Full Report
More than half of orgs in Okta survey faced an AI-related security incident or near miss last year
Analysis Summary
# Industry News: The Shadow AI Gap: Executive Overconfidence vs. Employee Reality
## Summary
A new study commissioned by Okta reveals a significant security disconnect: 58% of organizations experienced an AI-related security incident or near miss last year, driven largely by "shadow AI." Despite this high failure rate, 90% of executives remain overconfident in their visibility into AI usage, even as over half of their employees admit to using unapproved tools.
## Key Details
- **Date:** May 27, 2026 (Report timeframe)
- **Companies Involved:** Okta (Identity and Access Management leader), Apprize360 (Research partner)
- **Category:** Market Research / Industry Analysis
## The Story
The "AI Agents at Work 2026" report paints a picture of an "agentic enterprise" operating outside the control of IT departments. The central conflict lies in the disparity between perception and reality: while 90% of leaders believe they have a handle on AI tools, 52% of knowledge workers are using unsanctioned "Shadow AI."
This unauthorized usage has led to tangible security failures. Of the 58% of firms reporting issues, nearly 27% faced actual breaches, data exposures, or system disruptions. The risk is compounded by reckless employee behavior; the survey found workers sharing HR data, confidential documents, and even login credentials (16%) with AI models. The problem is most acute in the U.S., where 67% of workers use unsanctioned tools, and in the UK, where executive confidence is highest despite widespread non-compliance.
## Business Impact
### For the Companies Involved
- **Okta:** This report reinforces Okta's pivot toward "identity-centric" AI security. By highlighting the failure of traditional perimeters, Okta positions its identity and access management (IAM) solutions as the essential "governance layer" for AI agents.
### For Competitors
- Identity and security vendors (e.g., Microsoft, Ping Identity, CrowdStrike) will likely accelerate the release of "AI Discovery" features to compete with the automated discovery tools Okta is advocating for.
### For Customers
- Organizations face a choice: implement strict bans—which Okta warns will only drive usage further underground—or invest in "secure sandboxes" and automated governance to allow for productive but safe AI use.
### For the Market
- The data suggests the "Shadow IT" problem of the 2010s (SaaS) has evolved into "Shadow AI" for the 2020s, which carries a higher risk because AI agents often require integration into internal systems and data.
## Technical Implications
The report highlights the emergence of **Autonomous AI Agents** and **coding assistants** as high-risk vectors. Technically, the threat is no longer just "data leakage" but "credential leakage," with 16% of users providing passwords to AI tools. This necessitates a shift toward "Machine Identity Management" (MIM) to ensure that the AI agents themselves have authenticated and limited access rights.
## Strategic Analysis
- **Market Positioning:** Okta is attempting to own the category of "AI Governance" by framing AI security as an identity problem.
- **Competitive Advantage:** Firms that can provide "automated discovery" of AI tools will win the market, as manual inventories are clearly failing.
- **Challenges:** The "easier path" strategy suggested by Okta (making approved tools easier to use than shadow tools) is difficult to execute when consumer AI innovation often outpaces enterprise procurement cycles.
## Industry Reactions
- **Harish Peri (Okta SVP & GM for AI Security):** Warns that "you can't protect what you can't see" and argues that strict bans are counterproductive.
- **Market Response:** The high incidence of "near misses" (31.2%) suggests that current security controls are catching some issues, but the 26.7% actual incident rate indicates a critical failure in preventative controls.
## Future Outlook
- **Predictions:** By 2027, "AI Governance Platforms" will likely become a standard part of the enterprise security stack, moving from a "nice-to-have" to a compliance requirement.
- **What to watch for:** A surge in M&A activity as legacy security firms acquire AI discovery startups to bridge the "visibility gap" highlighted in this report.
## For Security Professionals
Practitioners should move away from policy-based bans toward **identity-centric controls**. Key actions include:
1. Prioritizing the discovery of AI browser extensions and coding assistants.
2. Implementing sandboxed "Playgrounds" for employees to test AI tools.
3. Updating Incident Response (IR) plans to specifically include "data poisoning" or "AI credential theft" scenarios.