Shadow AI is the AI your clients' staff are already using without approval, on free tools, with company data pasted straight into them. The numbers are not subtle. In a November 2025 BlackFog survey of 2,000 US and UK workers, 49% admitted using AI tools their employer never sanctioned. Harmonic Security found that 8.5% of the prompts business users send to public AI tools contain sensitive data. Microsoft's 2024 Work Trend Index put bring-your-own-AI at 80% inside small and medium companies. If you run an MSP, this is not someone else's problem to explain. It is the single most useful conversation you can walk into a client's office and lead right now, because you are the only vendor they have who is positioned to actually do something about it.
I run growth inside managed services and B2B service businesses, and I spent a decade before that in investment banking and private equity. I watch what MSP owners talk about in their peer communities, and shadow AI has moved from a curiosity to the thing they are drafting client letters about. This piece gives you the verified numbers to put in front of a client, each checked back to its primary source, and the frame to use them: not as a scare deck, but as the opening of a governance conversation only you are qualified to have.
The numbers to show a client
Every figure below is traced to the organization that published it, with the year and the sample. That matters, because most "shadow AI stats" floating around get mangled in the retelling. I found one widely shared 49% figure attributed to the wrong company entirely. When you put a number in front of a client, you want to be the person in the room who can name the source, so here is the clean set.
| Stat | What it means | Source (year) |
|---|---|---|
| 49% of workers use AI tools without employer approval | Shadow AI is the majority behavior's close cousin, not a fringe habit | BlackFog / Sapio Research, survey of 2,000 US and UK workers (Nov 2025) |
| 58% of those using unapproved AI tools rely on free versions | Free tiers are exactly the ones that may train on the data typed in | BlackFog / Sapio Research (Nov 2025) |
| 8.5% of business AI prompts contain sensitive data | Roughly one prompt in twelve leaks something it should not | Harmonic Security, tens of thousands of prompts across ChatGPT, Copilot, Gemini, Claude, Perplexity (Q4 2024) |
| 54% of sensitive prompts went into free-tier ChatGPT | The riskiest exposure clusters on the consumer-grade tool | Harmonic Security (Q4 2024) |
| 80% of AI users at small and medium companies bring their own AI to work | BYOAI is higher at SMB size than at large enterprises (78%) | Microsoft and LinkedIn, 2024 Work Trend Index, 31,000 workers across 31 markets (2024) |
| 13% of organizations reported a breach of an AI model or application | AI is now its own breach surface, not a hypothetical one | IBM, Cost of a Data Breach Report 2025 (Jul 2025) |
| 97% of those breached organizations lacked proper AI access controls | The breaches are landing where nobody set up governance | IBM, Cost of a Data Breach Report 2025 (Jul 2025) |
| Shadow AI breaches cost about $670,000 more than the average breach | Ungoverned AI is one of the top cost multipliers on an incident | IBM, Cost of a Data Breach Report 2025 (Jul 2025) |
Read those together and the story writes itself. Adoption without approval is the norm, most of it runs on free tools that may retain the data, a measurable slice of what gets typed in is sensitive, and when a breach involves that ungoverned AI, it costs materially more. Every one of those facts is verified and attributed. None of them requires you to exaggerate.
Why these numbers hit SMBs harder
The temptation is to file shadow AI under enterprise problems. The data says the opposite. Microsoft's 2024 Work Trend Index found that bring-your-own-AI runs at 80% inside small and medium companies, higher than the 78% across all firms. Smaller businesses adopt personal AI tools faster precisely because there is no procurement gate, no security team writing an allow-list, and no one whose job is to notice.
That is the gap your client is sitting in. A 40-person accounting firm or a regional healthcare provider has the same exposure a large enterprise has, staff pasting client records and financials into free chatbots, without the governance apparatus a large enterprise builds to contain it. The IBM 2025 report makes the consequence concrete: 63% of breached organizations either had no AI governance policy or were still writing one, and 97% of those that suffered an AI-related breach lacked proper access controls. The exposure is universal. The defenses are not. That asymmetry is the whole reason an MSP has something to sell here.
The conversation MSPs should lead
Here is the mistake I see MSPs make with these numbers. They forward a scary article, or drop a stat into a QBR, and leave it there. That informs the client and sells nothing. The move is to lead the conversation, because you are the only vendor in that client's stack who can go from problem to policy to enforcement in the same breath.
The frame I would use is three questions, in order, walked through with the client rather than at them.
What are your people actually using?
Most owners will guess low. The honest answer, given that 49% of workers admit unapproved use in a survey where they had every incentive to under-report, is "more than you think, on tools you have never heard of." You do not open with the number. You open by discovering the reality inside their business, then let the number confirm it is normal, not a scandal. That reframes the client from embarrassed to relieved, which is the emotional state you want them in before you propose a fix.
What is leaving the building?
