CIOs Still Lack Control Over Security Threats From Shadow AI: Report

Gartner is warning that companies are sleepwalking into a minefield of hidden generative AI risks, from unsanctioned "shadow AI" to spiraling technical debt, that could doom their projects. The firm said addressing these issues will separate the winners from the losers by 2030.

• The shadow knows: The biggest threat is the explosion of unsanctioned AI. A Gartner survey found 69% of organizations suspect employees are using prohibited public GenAI tools, opening the door to major security and compliance failures. A second report from security firm Reco pointed the finger squarely at OpenAI, finding the platform is behind 53% of all shadow AI use in the enterprise.

• Code now, pay later: Another hidden danger is the ticking time bomb of AI technical debt. While teams celebrate the speed of AI-generated code, they are ignoring the long-term maintenance burden, which Gartner predicts will cause project delays or rising costs for half of all enterprises by 2030. The report also points to how over-relying on AI is slowly hollowing out essential human expertise.

Gartner’s final warnings targeted external pressures and strategic mistakes. The firm flagged the tangled web of data sovereignty rules, predicting that by 2028, nearly two-thirds of governments will have regulations that slow AI rollouts. It also called out the familiar devil’s bargain of vendor lock-in, where choosing a single provider for speed limits a company's agility and negotiating power down the line.