Now in early access, book a 30-minute demo →
← Back to blog Guide

Shadow AI Adoption by Department: Where AI Shows Up and Why

TL;DR
  • Shadow AI is unsanctioned AI use, and it shows up differently in every department because each team reaches for the tools that fit its own daily work.
  • This guide is qualitative and describes the patterns we see, not survey percentages or invented adoption figures.
  • Engineering tends to adopt coding assistants, MCP servers, and CLIs; marketing reaches for content and image generators; sales adopts notetakers and enrichment tools.
  • Finance, HR, and legal are the highest-sensitivity cases because the data they paste into general-purpose AI - forecasts, employee records, contracts - is exactly what must not leak.
  • The common thread is data exposure: every department's convenient tool is a channel through which sensitive information can leave, often via a simple copy and paste.
  • You cannot govern department-by-department shadow AI you cannot see, so continuous discovery across every endpoint is the starting point.

Shadow AI - the use of AI tools, agents, and services without IT or security oversight - does not arrive as one uniform wave. It arrives department by department, because each team reaches for the AI that fits its own daily work. An engineer adopts a coding assistant; a marketer adopts an image generator; a salesperson adopts a meeting notetaker. Each solves a real problem, each is a single click to try, and each quietly opens a channel through which sensitive data can leave the organization. This guide is a qualitative tour of where shadow AI typically shows up across a company and why, so security and IT leaders can anticipate the patterns rather than be surprised by them.

A deliberate note on method: this is a patterns piece, not a statistics report. We do not cite adoption percentages or survey figures, because reliable, current, department-level numbers are difficult to establish and easy to misrepresent - and inventing them would be worse than useless. What follows are the patterns we consistently see: the categories of tools each department tends to adopt, and the kind of data each pattern tends to expose. Use them as a map of where to look in your own environment. The only way to get real numbers for your organization is to discover what is actually running, which is exactly the work described in shadow AI detection techniques and best practices.

Why shadow AI is a department-level phenomenon

Shadow AI is bottom-up by nature. Nobody files a ticket to try an assistant that saves them twenty minutes; they just use it, and they tell the colleague at the next desk. Because the useful tool for one job is different from the useful tool for another, adoption clusters within teams before it ever crosses a department line. That is the same dynamic that has always driven shadow IT - people routing around slow procurement to get their work done - now supercharged by how frictionless AI tools are to adopt. Understanding the per-department shape of it, covered at a concept level in what is shadow AI and AI agents are the new shadow IT, lets you target discovery and policy where the risk actually lives.

Where shadow AI shows up, department by department

The table below summarizes the patterns; the sections after it walk each department in more detail. The tools named are real, well-known categories and products; the point is the pattern, not any usage count.

DepartmentTypical AI toolsMain risk
EngineeringCoding assistants (GitHub Copilot, Cursor, Claude Code), MCP servers, AI CLIsPowerful, permissioned agents with source and system access; secrets and code exposure.
MarketingContent and image generators (ChatGPT, Midjourney, Canva AI, Jasper)Unreleased campaigns, brand assets, and customer lists pasted into external services.
SalesMeeting notetakers, enrichment and outreach tools (Otter, Fireflies, Gong-style tools)Call recordings, prospect data, and CRM contents leaving to third-party AI vendors.
FinanceSpreadsheet and analysis assistants, general-purpose chatbotsFinancial forecasts, results, and models pasted into tools with no confidentiality guarantee.
HRResume screening and writing assistants, general-purpose chatbotsEmployee records, candidate PII, and performance data exposed to unvetted tools.
LegalContract review and drafting AI, general-purpose chatbotsPrivileged, confidential, and under-negotiation contract language leaving the org.
SupportAI chatbots, ticket-summarization and reply-drafting assistantsCustomer PII and account details processed by external AI services.

Engineering

Engineering is usually the deepest and most powerful pocket of shadow AI, because developers adopt AI that does not just generate text but takes action. Coding assistants like GitHub Copilot, Cursor, and Claude Code are widely used, and increasingly they run as agents that read repositories, execute commands, and connect to MCP servers and internal systems. Developers also wire up AI CLIs and MCP servers to automate real workflows. The productivity case is genuine, which is why adoption is broad.

The risk is proportional to the power. These are not passive chatbots; they are permissioned tools with access to source code, credentials sitting in developer environments, and internal networks. Source can be sent to external services, secrets can be exposed in prompts or config, and an over-permissioned coding agent can take destructive actions well beyond what its task required. The specific hardening for this surface is covered in securing AI coding agents and CLIs, and the inventory work in how to build an MCP server registry.

Marketing

Marketing was one of the earliest and most enthusiastic adopters of generative AI, because so much of the work is content creation. Teams reach for text generators like ChatGPT and Jasper to draft copy, and image tools like Midjourney and Canva AI for creative. The tools are consumer-easy, and the temptation to paste real material into them is high.