This is where the Harmonic Security finding earns its place. When 8.5% of business prompts carry sensitive data and 54% of the riskiest prompts go into free-tier tools, the question stops being "is data leaving" and becomes "how much, and into whose training set." For an SMB with client confidentiality obligations, a professional-services engagement letter, or any regulated data at all, that is not an abstract risk. It is a live one they are currently not measuring. You are the person who can measure it.
Who owns the policy and the controls?
The IBM numbers close the argument. Breaches are landing where governance is absent, and they cost more when AI is ungoverned. The client does not have an AI governance function, and hiring one is not on the table at their size. That is the sentence where you stop being the person who runs their helpdesk and become the person who runs their AI governance. Acceptable-use policy, an approved-tools list, access controls, monitoring for unsanctioned tools, and a review cadence. It is a service line, and it is recurring.
From stat to durable service line
The reason this matters beyond the client's risk is what it does to your own business. A break-fix mindset treats shadow AI as a ticket. An owner thinking about the value of the business treats it as a new stream of contracted, recurring, advisory-flavored revenue, which is exactly the kind of revenue that lifts an MSP's multiple. The levers that actually move what an MSP is worth are recurring revenue mix and security weighting, and an AI governance offering is both. I lay those levers out in full in the MSP valuation drivers breakdown.
The deeper point is that the AI opportunity for MSPs was never the tools. Reselling a chatbot or bolting a copilot onto a ticketing system is a race to the bottom. Governance is the durable line, because it is a service only a trusted operator inside the client's environment can deliver, and it does not commoditize. I make that full argument in the piece on why the AI opportunity for MSPs is governance, not tools. This stat set is the door-opener for that offering.
If you are building toward an exit, this compounds. Buyers pay for revenue quality and for defensible service lines, and a governance practice reads as both. The groundwork that makes an MSP sellable, clean recurring revenue, low owner dependence, and a security story a buyer believes, is the same groundwork a governance offering reinforces. That sequencing is the core of the exit-readiness work, and who ends up paying the premium for that kind of recurring, security-weighted book is covered in who buys MSPs.
Using these stats without becoming the fear vendor
One caution, because it is the difference between leading the conversation and being tuned out. Do not run the fear play. The MSPs who win this are the ones who present the numbers flatly, attribute every one, and move immediately to what they would do about it. A client can smell a scare deck, and the moment they do, you are just another vendor selling on anxiety.
Attribution is your credibility. When you say "BlackFog surveyed 2,000 workers in late 2025 and found 49% use unapproved AI," you sound like an advisor. When you say "half of everyone is leaking your data," you sound like a brochure. The verified table above is built to be shown as-is, sources included, precisely so you can be the first kind of vendor. The numbers do the persuading. Your job is to be the one person in the room who can act on them.
Frequently Asked Questions
Shadow AI is the use of AI tools by employees without the approval, oversight, or knowledge of their employer's IT function. In practice it means staff pasting company data into free public chatbots on their own accounts. A November 2025 BlackFog survey found 49% of workers admit doing it, and Microsoft's 2024 Work Trend Index put bring-your-own-AI at 80% inside small and medium companies, so it is a mainstream behavior rather than a fringe one.
Harmonic Security analyzed tens of thousands of business prompts across ChatGPT, Copilot, Gemini, Claude, and Perplexity in Q4 2024 and found 8.5% contained sensitive data, roughly one prompt in twelve. It also found that 54% of the sensitive prompts were entered into free-tier ChatGPT, the version most likely to retain or train on the input, which is why free consumer tools are the sharpest part of the risk.
Yes, and it is measurable. IBM's Cost of a Data Breach Report 2025 found 13% of organizations reported a breach of an AI model or application, and 97% of those lacked proper AI access controls. Breaches involving shadow AI cost about $670,000 more than the average incident, and 63% of breached organizations had no AI governance policy in place or were still developing one.
Because the MSP is the only vendor positioned to fix it and can turn it into recurring revenue. SMBs have the same exposure large enterprises do but none of the governance apparatus, so an MSP can own the acceptable-use policy, approved-tools list, access controls, and monitoring as a contracted service. That is durable, security-weighted recurring revenue, which is exactly the kind that lifts an MSP's valuation multiple.
Each figure traces to a named publisher: the 49% unapproved-use and 58% free-version figures are from BlackFog's November 2025 survey conducted by Sapio Research; the 8.5% sensitive-prompt figure is from Harmonic Security's Q4 2024 analysis; the 80% bring-your-own-AI figure is from Microsoft and LinkedIn's 2024 Work Trend Index; and the breach and cost figures are from IBM's Cost of a Data Breach Report 2025. Always cite the publisher and year when you present them to a client.
If you own an MSP and expect to sell to private equity one day, the governance work that protects your clients is the same work that makes your business more valuable to a buyer. I work with owners on exit readiness. Get in touch.