Unauthorized AI applications are adding to the already serious threat of shadow IT. Here’s how a Zero Trust strategy based on sound policies offers protection.
Shadow IT has been a thorn in the side of IT professionals for years, particularly when it comes to ensuring security and containing costs. Now, artificial intelligence (AI) is adding fuel to the shadow IT fire, enticing employees with yet another category of applications not sanctioned by IT. But a properly implemented Zero Trust strategy remains an effective defense against all forms of the shadow IT threat.
Shadow IT: pervasive, dangerous, and costly
For years, studies have warned of the dangers of shadow IT, and the trend continues. The “IBM Cost of a Data Breach Report 2025” found that 20% of the organizations it studied had suffered a breach due to security incidents involving shadow AI.
“For organizations with high levels of shadow AI, those breaches added USD 670,000 to the average breach price tag compared to those that had low levels of shadow AI or none,” the report says. “These incidents also resulted in more personally identifiable information (65%) and intellectual property (40%) data being compromised.”[1]
Here’s the kicker: IBM found that 97% of AI-related security breaches involved systems that lacked proper access controls and that most lacked governance policies for managing AI or preventing shadow AI.[2]
Zero Trust sheds light on shadow IT
That’s unfortunate, because it’s not exactly difficult to bring shadow IT applications, including shadow AI, out into the open. You just have to be looking for them, says John Kindervag, chief evangelist at Illumio and the creator of Zero Trust.
“Packets don’t wear Harry Potter cloaks to make them invisible,” he says. “You get to see everything, because packets are traveling across a network and announce themselves. They say, ‘Here I am. And here’s my source IP address and my destination IP address.’”
A properly implemented Zero Trust strategy will detect any unauthorized application as a matter of policy. If no policy explicitly allows communications between two entities on a network, then that communication can’t happen. But that’s not how most organizations operate.
“Most organizations have an ‘allow all’ policy, then essentially play whack-a-mole trying to deny all the bad things. Nobody wins at whack-a-mole,” Kindervag says.
How effective policies defeat shadow IT
Illumio does the opposite: “We’re going to deny everything and then turn on the allow rules, based on what any particular user needs access to at any given time,” Kindervag says.
The Illumio Platform helps companies develop those policies by using AI-powered security graphs that make it easy to identify legitimate connections. It also enables companies to control unnecessary and unwanted communications and develop containment strategies to protect resources from unauthorized users.
Simply put, if a resource isn’t known to the Illumio Platform, users won’t be able to connect to it. So, no more shadow IT or shadow AI.
Learn more about how Illumio can help you prevent shadow IT and contain cyberthreats.
[1] “Cost of a Data Breach Report 2025,” IBM.com
[2] Ibid.
