Shadow AI spend is the money employees direct toward unsanctioned or unvetted AI tools, on personal cards, corporate cards, or inside SaaS upgrades, without going through IT or procurement. It is rarely a single large line item. It is thousands of small, individually rational purchases that aggregate into a material, recurring cost no one owns and no one can total. The true cost extends well beyond subscriptions into breach premiums and compliance exposure, and the reason it persists is structural: the sanctioned path is slower than the unsanctioned one. Controlling shadow AI spend starts with seeing it, not banning it, because blocking tools pushes the spend further out of view.

Key takeaways

  • Shadow AI spend is a spend-visibility problem before it is a security problem. The recurring monthly cost hits the P&L through expense reports, corporate cards, and SaaS tiers that never cleared an approval threshold.
  • The governance gap is the root cause. In Suplari's 2026 benchmark of 121 procurement teams, 47% use AI daily but only 17% have an enforced AI governance policy, leaving 83% operating with no rules about what data goes where or who owns the spend.
  • The cost has three layers. Unsanctioned subscriptions are the visible layer; the breach premium (IBM puts it at about $670,000 per incident) and compliance and duplication exposure are far larger and mostly unmeasured.
  • Most of the workforce is already using it. Surveys put unsanctioned AI use among employees at roughly half to over 80%, with executives and senior managers among the heaviest users.
  • Banning tools backfires. Blocking drives employees to personal accounts and devices, where the spend and the data exposure become completely invisible.
  • The fix is visibility first, then a governed alternative, then policy. Surface the spend where it lives, give people a sanctioned option that is actually good, and only then enforce rules.

What is shadow AI spend?

Shadow AI spend is enterprise spending on AI tools that have not been reviewed, approved, or governed by IT or procurement. It takes three common forms:

  • Micro-subscriptions on expense reports. Individual AI tools at $20 to $40 per month slip under expense-approval thresholds, yet aggregate into thousands or tens of thousands of dollars across a large workforce.
  • API and tool charges on corporate cards. Teams put model APIs or point AI tools on a card to move quickly, bypassing the formal purchasing process.
  • Bundled AI tiers in SaaS. Existing software gets upgraded into a higher tier for an AI feature, adding AI cost inside a contract you already pay for and never flagging it as AI spend.

What unites them is that none clears a normal approval gate, so none is visible as AI spend in any single system. This is the AI-era version of maverick spend: purchasing that escaped the process and now has to be found after the fact.

Why shadow AI spend happens

Employees do not adopt unsanctioned AI to be reckless. They do it because it makes them faster and the official route is slow. Surveys consistently find that the majority of knowledge workers use AI tools their employer has not formally approved, with estimates ranging from roughly half to more than 80% depending on methodology, and that executives and senior managers are among the heaviest users. The two recurring reasons:

  • The sanctioned path is slow. Purchasing approvals and IT review take longer than expensing a $20 tool, so people route around them to hit a deadline.
  • Approved tools fall short. Employees often feel the IT-sanctioned option lacks the specific capability they need, so they reach for the tool that does the job.

The structural takeaway is that shadow AI is a symptom of a missing governed alternative, not just a discipline failure. That is why a crackdown alone does not fix it.

The governance gap behind the spend

Shadow AI spend grows in the space where governance is absent, and that space is enormous. Suplari's AI Readiness in Procurement 2026 benchmark, conducted with Procurement Tactics across 121 procurement teams, found that 47% of procurement professionals use AI every working day, yet only 17% work in an organization with an enforced AI governance policy. That leaves 83% using AI, often with sensitive supplier pricing, contract terms, and negotiation data, with no enforced rules about what can be shared with which tools or who is accountable for the spend.

The same study found IT and policy restrictions are the second-biggest barrier to AI adoption (21%), ahead of budget. In other words, the friction that drives people toward shadow AI and the absence of governance that lets it run unchecked are the same problem viewed from two sides.

The governance gap

Where shadow AI spend grows

Daily AI use is now the norm. Enforced governance is the exception. The space between them is where unsanctioned, unowned AI spend accumulates.

