Thought Leaders
Shadow AI Is a Design Failure, Not a People Problem
I want you to remember one line from this piece. If you forget everything else, remember this: shadow AI is the direct result of making the safe path the slow path.
That’s not a hot take. That’s a pattern I’ve watched play out for twenty-five years across every security domain — from shadow IT to BYOD to cloud sprawl. And now it’s happening again with AI, except faster and with higher stakes.
The gap that should keep you up at night
The Microsoft and LinkedIn 2024 Work Trend Index put hard numbers on something most security leaders already felt in their gut: 75% of knowledge workers use AI tools at work, and 78% of them are bringing their own. That’s not experimentation. That’s a workforce that decided it wasn’t going to wait for IT to catch up.
And here’s the part that stings: the governance isn’t keeping up. A 2025 Checkmarx survey found that only 18% of organizations have governance policies covering AI-assisted code generation — despite the majority of engineering teams already using these tools daily. If the gap is that wide for code, imagine what it looks like for every other AI-powered workflow your teams are running. Adoption isn’t waiting for governance. It’s lapping it.
Your people aren’t being reckless. They’re being rational. They found a tool that makes them faster, and the official path to using it safely involves installing Python, creating GCP projects, generating service accounts, downloading JSON credentials to their laptops, and configuring local MCP servers. Real story. Real outcome: the person gave up three steps in.
The failure mode I keep seeing
Let me make the pattern concrete. I’ve watched variations of this across dozens of organizations.
A marketing director reads a blog post: connect an AI assistant to a Google Analytics MCP server, run any SEO report in seconds. Sounds great. She wants to do it.
So she starts down the unmanaged path. Install dependencies. Create a cloud project. Generate a service account. Download a credential file to her laptop. Configure the integration locally.
She gives up. Three steps in. Too much friction. Wrong tool for the wrong person.
Now listen to what I just said. The problem isn’t the marketing director. She’s smart. She’s motivated. She’s exactly the kind of person you want adopting AI tools. The problem is that the secure path was slower than the unsafe one.
That is the failure mode of every legacy access program I’ve ever seen. When the governed path is harder than the ungoverned one, people will find the ungoverned one. Every time. And you’ll find out about it at the breach, not before.
The five graves
I’ve seen organizations try to solve this problem five different ways before landing on what actually works. Each approach failed for the same root reason: it added friction without adding speed.
The first attempt is letting every team pick their own AI tool. The result is fourteen overlapping subscriptions and zero audit trail. You’ve democratized adoption and centralized nothing.
The second attempt is putting everything behind SSO. SSO solves login. SSO does not solve action. Once the agent is authenticated, your SSO layer is blind to what it does next.
The third attempt is sharing a service account across agents. One incident later, you have zero attribution. You can’t tell which agent did what when something goes sideways.
The fourth attempt is writing an AI policy and putting it on the wiki. I’ve watched an organization spend six weeks crafting a comprehensive AI acceptable-use policy, circulate it to all-hands, and then discover three months later that fewer than a third of employees had opened the document. Nobody reads docs. People read defaults. Whatever’s easy is what gets done — and a wiki page is never what’s easy.
The fifth attempt is standing up a centralized review board for every AI project. You think you’re being responsible. You’re being a bottleneck. Within a quarter, teams are routing around you — and you’ve created exactly the shadow AI problem you were trying to prevent.
Each of these graves has the same epitaph: credentials scattered across laptops, no audit trail, and a lot of crossed fingers.
The inversion that actually works
The fix isn’t more friction. It’s an inversion.
Traditional security builds friction to prevent bad behavior. Users route around it. Shadow AI shows up. You find out at the breach.
Invert it. Make the provisioned path faster than the unmanaged path.
What does that look like in practice? That same marketing director — instead of wrestling with Python and service accounts — requests Google Analytics access from inside her AI assistant. The request hits a policy engine. Low risk, known tool, known user — auto-approved. Credential is vaulted, scoped, and short-lived. It never touches her laptop. Every query is logged. She’s running reports in under a minute.
Same person. Same outcome she wanted. A fraction of the time. Full audit trail. Different incentive. Different result.
That’s what AI access management looks like when it’s built right. The fastest path becomes the safest path. The incentive to go around IT disappears — not because you enforced compliance harder, but because you made compliance easier than the alternative. When your governed path is genuinely faster than the ungoverned one, shadow AI starts solving itself.
Measuring what matters
Here’s the metric that never goes away: is the managed path faster than the unmanaged one? The moment unmanaged is faster than managed, shadow AI returns and you start over.
That’s not a one-time measurement. That’s a continuous signal. Every time you add a step, a review, an approval — ask whether you just made the shadow path more attractive.
Self-service isn’t a productivity feature. It’s a security feature. That line inverts how most security teams think about access management, and it’s the most important reframe I can offer. Friction creates risk — every single time.
If you want a behavior, make it the default. If you don’t want a behavior, make it harder than the alternative. Build for that principle, and most of your shadow AI problem solves itself.
