Zluri’s 2025 AI Report Exposes an Enterprise Blind Spot: AI Tools Are Everywhere, and IT Can’t See Most of Them
Enterprise AI use is no longer a future bet—it’s already here, sprawling across departments and devices. But here’s the catch: IT and security teams only have visibility into a fraction of it.
That’s the alarming takeaway from Zluri’s just-released State of AI in the Workplace 2025 Report, the first large-scale study of enterprise AI adoption backed by real-world usage data—not just surveys or sentiment. Drawing from over 400,000 users across 160+ global organizations, the report offers an unsparing look at the modern workplace’s unstructured, largely invisible AI footprint.
And if you think AI is confined to the developer pit or innovation lab, think again.
“Several companies now use hundreds of AI tools—many of which IT doesn’t even know exist,” said Zluri CEO Ritish Reddy. “This isn’t just tool proliferation. It’s AI sprawl—and it’s a threat.”
Real Data, Real Problems: AI Without Oversight
While previous studies often relied on exec interviews or self-reporting, Zluri leveraged its patented discovery engine to analyze real-time AI usage at scale. The result? A picture of AI gone rogue—widely adopted, wildly unmanaged.
Key findings include:
- Some companies are using 100+ different AI applications
- IT and security teams can monitor fewer than 20% of those tools
- Tools like ChatGPT, Grammarly, and GitHub Copilot dominate usage, with new contenders rising fast
- AI is no longer siloed in engineering; it’s now prevalent across sales, marketing, customer support, and HR
- Code generation tools are now used far beyond developers
- AI agents are emerging, but adoption remains cautious
Zluri’s Enterprise AI Leaderboard ranks the most adopted tools, with OpenAI’s ChatGPT holding the top spot. The Rising Stars list flags fast-growing entrants, showing where the enterprise AI market may be headed next.
The Shadow IT of AI: What Enterprises Can’t See Will Hurt Them
The heart of the issue is control—or lack thereof. With AI tools often adopted ad hoc by teams or individuals, enterprises are now riddled with Shadow AI—applications that bypass standard IT governance altogether.
This opens up a minefield of risks:
- Data leakage from AI chatbots connected to sensitive documents
- Compliance failures due to unsanctioned integrations
- Access sprawl, where employee changes don’t trigger revocation of AI tool access
- Unvetted tools, whose models might store or misuse customer data
In short, the productivity boom comes with an asterisk—and it’s a big one.
Zluri’s Pitch: Govern or Be Governed
Zluri isn’t just sounding the alarm. It’s offering a way out.
Its platform promises 100% AI visibility, leveraging its discovery engine to detect both sanctioned and unsanctioned AI tools in real time. Features include:
- Intelligent risk scoring for each AI app
- Real-time alerts when restricted tools are used
- Automated de-provisioning of access to unauthorized AI
- A new VIA model—Visibility, Intelligence, Action—to guide governance
Upcoming capabilities, according to Zluri, include browser-based blocking of unauthorized AI tools and automatic data masking to prevent exposure of sensitive information. These features aim to let enterprises embrace AI’s upsides while guarding against its downsides.
“The data is clear—AI is already inside your organization,” Reddy said. “The real question is: will you govern it now or let it govern you later?”
Industry Trend or Warning Shot?
Zluri’s findings reflect a larger trend in enterprise tech: the tools employees use are increasingly outpacing IT’s ability to control them. While SaaS sprawl has been a concern for years, AI adds new complexity—with tools that evolve rapidly, adapt behavior, and sometimes make decisions independently.
Other players in the identity governance space, like Okta and SailPoint, are also moving toward more intelligent access control, but few are focusing specifically on AI applications—especially with this level of granularity and real-world data.
With regulators starting to pay closer attention to enterprise AI usage (see: GDPR, HIPAA, and new AI governance frameworks emerging globally), the need for auditability, explainability, and real-time control is becoming non-negotiable.
Zluri’s report lands at a critical time—when most companies are rushing to embrace AI, often without a safety net.
Power Tomorrow’s Intelligence — Build It with TechEdgeAI.
