Most organizations have an AI problem they cannot see.

Employees are adopting AI tools faster than IT, and security teams can review, approve, or monitor them. In many cases, sensitive company data is being processed by third-party systems that no one in security or legal has ever evaluated. The assumption that this is a productivity issue underestimates the extent of exposure. It is a security and governance problem with direct implications for compliance, data integrity, and organizational resilience.

How Widespread is Unsanctioned AI Use? 

The numbers are difficult to dismiss. Research compiled from IBM, ISACA, and Reco AI finds that 98% of organizations have employees using unsanctioned AI tools. Only 30% of organizations report having full visibility into how employees use AI across their environments.

A January 2026 BlackFog study of 2,000 employees found that 63% believe it is acceptable to use AI tools without IT oversight if no company-approved option is available. That is not negligence. It is a policy gap being filled by individual judgment.

The data being shared in these tools compounds the risk. Employees using unsanctioned AI tools admit to sharing enterprise research and datasets, employee data (including salary and performance information), and company financial information, often without understanding where that data goes or how it is retained.

What Happens When an Unsanctioned Tool Has a Critical Vulnerability?

This is where the governance gap becomes a security incident.

In October 2025, our Cyber Threat Intelligence Unit was tracking a critical vulnerability in OpenAI’s ChatGPT Atlas browser that allows attackers to inject malicious instructions directly into ChatGPT’s persistent Memory and execute code under the user’s privileges. The attack does not require sophisticated access. A user simply needs to visit a malicious website or click a phishing link while logged into Atlas.

What makes this particularly dangerous is persistence. Injected instructions are written to Memory and synchronized across all devices associated with that account. Every subsequent session automatically executes the attacker’s stored instructions, enabling repeated, silent data exfiltration, account takeover, and malware deployment without the user’s awareness.

For an organization that knows Atlas is in use, the response is clear: patch, audit Memory for anomalies, enforce MFA, and restrict access. For an organization that does not know employees are using it, there is no response at all.

That is the governance gap in practice.

Why Can’t Traditional Tools Catch This? 

Unsanctioned AI tools operate outside the systems organizations rely on for visibility and response. There is no asset inventory entry, no patch management cycle, no monitoring rule, and no incident response playbook for a tool that security teams do not know exists.

Nearly 55% of enterprises report difficulty identifying which employees use unauthorized AI tools, and 60% of IT leaders say lack of visibility is their biggest challenge in managing AI-related risk. When a vulnerability surfaces in an unsanctioned tool, the organization is already behind the curve. The patching window starts the moment the vendor releases a fix. For organizations without visibility, that window never opens.

This is not a new category of risk. It is shadow IT applied to a technology with broader access, deeper integrations, and faster adoption than anything that came before it.

What Should Organizations Do? 

Governance does not require blocking every AI tool employees want to use. It requires knowing what is in use and having the controls in place to respond when something goes wrong. Practically, that means:

• Establishing a formal AI tool review and approval process before deployment.

• Auditing current AI usage across the organization, including personal accounts and free-tier tools.

• Enforcing MFA and conditional access for all AI platforms with access to business data.

• Implementing monitoring for anomalous data flows to unapproved AI services.

• Developing incident response playbooks that specifically address agentic AI and browser-integrated AI tools.

NopalCyber’s GRC and vCISO services are built to help organizations establish governance frameworks that keep pace with AI adoption, rather than just responding to incidents after the fact.

Key Takeaways

• Unsanctioned AI use is nearly universal, with 98% of organizations reporting employees using unapproved tools.

• Only 30% of organizations have full visibility into AI usage across their environment.

• The ChatGPT Atlas vulnerability demonstrates that unsanctioned tools bypass not just policy, but the entire patching and remediation cycle.

• Persistent memory injection means a single compromised session can affect every future session across all linked devices.

• Governance is not about restricting productivity. It is about maintaining the ability to respond when something goes wrong.

The Risk Does Not Stay in the Shadows

Unsanctioned AI use is not a future compliance concern. It is an active exposure that grows with every tool an employee adopts outside of IT oversight.

The question organizations need to answer is not whether employees are using AI tools they have not approved. They almost certainly are. The question is whether the organization will know about it before a vulnerability does.

Contact our team to discuss how NopalCyber can help you build the visibility and governance controls your AI environment requires.