Shadow AIĀ GovernanceĀ LagsĀ as AI Adoption Soars,Ā AccordingĀ toĀ Cato Networks SurveyĀ
Global survey ofĀ 600+Ā IT leaders reveals critical gaps in AI oversight, withĀ 69Ā percentĀ ofĀ respondentsĀ lackingĀ aĀ formal tracking systemĀ toĀ monitorĀ AIĀ adoptionĀ Ā Ā Ā Ā Ā
TEL AVIV, Israel, December 3, 2025 ā Cato Networks, the SASE leader, today announced the results of a global survey showing that most organizations lack monitoring capabilities and governance policies needed to mitigate risks posed by shadow AI.
The survey of more than 600 IT leaders across North America, EMEA, and APJ reveals a troubling disconnect. While more than half (61 percent) of respondents found unauthorized AI tools in their environments, only 26 percent have solutions in place to monitor AI usage. Nearly half (49 percent) of the respondents either donāt track AI usage at all or address AI on a reactive basis.
āIn many enterprises, AI adoption is happening from the bottom up,ā said Etay Maor, chief security strategist at Cato Networks. āEmployees are always going to gravitate towards using the AI tools they feel comfortable with. They feel it will give them a productivity edge. However, without proper visibility and governance, enterprises are expanding their attack surface-in many cases without realizing it.ā
AI Security Preparedness Falls Short
The research exposes a critical flaw in how enterprises approach AI adoption. The primary use case for AI adoption according to 71 percent of respondents is to increase productivity and efficiency. However, 69 percent of respondents report that they lack a monitoring system for AI adoption. Most enterprises remain oblivious to the AI tools that employees are using, what data they are sharing, and what compliance risks may be emerging.
This governance gap extends beyond oversight and monitoring. Only 13 percent of respondents consider their organizationās management of shadow AI risks as āhighly effective.ā Less than one in ten respondents (9 percent) think the organization has a āhighly effectiveā defense against AI-generated cyber threats such as deepfakes, hallucinations, and prompt injection attacks.
Shadow AI operates much like shadow IT-unauthorized technology is being adopted to solve an immediate problem-but the risks tied to data processing, model training, and the lack of clear AI decision-making present security concerns. IT leaders clearly recognize the stakes at play. Most respondents (53 percent) are highly or extremely concerned about AI security risks.
āIt is not a question of whether there is shadow AI usage within an enterprise, but whether you have the ability to detect it, govern it, and secure it before an issue arises,ā said Maor. āOur research shows that most enterprises need to take rapid action to gain visibility and control of their AI usage.ā
Resources
- [Photo] Etay Maor
About Cato Networks
Cato Networks delivers enterprise security and networking in a single cloud platform. The SASE leader creates a seamless and elegant customer experience that effortlessly enables threat prevention, data protection, and timely incident detection and response. With Cato, organizations replace costly and rigid legacy infrastructure with an open and modular SASE architecture based on SD-WAN, a purpose-built global cloud network, and an embedded cloud-native security stack.āÆ
Want to learn why thousands of organizations secure their future with Cato? Visit us atāÆwww.catonetworks.com.
Media Contact
Cato Communications
