.svg){kind=icon}
Per IDC (2025), 56% of employees use unauthorized AI tools and only 23% use governed AI. Here's how public agencies discover shadow AI and bring it under governance.
If you are responsible for AI governance in a public agency, the AI you should worry about most is the AI you can't see. Not the documented pilot with a project plan and a steering committee — the tool an employee opened in a browser tab this morning, paid for with a personal card, and pointed at real citizen data. That is shadow AI, and it is already inside most organizations.
According to IDC (2025), 56% of employees use unauthorized AI tools at work, while only 23% use AI that their organization has actually governed. The gap between those two numbers is the problem. It means that for most agencies, the majority of AI activity is happening outside any policy, any audit trail, and any accountability — which is exactly the activity a regulator, an auditor, or a journalist will ask about first.
This article explains what shadow AI is, why it is more dangerous than the shadow IT you already manage, what it specifically puts at risk in the public sector, how to discover it with tools you likely already own, and how to turn that discovery into governance that holds.
What is shadow AI?
Shadow AI is any AI tool or feature used to do the organization's work without IT or governance approval. It is the AI-era successor to shadow IT — the unsanctioned apps, devices, and cloud services agencies have wrestled with for years — but the stakes are higher because of what these tools do with data and decisions.
In practice it looks ordinary. An employee pastes a constituent's case file into a public chatbot to draft a response. A program manager signs up for an AI analytics tool to summarize survey results. A team wires an AI plugin into a workflow that IT has never reviewed. None of it shows up on an asset list, because none of it was ever requested.
Why shadow AI is more dangerous than shadow IT
Agencies have decades of practice catching unapproved software. Shadow AI is harder to see and harder to contain, for three reasons.
The data can leave and not come back. When an employee feeds records into a public AI tool, that data may be retained, used to improve a model, or exposed through the vendor — in ways that can conflict with privacy obligations like HIPAA, FERPA, and state public-records and privacy law. A spreadsheet sitting on a laptop is a contained risk. A prompt sent to an outside model is not.
The tool makes consequential decisions. Traditional shadow IT mostly stores and moves data. Shadow AI interprets it and produces outputs that shape decisions — benefit eligibility, risk scores, hiring screens, citizen communications. When one of those outputs is wrong or biased, the agency owns the consequence whether or not leadership knew the tool existed.
One person can operate at the scale of a department. A single employee can run thousands of records through an AI tool and generate hundreds of outputs before anyone in governance is aware of it. The speed and reach of the potential harm are simply different from a rogue desktop app.
What shadow AI puts at risk in the public sector
For a government agency, the exposure is not abstract. Four risks stand out, and they are the four an auditor is most likely to test.
| Public-sector risk | What goes wrong with shadow AI |
|---|---|
| Citizen PII exposure | Constituent records, case files, and personal data get pasted into tools with no data-handling agreement and no retention control. |
| Records retention | Prompts and AI-generated outputs that constitute public records are created outside any system that captures or retains them, breaking retention-schedule and FOIA obligations. |
| Due process | An ungoverned model influences a determination about a person — eligibility, enforcement, prioritization — with no documentation of how the decision was reached or whether it can be contested. |
| No audit trail | Because the tool was never inventoried, there is no record of what was used, by whom, on what data — the exact question oversight bodies ask first. |
That last row is the one auditors keep finding. In April 2025, the New York State Comptroller reported that the state's AI policy "lacks adequate guidance" and that the Office of Information Technology Services "does not have an inventory of AI systems in use by state entities." If the agency cannot say what AI it is running, it cannot govern any of it — and shadow AI is the part of that picture nobody documented on purpose.
The 56/23 gap, in one picture
The single most useful way to frame shadow AI for a leadership team is the distance between AI that is in use and AI that is governed.
Most of the secondary numbers you'll see quoted around shadow AI — what share of workers paste sensitive data into prompts, how many use personal accounts — vary by survey and are often unsourced. The honest, defensible statement is the directional one: a majority of employees are already using AI without approval, and only a minority of it is governed. You do not need an invented decimal to justify acting on that.
How to discover shadow AI in your organization
You will not find every instance of shadow AI in one sweep, and an employee survey alone will undercount it — people forget tools, and some won't volunteer them. The reliable approach combines what people tell you with what your systems already record. Most agencies own four discovery sources without buying anything new.
- CASB and web-proxy logs. Your cloud-access-security-broker and proxy logs already show outbound traffic to AI domains and SaaS endpoints. Pull the list of AI services employees are actually reaching — this is the closest thing to ground truth, because it records use whether or not anyone admitted to it.
- SSO and OAuth grants. Review what identity-provider sign-ins and OAuth consents have been granted to third-party AI apps. Every "Sign in with Google/Microsoft" or "allow this app to access your account" is a tool with a foothold in your environment — and a record you can read today.
