UK Firms Left in the Dark over What Workers Are Sharing with AI

The rise of shadow AI is reshaping risk profiles across British enterprises. SailPoint’s latest survey reveals that two‑thirds of organizations cannot account for the data employees feed into large language models, while more than a third bypass approved channels altogether. This blind spot amplifies the likelihood of inadvertent data leakage, a concern echoed by Gartner’s forecast that 40% of firms will experience a breach linked to unsanctioned AI by 2030. The trend is not limited to small teams; large corporations are adding thousands of AI agents and machine identities each month, stretching existing security controls.

Governance challenges intensify as agentic AI systems act autonomously, often accessing or sharing information without human oversight. Even as 82% of respondents report bolstering staff numbers and training programs, and 41% have hired dedicated AI analysts, nearly half of IT leaders still lack visibility into where data flows. The disconnect stems from a combination of legacy identity frameworks and the rapid proliferation of third‑party AI tools that sit outside traditional monitoring solutions. Without a unified identity and access management strategy, organizations risk exposing sensitive intellectual property, customer records, and regulatory data to external models that may hallucinate or mishandle inputs.

To mitigate these emerging threats, UK firms must adopt a multi‑layered approach: enforce strict data‑classification policies, integrate AI usage into existing governance platforms, and deploy real‑time monitoring of machine identities. Investing in AI‑specific security orchestration, coupled with continuous employee awareness campaigns, can close the visibility gap. As the market matures, vendors offering transparent model‑level auditing and robust consent mechanisms will become essential partners, helping enterprises regain control over their AI ecosystems before regulatory penalties and reputational damage take hold.