By Brian Shannon, CTO at Flexera
A different kind of shadow is creeping through enterprises – shadow AI. As employees quietly turn to generative tools to speed up analysis, reporting, and communication, a hidden AI economy is taking shape beyond the reach of corporate policy.
Research by MIT found that while 90% of employees now use personal AI tools for work, only 40% of organisations have official subscriptions in place. This gap highlights how rapidly AI adoption is outpacing governance, leaving businesses exposed to compliance and cost risks.
Shadow AI is a bigger problem than ever in the financial services, where trust, transparency, and compliance with expectations set by bodies such as the FCA and PRA are critical.
When innovation outpaces oversight
Shadow AI is following a familiar pattern. It’s much like what happened when cloud and SaaS tools first took off. Adoption usually starts with employees, not leadership, as people find quick, free tools that help them work faster. The problem is these tools often spread before procurement or compliance teams even know they exist.
Flexera’s 2025 State of ITAM Report found that fewer than half of organisations maintain full visibility over their IT assets, a figure that has fallen year on year. Without this visibility, financial institutions cannot know where shadow AI is active, what data is being used, or how workflows are evolving.
That uncertainty can introduce multiple layers of risk. It can happen that sensitive customer information may be shared with unvetted platforms or model outputs can shape financial decisions. Without audit trails, or employees may come to rely on tools that could disappear overnight. Each of these scenarios threatens operational resilience and regulatory confidence alike.
The unseen cost of poor visibility
Beyond compliance and risk, budgets suffer. Licensed platforms continue to draw budget even as staff bypass them, while untracked tools can snowball under the radar. This can result in duplicated spend, inefficiency, and investment decisions built on incomplete information.
Despite global spending of £22–30 billion on generative AI initiatives, only five per cent of companies have seen meaningful returns, a sign that many are investing heavily without a clear view of which tools actually deliver value. This growing gap between experimentation and measurable impact carries high stakes, illustrating a wider issue: AI innovation is outpacing governance and visibility.
For finance leaders tasked with improving productivity and managing return on technology investment, this disconnect is unsustainable. You cannot optimise spend or measure value if you cannot see where work is actually happening.
MIT’s research found that organisations with a defined AI roadmap are 3.5 times more likely to achieve measurable returns. Visibility is the first step toward that roadmap and without it, financial leaders will have a hard time to distinguish between experimentation and value creation.
The most effective response to shadow AI begins with visibility. Financial institutions should get an understanding of their entire IT estate, for example, what assets exist, who uses them, and where critical data flows. This clarity allows leaders to assess which tools are embedded in daily workflows and where the highest risks lie, to realign spend effectively.
Once having visibility and tangible insights, governance can evolve from reactive enforcement to proactive enablement. Trusted tools can be reviewed, while redundant or high-risk ones can be phased out. This shifts AI governance from a cost centre into a source of competitive advantage, helping firms manage exposure while enabling innovation responsibly.
Leadership, culture, and accountability
Shadow AI is not a rebellion against policy; it is a reflection of employee intent to work smarter. Leaders who recognise this can turn it into a source of cultural and strategic insight. Rather than imposing top-down bans, they can establish clear parameters for responsible use, backed by education and transparency.
When leaders design AI governance that reflects how teams actually use AI tools day to day, compliance becomes easier and more organic, which means it doesn’t have to rely on heavy enforcement. And when IT, finance, and compliance teams share a unified view of the technology estate, decision-making strengthens across the board.
Clarity drives performance
In financial services, clarity is currency. As we often say, “garbage in, garbage out” – but with AI, it’s more like “garbage in, catastrophe out.” Without clarity, firms risk making important decisions on flawed inputs, eroding trust, compliance, and overall performance. With it, they can transform risk into intelligence, driving better oversight, stronger resilience, and measurable ROI.
Shadow AI will not disappear. It will continue to expand wherever it delivers speed and value. The challenge for leaders is not to chase it underground, but to bring it into view in order to understand it, govern it, and use it to guide smarter investment.
For financial services, that visibility is a strategic asset that protects data, strengthens compliance, and turns innovation into measurable value. The difference between risk and opportunity lies in whether leaders can see what is truly happening within their own walls.
The industry is at an inflexion point, and those who treat visibility as a strategic capability will turn AI from a compliance risk into a measurable growth driver.