47%
use AI every working day
Adoption is already mainstream across the function.
17%
have an enforced AI policy
The other 83% use AI with no enforced rules on data, approval, or spend.
Enforced AI governance policy
17%
83% no enforced policy — the shadow zone
Governed Ungoverned
What the ungoverned zone costs
$20–$40/mo
per tool, under the approval threshold — aggregating into seven figures at scale
+$670K
added to a breach involving high levels of shadow AI
Unmeasured
duplicated tools, lost leverage, and compliance exposure
Adoption and governance data: AI Readiness in Procurement 2026 (Suplari & Procurement Tactics, 121 teams). Breach premium: IBM Cost of a Data Breach 2025. Visualization by Suplari.

The true cost of shadow AI: three layers

The cost of shadow AI is almost always underestimated because only the first of three layers is visible.

Layer 1: Unsanctioned subscriptions (visible, underestimated)

Micro-transactions of $20 to $40 a month are individually trivial and collectively significant. Across thousands of employees they become a real recurring line, and because each one sits below the approval threshold, no single owner ever sees the total. Audits of large enterprises routinely surface hundreds of distinct unsanctioned AI tools and seven-figure annual spend that had never been consolidated.

Layer 2: The breach premium (occasional, large)

When sensitive data flows through ungoverned AI tools, the security exposure carries a price. IBM's 2025 Cost of a Data Breach research found that breaches involving high levels of shadow AI cost roughly $670,000 more on average than those without, and that the large majority of breached organizations had no governance in place to manage AI or detect unauthorized use. This cost is occasional, but when it lands it dwarfs the subscription layer.

Layer 3: Compliance and duplication exposure (continuous, unmeasured)

The third layer rarely reaches a spreadsheet: duplicated tools bought independently by different teams, weakened compliance footing when confidential data has passed through unvetted tools, and the lost negotiating leverage of fragmented, uncoordinated AI purchasing. It is hard to price and continuously present.

How to control shadow AI spend without driving it underground

Blocking AI tools outright is the intuitive response and the wrong first move, because it pushes usage onto personal accounts and devices where neither the spend nor the data is visible. The effective sequence is visibility first, then a governed alternative, then policy.

  1. Surface the spend where it already lives. Cross-reference expense reports, corporate-card transactions, and SaaS renewals against known AI vendors to find unsanctioned tools and bundled AI tiers. This is the same off-contract spend hunt procurement already runs, applied to AI, and it is where stronger spend visibility pays back fastest.
  2. Attribute it by team and use case. Knowing total shadow AI spend is not enough. You need to see which functions are driving it and what for, so you can tell genuine productivity tools apart from duplication and waste.
  3. Offer a governed alternative that is actually good. Provide a sanctioned, IT-managed AI option with clear data-handling guarantees, so the reason to go around the process disappears. A policy without a usable sanctioned tool simply manufactures more shadow AI.
  4. Then write and enforce the policy. Define what data can go to which tools, how outputs are validated, and who owns accountability. Governance does not require budget; it requires a decision.

Why spreadsheets cannot manage shadow AI spend

Shadow AI spend is fragmented across direct subscriptions, corporate cards, bundled SaaS tiers, and cloud, and it changes week to week as employees adopt new tools. A manual audit captures a snapshot that is stale almost immediately. Purpose-built spend intelligence consolidates every source of spend, classifies AI purchases automatically even when they are buried inside broader SaaS contracts, and attributes them to teams and use cases on an ongoing basis. Suplari treats shadow AI as a connected-data problem for finance and procurement: it turns scattered, off-contract AI purchasing into a single governed view, so you can surface unsanctioned spend, consolidate duplicates, and bring AI buying back under management without resorting to a blanket ban that only drives it deeper.

The bottom line on shadow AI spend

Shadow AI spend is real, recurring, and largely invisible, and it is growing fastest in exactly the organizations that have no governance to contain it. The cost is far more than the subscriptions you can see: it includes a substantial breach premium and a continuous compliance and duplication drag. The teams that control it will not be the ones that banned AI. They will be the ones that found the spend early, attributed it, offered a governed alternative people actually want to use, and only then set the rules, turning thousands of quiet purchases into one program they can see and manage.

Want to see the AI spend hiding in your expense reports and SaaS renewals? Suplari is an AI-ready procurement intelligence platform that helps enterprises surface, attribute, and govern spend across every source. Explore spend analytics or read how to increase spend visibility with AI.