The exposure risk is that the material pasted in is often not public yet: unreleased campaign plans, positioning that has not launched, brand assets, and sometimes customer or prospect lists dropped in to personalize output. Once that content is in an external service, its handling is governed by that vendor's terms, not yours. The paste-level mechanics of this are the subject of shadow AI data exposure.

Sales

Sales teams adopt AI to spend more time selling and less time on admin. The most common pattern is meeting notetakers and transcription assistants (tools in the mold of Otter and Fireflies) that join calls, record them, and produce summaries. Alongside those, sales adopts enrichment and outreach tools that research prospects and draft messages.

The risk is twofold. Notetakers capture and store recordings and transcripts of customer conversations - often on a third-party service - which can include confidential deal details and personal data. Enrichment and outreach tools pull from and sometimes push to the CRM, extending access to prospect and customer records to vendors who may never have been reviewed. The third-party access dimension connects to the OAuth grants covered in AI and OAuth: the risk report.

Finance

Finance adoption tends to be quieter but higher-stakes. Analysts use general-purpose chatbots and spreadsheet or analysis assistants to build models, explain formulas, summarize results, and draft commentary. The tools are helpful precisely on the tasks where the underlying data is most sensitive.

That is the crux of the risk: the data most useful to paste into an assistant - forecasts, unreleased results, pricing models, M&A analysis - is exactly the data that must not leak. A single paste of pre-announcement financials into a consumer AI tool is a serious confidentiality and potentially regulatory problem. Finance is a case where per-incident severity, not volume of adoption, drives the risk.

HR

HR teams use AI to move faster through people-heavy work: screening and summarizing resumes, drafting job descriptions and offer letters, and answering policy questions with general-purpose chatbots. The efficiency gain is real, and so is the sensitivity of what the tools touch.

The data HR handles - candidate PII, employee records, compensation, performance reviews, and sometimes health or disciplinary information - is among the most regulated and sensitive in the company. Pasting a candidate's details into an unvetted screening tool, or an employee record into a chatbot to draft a note, exposes exactly the kind of personal data that privacy regimes are built to protect. Unvetted tools may also introduce bias into screening, adding a fairness and compliance dimension on top of the exposure risk.

Legal teams adopt AI for contract review, clause drafting, research summarization, and first-pass analysis, using both purpose-built contract AI and general-purpose chatbots. The work is document-heavy and the assistance is genuinely useful.

The exposure risk is acute because legal documents are among the most confidential the organization holds: contracts under active negotiation, privileged communications, litigation strategy, and terms bound by confidentiality obligations to third parties. Feeding any of that into an external AI service can breach confidentiality, waive privilege, or violate contractual commitments to counterparties. As in finance, the severity per incident is high even if the volume is modest.

Support

Customer support adopts AI to keep up with ticket volume: chatbots that field first-line questions, and assistants that summarize tickets and draft replies. These often integrate with the helpdesk and knowledge base, and they process a steady stream of customer interactions.

The main risk is customer PII and account detail flowing through external AI services as part of routine ticket handling - names, contact details, account states, and whatever customers themselves paste into a conversation. At support's volume, even a modest per-ticket exposure adds up, and the data is subject to the same privacy obligations as the rest of the customer relationship.

The common thread: data exposure and lost control

Across every department, the through-line is the same. The tool differs, the workflow differs, but the risk converges on sensitive information leaving the organization's control - usually through a copy and paste, sometimes through a connected agent taking action, occasionally through a third-party tool holding standing access. Layered on top are the secondary risks: over-permissioned agents (most common in engineering), unvetted vendors holding data (common in sales and support), and the absence of any audit trail to reconstruct what was shared. The reason shadow AI is dangerous is not that any one team is careless; it is that convenient, invisible adoption multiplied across every department produces a large, unmonitored exposure surface.

That is why the response cannot be department-specific bans alone. Banning tools tends to push shadow AI further underground rather than eliminate it. The durable answer is to make AI visible everywhere, understand why each team adopted what it did, and convert shadow AI into governed AI with sanctioned alternatives, least-privilege controls, monitoring, and a clear acceptable-use policy. That program is the subject of an AI governance framework for enterprises.

How Anomity helps see across every department

Every recommendation above depends on one capability most organizations lack: seeing which AI tools are actually in use, in which teams, on which machines. Department-by-department shadow AI is invisible to a network gateway that only sees traffic and to a SaaS admin console that only sees sanctioned apps. Anomity closes that gap from the endpoint. Its category is agentic endpoint security, built on a simple principle: you can't govern what you can't see.

