UK firms lack visibility into employee AI sharing

A SailPoint survey found 67% of UK organizations cannot account for what employees share with AI platforms and large language models, and 35% reported staff are using unapproved external tools to handle company data. The company said those practices increase exposure to potential data breaches.

Nearly half of IT leaders (45%) told SailPoint they lack visibility on where information is being shared or how it is handled. At the same time, 82% of respondents reported increased staff training on AI and 41% said they have hired dedicated AI and analytics personnel.

SailPoint warned that use of unauthorized applications, often called shadow AI, can expose sensitive information and create new attack surfaces for security teams. In a prior internal study, 80% of organizations reported AI agents performing unintended actions such as accessing or sharing inappropriate data.

The firm also reported that UK businesses may be adding as many as 10,000 agents and machine identities each month, a rate that could overwhelm existing identity and access controls.

A Gartner forecast from November 2025 projects that 40% of enterprises will suffer a data breach caused by shadow AI by 2030. SailPoint said that risk is rising even as companies boost investments in data management and employee AI training.

Mark McClain, SailPoint’s founder and CEO, warned: “AI tools can enhance productivity, but they create serious risk when they operate outside an organization’s visibility and governance. When sensitive information is entered into unapproved models it can be exposed, mishandled, or amplified through errors and hallucinations.”

SailPoint recommended tightening identity controls, limiting employee workarounds and increasing awareness to reduce the chance that corporate information is fed into unapproved external models.