The Question
In 2019, the enterprise security problem was employees using Dropbox, WhatsApp, and personal Gmail for work. CASB tools solved this by discovering cloud applications in web traffic, categorizing them by risk, and applying DLP policies to data entering and leaving those applications. The problem was large but structurally simple: a finite set of unauthorized cloud applications carrying enterprise data across channels that CASB was designed to monitor.
In 2026, the problem is employees submitting source code, earnings models, acquisition targets, patient records, and attorney-client communications to ChatGPT, Claude, Gemini, Perplexity, GitHub Copilot, Midjourney, and several hundred other AI tools — over the same HTTPS channels your CASB monitors — in the course of doing their jobs faster and more effectively.
The technical architecture of shadow AI looks nearly identical to legitimate SaaS usage from the CASB's perspective. The data patterns involved bear no resemblance to the SSN, credit card, or PHI patterns that most enterprise DLP rule sets were built to detect. And the population of AI tools employees are using is growing faster than any CASB vendor's application library can track.
Shadow AI creates data exposure risk through the same channels your CASB monitors — but the apps, the data patterns, and the risk profile are categorically different.
Why This Matters Now
In March 2023, Samsung Electronics discovered that engineers in its semiconductor division had submitted proprietary source code to ChatGPT on at least three separate occasions within a single month. One engineer used ChatGPT to optimize code related to the yield improvement process for a fabrication line. Another submitted meeting notes containing internal discussions about chip architecture decisions. A third used ChatGPT to convert internal proprietary code to a different programming language.
Samsung had no AI usage policy in place at the time of these incidents. The CASB deployed on the network was not configured to classify ChatGPT as a high-risk application — because in early 2023, most CASB vendor application libraries did not have granular AI tool categorization. The DLP policies in place were written to detect patterns associated with PII and financial data, not source code structures or internal process documentation.
The Samsung incidents became public because the company disclosed them internally and then the disclosure itself leaked. The underlying exposure — proprietary semiconductor process data submitted to an external AI model with a terms-of-service that permitted use of inputs for model training at the time — cannot be remediated retroactively. The data was submitted. Whatever retention and training policies OpenAI applied to that data were OpenAI's to determine.
By 2025, the problem had scaled dramatically. Cyberhaven's research found that 11% of data employees paste into ChatGPT is classified as confidential by their organization's data classification system. The 2025 Cloud Security Alliance survey found that 68% of enterprise security teams had discovered employees using at least ten distinct AI tools that were not on the approved application list. The median enterprise employee now interacts with 3-4 AI tools per week. The CASB problem is not one Samsung incident — it is a continuous, high-frequency data exposure risk that most enterprise security architectures were not designed to address.
What the CURVE™ Data Shows
The 2026 Stackcurve SASE/SSE CURVE™ Report evaluates CASB platforms on a dedicated Shadow AI Readiness dimension, scoring vendors on AI application library coverage, AI-specific DLP detection capability, and policy control granularity for AI tool access.
Netskope leads the evaluated set on AI application library coverage, with over 650 categorized AI tools in its cloud application database as of Q1 2026 — including granular categorization by AI function type (generative text, code generation, image generation, data analysis) and data retention policy classification. This categorization depth enables risk-tiered access policies that go beyond binary allow/block decisions.
Zscaler Internet Access shows strong AI-specific DLP capabilities, including detection rules built for code patterns, internal document structures, and conversational context that indicates corporate information rather than generic query patterns. Palo Alto Networks Prisma Access integrates AI application discovery with its broader NGFW telemetry, providing richer behavioral context for AI usage anomaly detection.
Skyhigh Security and McAfee-heritage CASB platforms show measurable gaps in AI application library currency, with update cadences that lag the pace of new AI tool market entry by several months — a meaningful deficiency in a category where new tools reach enterprise employee adoption within weeks of launch.
The full vendor rankings are in the 2026 Stackcurve SASE/SSE CURVE™ Report — free to download.
The Gap Most Buyers Miss
The structural difference between the shadow IT problem and the shadow AI problem is not volume — it's the nature of the data and the detection challenge it creates.
The classic CASB use case was built on two assumptions that shadow AI breaks:
Assumption 1: High-risk data has recognizable patterns. PII has structure: SSNs follow a 9-digit format, credit cards follow Luhn-valid 16-digit formats, PHI has specific field combinations. DLP engines can detect these patterns with reasonable precision even in unstructured text. Enterprise intellectual property — source code, strategic plans, M&A targets, customer pricing models, R&D roadmaps — does not have a detectable pattern. A 200-line function submitted to GitHub Copilot looks like a coding query. An earnings model pasted into ChatGPT looks like a spreadsheet question. A discussion of an acquisition target looks like a business strategy question. The CASB cannot distinguish the sensitive instance from the innocuous one without understanding organizational context that most DLP engines don't have.
Assumption 2: The set of high-risk applications is stable and manageable. In 2019, an enterprise could enumerate the shadow IT applications in use within a quarter, categorize them by risk, and build policies that covered the population. AI tools are releasing at a pace that makes this model operationally unworkable. There are now more than 1,000 distinct AI tools with meaningful enterprise employee adoption. New tools reach 100,000 users within weeks of launch. A CASB application library that is updated quarterly cannot keep pace with a category that is adding risk-relevant applications monthly.
