wider market is moving in the same direction. SiliconANGLE reported that Xage Security is extending zero-trust controls to autonomous AI agents across cloud, SaaS and edge environments, including the discovery of unmanaged shadow AI agents. tech.eu reported that Geordie AI raised $US30 million to build security and governance tooling for AI agents.

Agent projects show the same pressure. A separate Register report cited Gartner research that 40 per cent of AI agents are set to be demoted or decommissioned as governance problems bite. Shiva Varma, an executive quoted in that report, described the failure mode this way:

Organizations are treating AI agent governance as binary, either locked down or fully trusted, and that is the root cause of failure.
Shiva Varma

Shadow AI exploits that binary choice. If approved tools are locked down too tightly, workers go elsewhere. If they are fully trusted without data boundaries, the organisation moves sensitive work into systems it does not fully understand. The middle ground is harder and more expensive: sanctioned tools, clear usage classes, identity-aware access, logging and enforcement that does not make every useful task feel like a compliance exercise.

Australia’s governance problem is practical

Australian CIOs should not read the Okta findings as proof that workers are reckless. They are evidence that demand has outrun the enterprise route to supply. Staff are using AI because it saves time. The control failure is that many organisations have not made the safe path as easy as the unsafe one.

Policy follows from that distinction. Banning tools can reduce obvious risk, but it rarely removes the incentive that created shadow use in the first place. Training helps, but it does not identify which sensitive documents have already been copied into external services. Vendor attestations help, but only if procurement teams know which AI functions suppliers have enabled after the contract was signed.

Visibility comes first. Organisations need inventories of AI services in use, identity-linked access to approved tools, data rules that distinguish public material from HR and confidential documents, and escalation paths that do not punish staff for asking whether a tool is allowed. They also need boards to treat shadow AI as a data governance issue, not a moral failing by workers.

As vendor research, Okta’s survey is not a neutral regulator’s audit. The company benefits if AI governance is treated as an identity problem. Even so, the figures are difficult to dismiss because they match what security teams are seeing elsewhere: AI adoption is happening through employee behaviour before it is happening through enterprise architecture.

In the next phase of enterprise AI, the winner will not be the company with the most enthusiastic pilot list. It will be the company that can see where its data is going, give workers a usable sanctioned path and prove to customers, regulators and its own board that AI did not become another unmanaged software estate.