Shadow AI Agents: Security Teams Only See 44% of Tools

Shadow AI Agents: Security Teams Only See 44% of Tools

May 5, 2026 · Martin Bowling

Most companies cannot see what AI is doing inside their own walls

A survey of 200 enterprise CISOs released on April 27 found that security teams can only track 44% of the AI apps, agents, and automations that business users have built inside their own companies. Eighty percent of those CISOs admitted they lack full visibility into the AI tools handling sensitive data. The Nokod study landed less than a week after the Cloud Security Alliance reported that 82% of enterprises have unknown AI agents running in their environments — and 65% have already had an AI agent-related incident in the past 12 months.

If a company with a CISO and a security budget can only see 44% of its own AI footprint, what do you think is happening at a 12-person plumbing company in Bluefield or a hotel in Beckley?

The shadow AI agent problem is not an enterprise problem. It is a small business problem with worse downside.

What the surveys actually found

Two reports landed within six days of each other, and they tell a consistent story.

The Nokod survey, conducted with 200 enterprise CISOs, focused on AI tools built by business users — not engineers — using platforms like Microsoft Copilot Studio, Power Automate, ServiceNow, and UiPath. The headline numbers:

  • 44% is the average share of business-built AI agents that security teams can actually see
  • 80% of teams admit they lack full oversight of those tools
  • More than half of CISOs confirmed business users are building mission-critical AI applications without security review
  • The ratio of business-builders to professional developers runs 4-to-1, and as high as 10-to-1 in some organizations

The Cloud Security Alliance survey of 418 IT and security professionals went further. Sixty-five percent reported an AI agent incident in the past 12 months. Of those, 61% reported data exposure, 43% operational disruption, and 35% direct financial losses. Shadow agents most commonly showed up in internal automation scripts (51%), custom LLM tools and assistants (47%), SaaS tools with built-in automation (40%), and developer workflows (40%).

The kicker: only 21% of organizations have a formal process for shutting down AI agents when they are no longer needed. The rest just leave them running.

Why small businesses are more exposed

It is tempting to read “enterprise CISO survey” and click away. Do not. The forces creating shadow AI in a 5,000-person company are stronger, not weaker, in a 15-person one.

A few reasons:

  • No one is looking. Large companies have at least a handful of people whose job is to track unauthorized tools. Most small businesses have a bookkeeper who also handles IT and a part-time consultant who shows up every other Thursday.
  • Same tools, fewer guardrails. A small business that runs on Microsoft 365 has access to Copilot Studio. One that uses Google Workspace has Gemini in Sheets and Docs. These platforms make it trivial for any employee to spin up an automation that touches customer data — without anyone telling the owner.
  • Higher data concentration. When a 12-person accounting firm leaks a client list, it is not a percentage of revenue. It might be the whole business. The same logic applies to a medical office, a law practice, or a restaurant with thousands of loyalty members on file.
  • Regulatory exposure does not scale down. HIPAA, the FTC Safeguards Rule, state privacy laws, and PCI requirements all apply to small businesses. None of them care whether the leak came from a hacker or from an employee who built a Power Automate flow that emailed customer records to a personal Gmail account.

We covered the broader shadow AI risk picture when Runlayer launched OpenClaw for Enterprise back in February. The new data hardens the case.

How shadow AI agents actually show up at a small shop

Shadow AI rarely arrives as a deliberate end-run around the rules. It looks like this:

  • The office manager at an HVAC contractor sets up a Microsoft Power Automate flow to forward incoming service requests from email into a spreadsheet, then auto-reply with a quote based on a Copilot prompt. It works. Nobody else knows it exists. Six months later it stops triggering, and a week of leads goes into a black hole.
  • A bookkeeper at a small restaurant group builds a custom GPT to help draft vendor emails. It is trained on actual invoices — including bank account numbers and pricing terms. The GPT is set to “anyone with the link can use it.”
  • A front-desk staffer at a vacation rental cleaning service uses a Zapier AI step to summarize customer reviews and post them into Slack. The Zap was set up under their personal account. They quit. The Zap keeps running, sending data outside the company’s control, until the credit card on the personal account expires.

Each of these is a real shape of incident the CSA report flagged. Every one starts with a well-intentioned employee solving a real problem. None of them get caught by traditional IT review because no one asked IT.

A 30-minute AI inventory every small business should run

You cannot govern what you cannot see. Before you adopt new tools — including ours — sit down for half an hour and answer these questions. Do it on paper if you have to.

  1. List every AI subscription on the books. ChatGPT Team, Claude, Copilot, Gemini, Notion AI, Zapier, Make, Otter, Fireflies, anything. Pull the receipts from your bank statements for the last three months.
  2. List every platform that has AI built in. Microsoft 365, Google Workspace, HubSpot, Salesforce, QuickBooks, Toast, ServiceTitan, Housecall Pro. The “AI” features inside these are the most common source of shadow agents according to the CSA data.
  3. Ask each employee, individually: “What AI tools have you used for work in the last 30 days, including free ones?” Do not punish honest answers. The goal is the inventory.
  4. Check for built automations. In Microsoft 365, look at Power Automate flows owned by user accounts. In Google Workspace, check Apps Script projects. In Zapier or Make, list active scenarios. Note who owns each one.
  5. Tag each item with three things: what data it touches (customer, financial, employee, public), who owns it, and what happens if that person leaves tomorrow.
  6. Decide a default. For each item, decide: keep, replace with a sanctioned tool, or shut down. Write the decision next to the item. Set a calendar reminder to repeat this every quarter.

That is the minimum. It will not catch everything. It will catch most of what matters, and it costs nothing but coffee.

What we think

The bottom line: Shadow AI is not a sign your team is reckless. It is a sign the official tools are slower than the unofficial ones.

The best way to shrink shadow AI in your business is to give people a sanctioned tool that is genuinely better than whatever they would download for free. That is the entire pitch behind purpose-built AI Employees — agents that already know what an HVAC dispatcher, a restaurant host, or a vacation rental cleaner needs, with the data they touch under your control rather than scattered across personal accounts.

If you are not sure where you stand — what AI you have, what data it touches, whether the tools you are paying for are quietly leaking — we will help. Get in touch and we will walk through the inventory with you. Half an hour now beats a breach later.

Industry News Small Business AI Tools Automation
Back to all posts