Table of Contents
Poorly designed internal AI apps are failing to deliver the experiences employees need to excel, further fueling shadow AI’s growing dominance.
With 92% of companies planning to increase their AI investments and only 21% of office workers saying AI apps significantly improve their productivity, more businesses are grappling with how to close a 71% gap between expectations and reality. More organizations need to challenge themselves to improve the employee experiences their internally created apps deliver.
“The biggest paradox in enterprise AI adoption is that companies are spending heavily, but employees don’t feel the benefit,” Vineet Arora, CTO at WinWire told VentureBeat in a recent interview. “This isn’t about the algorithms, it’s about usability. If the AI tools don’t feel as intuitive as the ones employees already trust, adoption stalls and shadow AI fills the gap.”
The majority of employees creating shadow AI apps aren’t acting maliciously or trying to harm a company. They’re grappling with growing amounts of increasingly complex work, chronic time shortages, and tighter deadlines.
“We see 50 new AI apps a day, and we’ve already cataloged over 12,000,” said Itamar Golan, CEO and cofounder of Prompt Security, recently acquired by SentinelOne, during a recent interview with VentureBeat. “Around 40% of these default to training on any data you feed them, meaning your intellectual property can become part of their models.”
As Golan puts it, “It’s like doping in the Tour de France. People want an edge without realizing the long-term consequences.”
Growing expectations disconnect is driving more shadow AI
Recent research from Ivanti highlights the significant gap between employee expectations for AI apps and their current delivery. In confidential interviews over Signal, VentureBeat continues to learn of ingenious approaches employees across consulting, financial services, marketing and other core business functions are taking to harness AI for greater efficiency, with the fallout being the risk of confidential data ending up in LLMs.
Legacy approaches to UI are rocket fuel for shadow AI
“I have experienced over the last few months interacting with customers that enterprises often underestimate the role of UI and UX when rolling out AI tools and solutions,” Arora explained. “Employees compare every enterprise app to the ease of ChatGPT or other AI apps they use daily outside of their work tasks. Most enterprise AI solutions don’t feel as natural and effective as what employees use at home, and adoption lags.”
Building AI tools using a blueprint for usability that is years or even decades old invites shadow AI. IT teams are missing an opportunity to deliver exceptional new employee experiences by staying in the comfort zone of building internal apps like they always have.
The result is becoming predictable as shadow AI flourishes. VentureBeat continues to learn of the proliferation of shadow AI financial analysis apps integrated with APIs from the world’s top AI companies, including OpenAI, Perplexity, Google and others. Their widespread use in consulting companies continues to lead all others, as many employees see it as a hedge against layoffs. By the end of the year, 115,000 shadow AI apps will be embedded in client delivery workflows, with mobile apps showing the fastest growth.
Shadow AI is the $670,000 problem most organizations don’t even know they have. Breaches involving employees’ unauthorized use of AI tools cost organizations an average of $4.63 million. That’s nearly 16% more than the global average of $4.44 million.
The $4 million productivity paradox every business will face
While nearly every IT team VentureBeat interviews regarding their current and future AI apps plans has a roadmap, there are vast differences in how AI usability is defined. Often relying on UI and employee experience practices that worked well for previous generations of internal apps, applying them to new AI apps that can deliver much greater insight accidentally creates more friction than productivity.
Ivanti’s 2025 Digital Employee Experience Report found that enterprises are, on average, losing $4 million annually in productivity as workers abandon apps due to their bad UI design and the friction it creates. It’s not surprising that 27% of employees are going rogue, migrating 73.8% of workplace AI to personal ChatGPT accounts that security teams can’t see, monitor, or protect.
Digital friction is one of the leading causes of lost employee productivity. Employees today already endure 3.6 tech interruptions and 2.7 security update disruptions per month on average. The accumulated productivity and time lost in a typical 2,000-person organization can easily reach the $4 million a year figure Ivanti’s research team identified through their analysis.
The worse the experience, the greater the stealth
Most enterprises have no visibility into whether and how their internal AI apps are working or delivering value to employees. Only 67% track Digital Employee Experience (DEX), which is the data revealing how employees actually interact with technology. Mid-size companies are better at tracking DEX performance, with 81% saying they’re actively involved in how their apps deliver productivity gains. Without DEX metrics, IT teams cannot understand why their AI investments aren’t yielding productivity gains or why workers opt to develop and share shadow AI applications with their peers.
Source: Ivanti 2025 Digital Employee Experience Report
IT can’t see what’s really happening
Subpar employee experiences are inadvertently driving the development of productivity accelerators that employees use to get more done in less time and gain a competitive edge in their jobs.
