The Question
How many AI tools are running in your organization right now?
If your answer comes from your IT asset register, it is almost certainly wrong. The actual number is higher — often significantly higher — and the gap between what IT knows about and what employees are using is the foundational risk that makes every other AI security control less effective.
OWASP identifies this as the precondition for LLM02: Sensitive Information Disclosure. You cannot prevent your AI systems from leaking sensitive data if you do not know which AI systems your employees are feeding sensitive data into.
Why This Matters Now
In early 2023, Samsung Electronics experienced three separate data leakage incidents within a single month — all caused by employees using ChatGPT without authorization.
In the first incident, an engineer pasted proprietary source code into ChatGPT and asked it to help fix a bug. In the second, a different engineer uploaded code to ask for optimization suggestions. In the third, an employee recorded a meeting and submitted the transcript to ChatGPT to generate meeting notes. Each action was individually reasonable — employees were trying to do their jobs faster. Collectively, they transmitted Samsung's proprietary source code, unreleased hardware specifications, and internal meeting content to a third-party AI service operating outside Samsung's data governance controls.
Samsung responded by banning ChatGPT company-wide. That is one response. But it does not solve the underlying problem: employees will use tools that make them more productive, with or without IT approval, and AI tools are extraordinarily effective at making people more productive.
The Shadow AI problem is not a compliance failure waiting to happen. For Samsung, it already happened. The question for every enterprise security leader is whether they will discover their version of this incident proactively — or after the fact.
What the CURVE™ Data Shows
Shadow AI is harder to inventory than Shadow IT for a structural reason: AI capabilities are embedded inside tools your employees already use and that IT has already approved.
Microsoft 365 Copilot is an approved SaaS application. But within it, AI features can access email, calendar, SharePoint, Teams messages, and — depending on permissions — sensitive documents across the organization. An employee using Copilot to summarize a document is an AI tool processing that document's content. Whether that creates risk depends on what the document contains, how Copilot handles the data, and what your Microsoft tenant configuration permits.
The same logic applies to Salesforce Einstein, Notion AI, Google Workspace Gemini, Slack AI, and dozens of other enterprise SaaS platforms with AI features toggled on by default or enabled silently in an update.
The 2026 Stackcurve AI Security CURVE™ Report covers the AI Governance & Compliance category — vendors including Zenity, Credo AI, and Arthur AI — which have built tooling specifically to discover and govern AI deployments across the enterprise, including the embedded AI features in sanctioned SaaS. What the CURVE™ data shows is that this category is still early: the tools are improving rapidly, but comprehensive discovery — especially for AI features inside approved SaaS — remains an unsolved problem for most enterprises.
The full vendor rankings are in the 2026 AI Security CURVE™ Report — free to download.
The Gap Most Buyers Miss
The Shadow IT playbook from ten years ago does not transfer cleanly to Shadow AI. Traditional shadow IT — an employee signing up for a cloud storage service or a project management tool — creates a discrete, discoverable asset: a new SaaS account, a new OAuth connection, a new DNS entry. Your CASB can see it. Your SSO logs can flag it.
Shadow AI is different in three ways that make it harder to find.
First, it is embedded, not separate. When an employee uses Copilot in Teams, they are not creating a new shadow application — they are using a feature inside an application IT already approved. The shadow is inside the perimeter, not outside it.
Second, the data risk is in the prompt, not in the application. A CASB that monitors which applications employees access cannot see what those employees typed into an AI prompt. The sensitive data — the source code, the patient record, the M&A memo — travels in the content of the request, not in the identity of the application.
Third, the AI capabilities change without notice. SaaS vendors ship AI features in product updates. An application your security team reviewed six months ago may have three new AI capabilities today that did not exist when you assessed it. Continuous monitoring, not point-in-time review, is required.
Questions Your Buying Team Should Be Asking
1. Have you conducted an AI asset inventory in the last 90 days? Not a policy review — an actual technical inventory. This includes sanctioned AI tools, shadow deployments discovered through network monitoring, and AI features embedded in approved SaaS. If the answer is no, start here before any other AI security investment.
2. What data governance controls apply to your Microsoft Copilot / Google Gemini / Salesforce Einstein deployment? These are the highest-risk embedded AI tools in most enterprise environments because they have access to the full breadth of enterprise data by design. Understand what data each can access and who can access it before enabling broadly.
3. Do you have a process for reviewing AI feature additions in approved SaaS? Most enterprises do not. Vendor update notes mention AI feature additions in small print. An AI feature review step in your change management process — lightweight but consistent — catches the embedded shadow AI problem before it creates exposure.
4. What is your policy for employee use of external AI tools (ChatGPT, Claude, Gemini) for work tasks? A blanket ban is not enforceable and drives usage underground. A policy that defines permitted use cases, prohibits specific data types (source code, PII, M&A information), and provides approved alternatives is both more realistic and more effective.
5. Are you monitoring for data typed into browser-based AI tools? DLP controls that cover file uploads and email often miss browser-based AI interactions where sensitive content is pasted rather than attached. Ask your DLP vendor whether their controls extend to this scenario.
The Stackcurve Take
Samsung's decision to ban ChatGPT after the 2023 incidents was understandable. It was also, in retrospect, insufficient: employees continued using AI tools through personal devices and personal accounts, and the company had no visibility into those interactions. A ban without an alternative and without monitoring enforces nothing — it just removes the official channel.
The more durable response is a three-step sequence. First, inventory: know what AI is actually running. Second, classify: sort AI deployments by data sensitivity and risk tier, not by whether IT approved the tool. Third, govern: apply data-type-specific controls — prohibitions on certain data categories entering certain AI systems, monitoring for violations, approved alternatives for high-demand use cases.
This sequence does not require a large budget. It requires executive commitment to treat AI data governance as a security function rather than an IT policy exercise.
Stackcurve's view, drawn from the CURVE™ research: the enterprises that get ahead of Shadow AI in 2026 will not be the ones with the most aggressive bans. They will be the ones that build visible, workable governance before an incident forces the issue.
The 2026 Stackcurve AI Security CURVE™ Report covers the AI Governance & Compliance vendor landscape in detail. Download it free →
Stackcurve Advisory Briefs are independent research. No vendor pays for placement, tier assignment, or editorial influence. The CURVE™ methodology is disclosed in full at stackcurve.net/research/methodology.