- DLP alerts. Your data-loss-prevention system flags sensitive data leaving sanctioned channels. Tune it for uploads and pastes into AI tools, and it becomes an early-warning system for the highest-risk shadow AI — the kind moving citizen PII.
- Expense-report review. The lowest-tech and most revealing source. Scan card statements and reimbursements for AI subscriptions bought on personal or departmental cards. A recurring charge is a tool no one told IT about.
Pair those system signals with a short, blame-free employee survey — framed as governance, not a hunt — and you will surface the long tail the logs miss. The point of all four is the same: produce a list you can act on.
From discovery to governance: register what you find
Discovery only matters if every tool you uncover lands somewhere permanent, with an owner attached. A spreadsheet of findings goes stale the week after the audit. The work is to register each discovered tool into a central inventory and keep it current — the same first move every AI-governance framework asks for, and the subject of our companion guide on building an AI initiative inventory as the first step of governance.
This is where ClearPoint fits. ClearPoint is a system of record you can use to run AI governance: take the shadow AI you discovered and give every tool a record with an owner, a status (approved, restricted, under review, or retired), a risk tier, and a place in a board-ready report. It is the general platform — the one public agencies already use to track strategic measures and assign accountability — applied to the AI you just found.
Concretely, registering discovered shadow AI in ClearPoint means:
- Every tool has an owner. No AI tool sits unassigned. That matters because ownership is the variable that moves outcomes — across the strategic measures ClearPoint's customers track, work with a named owner is roughly 2.2× more likely to be on track than work without one.
- Every tool has a risk tier and a status. A public chatbot touching citizen PII and an internal summarizer of public data are not the same risk, and the inventory says so — so review effort goes where the exposure is.
- Leadership gets one board-ready view. Instead of assembling an AI picture from scratch before each meeting, you produce a board-ready report in minutes, not days — what AI the agency runs, who owns it, what tier it carries, and what changed.
- New tools come in through the front door. A documented intake for requesting AI tools means the next wave of adoption is governed by default, shrinking the shadow over time.
The goal is not to ban AI. Banning it just pushes more of it into the shadow. The goal is to know what you have, who owns it, and what it is doing — so the 56% in use and the 23% governed start to converge. For where this sits in the broader compliance picture, see our pillar on building and running a strategic plan, and the state-law landscape in AI governance for local and state government.
Frequently asked questions
What is shadow AI?
Shadow AI is any AI tool or feature used for the organization's work without IT or governance approval — the AI-era version of shadow IT. According to IDC (2025), 56% of employees use unauthorized AI tools while only 23% use governed AI, so for most organizations the majority of AI activity is happening outside any oversight.
Why is shadow AI more dangerous than shadow IT?
Because AI tools don't just store data — they ingest it (potentially exposing it to outside models) and they generate outputs that influence consequential decisions. A single employee can also run thousands of records through a tool before governance knows it exists. The scale and decision-making role make the risk categorically larger than a rogue app.
What does shadow AI put at risk in government specifically?
Four things: citizen PII pasted into tools with no data agreement; public records (prompts and outputs) created outside any retention system; due-process gaps when an ungoverned model influences a determination about a person; and the absence of an audit trail, which is the first thing oversight bodies ask for. The April 2025 New York State Comptroller audit found the state had no inventory of the AI systems its entities were using.
How do you discover shadow AI without new software?
Use four sources you likely already own: CASB and web-proxy logs (outbound traffic to AI services), SSO and OAuth grants (third-party AI apps connected to your accounts), DLP alerts (sensitive data moving into AI tools), and expense-report review (AI subscriptions on personal or departmental cards). Combine those system signals with a short, blame-free employee survey to catch the long tail.
How does ClearPoint help govern shadow AI?
ClearPoint is a system of record you can use to run AI governance. Once you've discovered a shadow AI tool, you register it with an owner, a status, and a risk tier, and roll it into a board-ready report — turning a one-time discovery into a living inventory. It's the same platform agencies use to track strategic measures and accountability, applied to AI.
The bottom line
Shadow AI is not a fringe problem to legislate away later; per IDC (2025) it is already the majority of how employees use AI, while only a fraction is governed. The agencies that handle it well don't start with a ban — they start with a list. Discover what's in use with the logs and records you already have, register every tool with an owner and a risk tier, and report it where leadership can see it.
If you want a single place to register discovered AI tools, assign owners and risk tiers, and produce a board-ready governance report, see how ClearPoint works in a short demo.
About this article. Written by the ClearPoint Strategy team. ClearPoint is a strategy reporting and execution platform used across government, healthcare, and higher education; the ownership figure cited reflects aggregated, anonymized platform data. The shadow-AI usage statistic is from IDC (2025). Public-sector audit reference: Office of the New York State Comptroller, April 2025.