A lightweight, unprivileged Endpoint Sensor on every managed endpoint (Windows, macOS, and Linux) discovers eight AI artifact types - AI agents, MCP servers, extensions, plugins, skills, secrets, hooks, and CLIs - so engineering's coding agents, marketing's browser extensions, sales' notetakers, and finance's assistants all show up in one fleet-wide inventory with an owner and a location attached. The sensor sends metadata only over HTTPS; never source code, never prompts, and secrets are redacted on the endpoint. On agents that expose a hook, Anomity evaluates each tool call before it runs and returns allow, deny, or log, so a risky action can be stopped rather than merely recorded, and violations route to your SIEM, Slack, email, or Jira. Every change lands in a queryable 90-day audit trail. Anomity is SOC 2 Type II and complements your DLP, network and gateway controls, EDR/XDR, and GRC program by adding the AI-artifact visibility they were never built to provide.

You can't govern what you can't see.The Anomity principle

The bottom line

Shadow AI is not one problem; it is seven or more, each wearing the clothes of a different department's daily work. Engineering runs powerful, permissioned coding agents; marketing pastes unreleased material into content generators; sales sends call recordings and CRM data to third-party notetakers; and finance, HR, and legal each risk exposing some of the most sensitive data in the company through a single convenient paste. The patterns differ but the root risk is shared: convenient, unsanctioned adoption multiplied across the org into a large, unmonitored data-exposure surface. The answer is not a ban that drives it underground but visibility that lets you govern it - inventory what every team is really using, understand why, and convert shadow AI into governed AI. To see your own department-by-department AI footprint, book a 30-minute demo.

Frequently asked questions

What is shadow AI by department?

Shadow AI is any AI tool, agent, assistant, or service that employees use without IT or security sanction or oversight. Looking at it by department means recognizing that adoption is not uniform: engineers, marketers, salespeople, finance analysts, HR, legal, and support teams each gravitate toward the AI tools that match their specific workflows. Understanding those per-department patterns helps you anticipate where unsanctioned AI is most likely to appear and what data it is most likely to touch. For the foundational concept, see what is shadow AI.

Are there statistics on how much shadow AI each department uses?

This guide deliberately does not cite adoption percentages, because reliable, current, department-level figures are hard to pin down and easy to misrepresent. What we describe instead are the qualitative patterns we consistently see: which categories of tools each department tends to adopt and what data those tools tend to touch. Treat these as directional patterns to investigate in your own environment, not as measured statistics. The way to get real numbers for your organization is to discover and inventory what is actually running, which is covered in shadow AI detection techniques and best practices.

Which department is the highest shadow AI risk?

There is no single answer, because risk is a product of both how much AI a team adopts and how sensitive its data is. Engineering often has the broadest and most powerful adoption - coding agents and MCP servers with real system access. But finance, HR, and legal can carry higher per-incident severity, because the data they might paste into a general-purpose tool - financial forecasts, employee records, contracts under negotiation - is among the most sensitive in the company. The right lens is not a ranking but per-department risk that accounts for both dimensions.

Why does shadow AI appear department by department instead of top down?

Because it is bottom-up adoption. Employees reach for AI to solve a task in front of them, and the tool that fits a marketer's job is different from the one that fits an engineer's. Adoption spreads within a team by word of mouth and shared workflows before it ever crosses a department boundary or reaches IT. That is the same shadow-IT dynamic that has always driven unsanctioned tool use, now accelerated by how easy AI tools are to try. See AI agents are the new shadow IT.

What is the main risk shadow AI creates across departments?

Data exposure is the through-line. Whatever the department and whatever the tool, the recurring risk is that sensitive information - source code, customer data, financial figures, employee records, contract language - leaves the organization's control by being pasted into or processed by an AI service that was never reviewed. Secondary risks include over-permissioned agents taking real actions, unvetted third-party tools holding standing access, and no audit trail of what was shared. The paste-level mechanics are covered in shadow AI data exposure.

How does Anomity help with shadow AI across departments?

Anomity's lightweight, unprivileged Endpoint Sensor runs on managed Windows, macOS, and Linux machines and discovers eight AI artifact types - AI agents, MCP servers, extensions, plugins, skills, secrets, hooks, and CLIs - across every department's endpoints. That gives security a fleet-wide inventory of which AI tools are actually in use and where, so engineering's coding agents and finance's browser assistants both become visible instead of invisible. On agents that expose a hook, Anomity evaluates each tool call before it runs and returns allow, deny, or log, routing violations to your SIEM, Slack, email, or Jira with a 90-day queryable audit trail. It sends metadata only, never source and never prompts, with secrets redacted on the endpoint.

How should we respond once we find shadow AI in a department?

The goal is to convert shadow AI into governed AI, not to ban it and drive it further underground. Inventory what is in use, understand why each team adopted it, provide sanctioned alternatives where the need is legitimate, apply least-privilege and monitoring to what stays, and set a clear acceptable-use policy so employees know what is allowed. This is the operational core of an AI governance framework for enterprises.

Ask AI about Anomity
ChatGPT Claude Perplexity Google AI Grok