For a long time shadow AI was a gut-feeling topic: you suspected employees were tipping documents into external AI tools, but couldn't put a number on it. That's over. In the Cost of a Data Breach Report 2025, IBM named a price: breaches at organizations with high shadow-AI use cost $670,000 more on average — and one in five breaches now traces back to shadow AI.
For regulated companies in the DACH region, that's not a statistic but a budget and liability question. Let's look at the numbers — and at what actually helps.
What is shadow AI?
Shadow AI is the use of AI applications without IT's knowledge or approval — the AI counterpart to shadow IT. The difference is the risk: AI tools often process large amounts of sensitive input, and some use it for training. When an employee pastes a confidential contract into an external text generator, the document leaves the company uncontrolled — a data-protection incident before anyone has even been attacked.
The gap is real and well measured. Per Bitkom (survey of 604 companies with 20+ employees, 2025), employees use private AI tools widely in 8 percent of companies and in individual cases in a further 17 percent — while only 23 percent have any AI-use guidelines at all. Internationally, the Verizon DBIR 2026 points the same way: 67 percent of users access AI services via private accounts — on corporate devices.
What shadow AI costs — the numbers from the IBM report
IBM puts the extra cost of high shadow-AI use at around $670,000 per breach — measured against organizations with low or no shadow AI. Important context: this is a surcharge, not the total cost of a breach (which averaged $4.44 million globally, the first decline in five years).
| Metric (IBM 2025) | Value | Meaning |
|---|---|---|
| Extra cost with high shadow-AI use | + $670,000 | surcharge per breach vs low/no shadow AI |
| Share of breaches involving shadow AI | 20% | one in five breaches |
| Missing AI access controls | 97% | of the 13% whose AI models/applications were compromised |
| More often exposed: PII / IP | 65% / 40% | shadow-AI breaches hit sensitive data disproportionately |
| Global average cost of a breach | $4.44M | first decline in five years |
Behind the numbers sits a pattern: shadow-AI breaches disproportionately exposed personal data (65%) and intellectual property (40%) — exactly the data that is most expensive in regulated industries. And they stayed undetected longer, because no one monitors the unsanctioned tools. One note for honesty: these are global averages from IBM's study, not DACH- or sector-specific figures.
Why bans make the problem worse
Many companies' first reaction is a ban. It sounds obvious and is counterproductive. Employees use external AI not out of malice but because they need a tool that makes their work faster. Ban it without offering an alternative, and usage doesn't disappear — it goes invisible. And invisible usage is exactly the high shadow-AI use no one monitors — the kind that adds $670,000 per breach in IBM's statistics.
The Bitkom figures confirm the governance gap: three in four companies have not established rules for AI use. A policy on paper changes little when the sanctioned solution is missing or worse than what's free in the browser.
How a local, permission-aware AI removes the costliest variable
The effective lever is not the ban but the better official alternative. If the sanctioned AI is fast, helpful and secure, the incentive to tip sensitive data into external tools disappears.
A local, permission-aware AI moves models and data onto your own hardware — with no external APIs. That removes the costliest variable: uncontrolled data outflow into third-party clouds. Permission-aware retrieval limits access to documents the given user is authorized to see, and an audit trail makes every use traceable — meeting exactly the AI access controls that were missing in 97 percent of compromised cases. That governed AI brings benefit, not just risk, is shown by the same IBM report: security teams using AI and automation extensively saved $1.9 million per breach on average.
This is exactly where Lokalaise comes in: a sanctioned, grounded AI platform on your own hardware that makes shadow AI redundant, because it's better than the quiet reach for an external tool. How the data outflow happens technically, we showed using real AI leaks: When the AI assistant becomes the data leak; and that governance is also a legal duty, our Article 50 deployer checklist shows. Why data sovereignty matters beyond security, read under Security & data sovereignty — and via the cloud criteria in BSI C3A.
Your next steps
Three questions show how large your shadow-AI risk is:
- Visibility: Do you know which external AI tools your employees use today — and with which data?
- Alternative: Is there a sanctioned, good internal AI — or just a ban on paper?
- Control: Is AI access permission-aware and reviewable after the fact?
Wherever you hesitate, it's worth a closer look. In a short demo we'll show how a sanctioned, local AI takes the costliest variable out of your risk calculation.
Frequently asked questions
Conclusion
Shadow AI is not a discipline problem, it's an architecture problem. Employees reach for external tools because the official solution is missing or worse — and tip sensitive documents into other people's clouds in the process. A ban only pushes that underground. Provide a good, sanctioned AI on your own hardware instead, and you remove the costliest variable — uncontrolled data outflow via external APIs — structurally, rather than forbidding it on paper.
Written by
Marius Gill
CTO @ Lokalaise