The greater the chronic time shortages and tighter deadlines, the more shadow AI dominates, especially in consulting. Entire departments have shadow AI apps they use to squeeze more productivity into fewer hours. “I see this every week,” Arora observed. “Departments jump on unsanctioned AI solutions because the immediate benefits are too tempting to ignore.”
“Shadow AI is today’s shadow IT, but with much higher stakes,” Arora warns. “Employees are not acting maliciously; they’re acting out of frustration. If security teams try to block it, they lose. If they design enterprise-grade experiences that feel consumer-grade, they win.”
“Most traditional IT management tools and processes lack comprehensive visibility and control over AI apps,” Arora observes, explaining why enterprises can’t stop shadow AI. His assessment cuts to the heart of the issue. Companies need to move beyond legacy processes and realize that adaptability, agility, and speed are crucial for AI app performance. Processes and workflows that worked for a homegrown CRM, ERP, or order management system don’t scale for AI apps.
Arora explained that entire business units are using AI-driven SaaS tools that operate under the radar. With independent budget authority for multiple line-of-business teams, business units are deploying AI quickly and often without security sign-off, he observes. “Suddenly, you have dozens of little-known AI apps processing corporate data without a single compliance or risk review,” Arora told VentureBeat.
“The smartest CISOs and CIOs I work with aren’t writing new policy binders or reinventing new security rules,” Arora continued. “They’re learning the new ways of the AI world and building guardrails that allow safe experimentation while delivering user experiences that rival public AI tools. They focus on new UX aspects that allow for frictionless usage and drive higher adoption—enterprises need to focus on the innovation impulse instead of fighting it.”
Getting user experience and AI access right
“Organizations must define strategies with robust security while enabling employees to use AI technologies effectively. Total bans often drive AI use underground, which only magnifies the risks,” Arora advises. CISOs and security leaders face a dilemma: providing AI access to employees, which is a known force multiplier for productivity, while also protecting their invaluable intellectual property.
Employee experience is at the core of that dilemma for many of the CISOs, security leaders, and technical leaders of organizations today.
Sam Evans, CISO of Clearwater Analytics, faced a critical challenge in October 2023. Standing before Clearwater Analytics’ board, he had to confront concerns that employees might inadvertently expose data that could potentially compromise the firm’s $8.8 trillion assets under management. “The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don’t manage,” Evans told VentureBeat. “The employee not knowing any different or trying to solve a problem for a customer…that data helps train the model.”
A seven-point strategy for stopping shadow AI before it compromises your organization
The convergence of insights from Arora, Golan and Ivanti’s latest research reveals precisely how to tackle shadow AI proliferation while delivering the employee experiences that prevent it from taking root in the first place:
1. Audit everything: Map shadow AI to digital friction. Don’t guess where shadow AI lives—find it. Deploy comprehensive network monitoring and proxy analysis to baseline both unauthorized AI usage and the digital experience gaps driving it. The organizations winning this battle track DEX metrics as religiously as they monitor security logs.
2. Centralize AI governance under one roof. Arora’s right: fragmented AI oversight guarantees failure. Establish an Office of Responsible AI with teeth—one that owns both security policies and user experience improvements. Half-measures create the exact blind spots that shadow AI exploits.
3. Monitor user pain points, not just security threats. Traditional DLP wasn’t built for AI risks. Deploy monitoring that catches both text-based AI exploits and the user frustrations that drive workarounds. If employees are fighting your tools daily, they’re already building alternatives you can’t see.
4. Build a living catalog of approved AI tools. Stop playing catch-up with homegrown solutions that take months to deploy. Maintain a vetted AI catalog that updates based on real user performance data, not IT’s comfort zone. If your approved tools don’t exceed shadow alternatives in speed and usability, you’ve already lost.
5. Train for reality, not compliance theater. Generic AI awareness training is worthless. Educate employees on actual shadow AI risks while giving them clear paths to request better tools. Frustrated users ignore policies while empowered users become your strongest defense.
6. Make user experience a board-level risk metric. Boards are waking up to this reality: poor digital experiences directly correlate with shadow AI adoption. Embed DEX metrics into your GRC dashboards. When user satisfaction drops, shadow AI usage typically spikes.
7. Deploy enterprise AI that actually works. Stop trying to build something that’s already better. Enterprise AI solutions move faster than any internal team can match. Get expert help with due diligence, choose peer-vetted tools, and focus on solutions that employees actually want to use. Security alone won’t drive adoption.
The Bottom Line: Shadow AI isn’t just a security problem; it’s a user experience failure. Fix the employee experience, and you eliminate the motivation for shadow AI before it starts. Keep frustrating your users with subpar tools, and they’ll keep building better ones behind your back. “Every enterprise should treat UI and UX design as a security control,” Arora concluded. “Intuitive AI application design doesn’t just drive productivity; it’s the best defense against employees going rogue with tools that IT can’t see or secure.”