A recent study by SailPoint has highlighted AI-related security practices within UK organisations as adoption of these technologies increases. The findings point to a gap in oversight, with many businesses unable to fully track how employees are sharing sensitive information through different channels, indicating potential security risks linked to unsanctioned AI use.
IT decision-makers in the UK report increasing use of AI systems such as ChatGPT and others to support productivity. However, when used outside approved systems, often referred to as “Shadow AI,” there is a risk that employees may unintentionally upload sensitive data to unauthorised platforms, potentially exposing confidential information and affecting governance controls.
Despite investment in AI and data management, the study found that 82% of organisations have increased staffing or skills in this area, and 41% have introduced dedicated AI and analytics roles. However, 45% of IT decision-makers still report limited visibility into how and where data is being shared.
The need for oversight is increasing with the use of autonomous technologies. Around 80% of organisations reported AI agents performing unintended actions such as accessing or sharing inappropriate data. The rapid deployment of AI agents is also a factor, with around 12% of UK firms adding up to 10,000 AI identities per month, which may place pressure on existing security processes without appropriate controls.
SailPoint states that organisations may improve oversight through real-time monitoring of AI usage, including tracking document uploads and interaction frequency, to help identify potentially risky activity.
In addition, 35% of UK organisations report employees using third-party collaboration tools that are not always sanctioned, which adds further security and compliance considerations.
