A new Microsoft study has revealed that the majority of UK employees are using unapproved artificial intelligence (AI) tools in the workplace, sparking major security and data privacy concerns across industries.
71% of UK workers have used consumer AI tools not approved by their employers, with over half (51%) doing so on a weekly basis, showcasing the growing prevalence of “shadow AI”—the use of unsanctioned AI systems for work tasks—and the risks it poses to businesses.
The study found that nearly half of employees are using unauthorized AI tools to draft or respond to work communications, while four in ten use them to prepare reports, presentations, and other materials. Notably, 22% of respondents admitted to using unapproved AI solutions for finance-related activities.
AI technologies are saving employees 12 billion hours globally each year, but these benefits depend on using approved, secure systems. Despite the risks, only a minority of workers expressed concern about data privacy or organizational security.
Kenn van Hauen, Chief AI Officer at AND Digital, commented: "Shadow AI, where employees bypass guardrails to use unauthorised tools for efficiency and creativity, represents one of the biggest blind spots in enterprise technology today. It fuels what we call 'agent sprawl', the uncontrolled spread of AI agents across an organisation, creating redundant, fragmented, and ungoverned autonomous systems. With these agents acting on sensitive data and triggering business processes without oversight, organisations face not only data leakage and wasted resources but systemic governance failures that Gartner suggests will derail 40% of agentic projects by 2027."
"Organisations that develop transparent policies, integrate ethical oversight, and create environments where innovation and security coexist will not only mitigate risk but gain a decisive advantage in AI maturity and employee engagement. This requires organisational redesign, not just scaling models."