Shadow AI Risks Grow as 31% of Users Lack Employer Training
▼ Summary
– Between one-fifth and one-third of workers use AI outside IT governance, creating a gap between adoption and organizational controls.
– Employee enthusiasm for AI is high, with 70% using it weekly and 80% expecting increased use, outpacing enterprise management capacity.
– Shadow AI raises security risks, including exposure of sensitive data, fragmented workflows, and uneven productivity gains.
– Only 23% of employees are highly concerned about direct AI system attacks, while 74% want better cybersecurity training on AI risks.
– The report recommends building governance before scaling AI and embedding security awareness into workflows.
Between one-fifth and one-third of workers are now using AI beyond the reach of IT governance, according to a global study of 6,000 full-time employees at enterprise organizations. The research reveals a growing disconnect between how quickly employees adopt AI and the controls companies have in place to manage it.
Lenovo’s Work Reborn Research Series 2026 report depicts a workforce split into two camps: those with access to IT-managed tools, training, and oversight, and those operating independently with consumer AI services. This divide is largely driven by gaps in training and tooling.
Many employees say their employers fail to provide either AI tools or adequate training. Among those who do receive training, a significant portion describe it as irregular or ineffective. Half of all employees believe better training would help them get more value from AI at work, signaling a workforce ready to adopt AI faster than their employers can support it.
Enthusiasm for AI continues to climb. Seven in ten employees use AI tools at least a few times a week, and 80% expect their usage to increase over the next year. Lenovo’s research suggests adoption is outpacing enterprise readiness to manage, enable, or align it.
The report flags two key security risks tied to shadow AI. First, bypassing compliance controls increases the chance that intellectual property or sensitive data gets processed outside governed environments. Second, fragmented workflows lead to inconsistent execution and uneven productivity gains across teams.
Employee trust in enterprise-provided tools is showing cracks. A notable share of workers doubt the reliability of information from employer-provided AI tools, and a smaller group questions whether their privacy and personal data are safe when using them.
Cybersecurity awareness among employees is uneven. Nearly half are highly concerned about criminals using AI to launch sophisticated cyber attacks against their company. The same percentage worry about accidentally leaking sensitive company information through public AI systems like ChatGPT. Forty percent are highly concerned about deepfake videos and AI-generated phishing emails. Yet only 23% are highly concerned about criminals targeting their company’s AI systems directly, a gap that becomes critical as organizations deploy AI agents and internal infrastructure.
These perceptions align with findings from Lenovo’s CIO Playbook, which reports that 61% of IT leaders say AI is increasing cybersecurity risks, and only 31% feel confident in addressing those risks.
Employees want more from security teams. Seventy-four percent say more or better cybersecurity training on AI-related risks would reassure them. Seventy-three percent would feel reassured knowing their cybersecurity team is using AI to address these risks. Seventy percent say stricter policies on AI usage would provide reassurance.
The report recommends building governance before scaling AI, embedding security awareness into daily workflows through continuous in-context learning, and standardizing the AI interface across workflows and endpoints.
(Source: Help Net Security)