The tactical failures that compound the structural problem:
1. Binary allow/block policies for AI tools. Most enterprise CASB policies for AI tools are either blocking ChatGPT entirely — which drives usage to mobile devices or home networks outside the CASB's visibility — or allowing it without any DLP controls. Neither approach is operationally defensible. A risk-tiered policy — approved tools with DLP enforcement, high-risk tools with user acknowledgment requirements, explicitly blocked tools for specific data classifications — requires the vendor categorization depth and policy granularity that most CASB platforms are still building.
2. DLP rules that haven't been updated since the shadow IT era. If your DLP rule set was written primarily to detect PII, PHI, and PCI data, it is not protecting against the primary risks in shadow AI environments. A code exfiltration event, a strategic document submission, or a competitive intelligence disclosure will not trigger a legacy DLP policy. AI-era DLP requires custom rule development for code patterns, organizational entity recognition (product names, codenames, personnel), and document classification signal extraction.
3. No visibility into AI tool data retention and training policies. Not all AI tools treat submitted data the same way. Some default to using inputs for model training with opt-out options that are not obvious to enterprise employees. Others offer API-based enterprise tiers with explicit data retention limitations. Others operate under jurisdictions with data sovereignty implications. CASB policies that don't account for these differences — allowing access to enterprise AI tools without evaluating their data handling terms — are making risk decisions without material information.
4. Ignoring the browser extension attack surface. Many AI productivity tools install as browser extensions, operating at a level of browser access that CASB network-layer monitoring may not fully capture. Browser-based DLP — a capability that Netskope, Zscaler, and others now offer as a complement to network-layer CASB — is increasingly necessary for complete shadow AI coverage.
Questions Your Buying Team Should Be Asking
1. How many AI-specific applications are in your cloud app library, and what is your update cadence for adding new AI tools? This is the baseline capability question. Ask vendors for a specific count of AI-categorized applications in their library, broken down by function type. Then ask how quickly a new AI tool that reaches significant enterprise adoption gets added to the library. The answer reveals whether the vendor is tracking the AI market in near-real-time or operating on a traditional quarterly update cycle that is structurally too slow for this category.
2. Can your DLP engine detect code patterns, internal document structures, and organizational entity references — not just PII and financial data patterns? Shadow AI's primary data risk is intellectual property, not regulated data. Ask vendors to demonstrate a DLP policy that would have caught the Samsung incident — source code submitted to a generative AI tool. If the demonstration involves only regex-based pattern matching, the platform is not equipped for AI-era data protection.
3. Does your platform support risk-tiered access policies for AI tools — approved with controls, conditional with acknowledgment, blocked — rather than binary allow/block? Risk-tiered AI access policies are operationally superior to blanket blocks for two reasons: they drive less shadow usage outside the CASB perimeter, and they enable organizations to quantify AI tool usage and risk without eliminating productivity gains. Ask vendors to demonstrate how a risk-tiered policy is configured and what the user experience looks like at each tier.
4. Can your platform capture what is being submitted to AI tools, not just that they were accessed? Traffic metadata — that a user accessed ChatGPT — is less valuable than content inspection — what they submitted. Most enterprise DLP deployments are configured to inspect outbound content, but the inspection depth varies significantly based on how the platform handles TLS inspection and whether it decodes multipart form submissions, API calls, and browser extension traffic. Ask vendors to be specific about what content is captured and stored for DLP investigation.
5. How does your platform handle AI tools accessed from mobile devices and personal machines outside the corporate network? The CASB network-perimeter model breaks down when employees access AI tools from devices that are not in the traffic inspection path. Ask vendors what their coverage model is for off-network AI usage. The honest answer involves agent-based enforcement (requiring a corporate agent on personal devices, which has its own policy challenges) or accepting a coverage gap. Organizations that haven't explicitly addressed this gap are seeing it exploited — employees who can't use ChatGPT from their work machine are using it from their phone.
The Stackcurve Take
Shadow AI is not a novel threat category — it is the predictable extension of the same human behavior that created shadow IT, applied to a new generation of tools that are significantly more powerful and significantly more data-hungry. The CASB solved shadow IT by bringing cloud application usage into visibility and policy control. Solving shadow AI requires the same approach applied to a harder version of the same problem: more tools, faster-changing landscape, less detectable data patterns.
The organizations that solve this earliest are not necessarily the ones with the most sophisticated CASB deployments. They are the ones that have updated their DLP rule sets to address intellectual property rather than just regulated data, implemented risk-tiered AI access policies rather than blanket blocks, and accepted that AI tool governance requires organizational policy work — acceptable use guidelines, clear employee communication, management buy-in — that no CASB vendor can substitute for.
The 2026 Stackcurve SASE/SSE CURVE™ Report covers CASB platforms, including dedicated Shadow AI Readiness scoring across all major evaluated vendors. Download it free →
Stackcurve Advisory Briefs are independent research. No vendor pays for placement, tier assignment, or editorial influence. The CURVE™ methodology is disclosed in full at stackcurve.net/research/methodology.