AI Puts A Shadow on Enterprise IT as Risks Get Real

Are you subscribed to our monthly LinkedIn newsletter? 

This month’s newsletter covers new research: The Komprise IT Survey: AI, Data & Enterprise Risk. Komprise surveyed 200 IT directors and executives at U.S. enterprise organizations of 1000 employees and larger.  The purpose of the survey was to discover how IT teams are preparing their unstructured data for AI and the challenges they are facing. The survey was conducted by a third party in April 2025.

The survey covers:

• Shadow AI Risks
• Challenges & Tactics in Preparing Unstructured Data for AI
• IT Infrastructure Priorities

Enterprise AI High Notes
The amount of VC money funneling into AI ventures this year is nothing short of astronomical. [Note: Is any tech company today NOT an AI venture?]

• OpenAI: $40B
• Databricks: $10B
• Perplexity AI: $500M
• Lambda Labs: $480M
• Andreessen Horowitz: Raising $20B Fund

For more big AI deals this year, check out Crescendo’s list.

Amid big money and the never-ending hype, enterprises are starting to get real about AI. From prototype to production, there are a lot of steps and – plenty of concerns. Enterprise IT organizations are embroiled in the gargantuan task of managing and preparing their vast stores of unstructured data for AI pipelines. Investing in new IT infrastructure to support AI is foundational: the storage, compute and networking technologies for high performance and security.  Yet preparing and managing data for AI to support user workflows and governance is equally if not more paramount. Balancing these priorities effectively can help organizations deliver safe, optimized AI services for employees and customers.

Read June 2025 Andreessen Horowitz report: How 100 Enterprise CIOs Are Building and Buying Gen AI in 2025

The Komprise IT Survey: AI, Data & Enterprise Risk found that nearly 80% of organizations have experienced negative data incidences with generative AI—with 13% resulting in financial, customer or reputational damage. The most common bad outcomes include false or inaccurate results from queries (46%) and leaking of sensitive data into AI (44%). Many surveys have indicated concern about these risks, but now those concerns are hitting the bottom line.

Other trends identified include an overwhelming concern about “shadow AI”: nearly half are “extremely worried” about the security and compliance impact of unauthorized and unsanctioned use of AI tools.

Much of the concern today centers on GenAI tools, which are free and widely available on the Internet. IT leaders shared their tactics for dealing with shadow AI, from using data management and AI discovery tools to implementing policies and training.  The survey also found that despite an uncertain economic landscape amid tariff price increases, enterprises are prioritizing developing the right IT infrastructure for AI.

Key AI, Data & Enterprise Risk Report Statistics

Shadow AI Risks

• The vast majority (90%) are concerned about shadow AI from a privacy and security standpoint, with 46% reporting that they are “extremely worried.”
• Most (79%) of IT leaders report that their organization has experienced negative outcomes from sending corporate data to AI, including PII data leakage and inaccurate or false results.
• Most (75%) are planning to use data management technologies to address risks from shadow AI, followed closely by AI discovery and monitoring tools (74%).

Preparing Unstructured Data for AI

• The greatest challenge in preparing unstructured data for AI is finding and moving the right data to locations for AI ingestion (54%) followed by a lack of visibility into data across data storage to identify risks (40%).
• The top tactic for preparing data for AI is classifying sensitive data and using workflow automation to prevent its improper use with AI (73%).
• Nearly all (96.5%) are classifying and tagging unstructured data for AI, with a mix of manual and automated methods for doing so.
• More than half (56%) say that IT is moving data to AI processes for users manually, or with free tools, with 40% saying that users are manually copying data to AI on their own.

IT Infrastructure Priorities

• Supporting AI initiatives is the top priority for IT infrastructure (68%), followed by 16% saying it is equally important as cost optimization, cybersecurity and core IT upgrades.
• Most IT leaders (45%) express a multi-faced strategy for investing in storage for AI, with equal priority to acquiring AI-ready storage, increasing capacity of existing storage and acquiring data management capabilities for AI.

Top 5 Takeaways for AI in the Enterprise

1. Generative AI is Hitting the Bottom Line: GenAI is now part of daily operations—and so are its risks. Many organizations have faced issues like inaccurate outputs or sensitive data leaks which in some cases bring financial and reputational damage. Without better controls, IT may see key AI initiatives shut down despite their competitive potential. Read the white paper.
2. Shadow AI Risks Require New Tools: Shadow AI—unauthorized or unknown use of AI tools—poses serious privacy and security threats. Sensitive data can leak to public models, exposing PII and trade secrets. To combat this, IT will invest in tools for data classification and AI app tracking to prevent misuse and maintain visibility. Komprise for sensitive data management.
3. Data Classification is Key to AI Readiness: AI needs unstructured data, yet this data must be precisely curated for accuracy, cost and security requirements. Current file systems lack rich metadata, making it hard to identify and secure the right data. IT will turn to automation to tag, enrich, and classify unstructured data, balancing access and protection. Komprise for unstructured data classification.
4. AI Pipelines Demand Automation: Managing unstructured data at scale requires automation which can efficiently find, tag and move curated datasets into AI pipelines efficiently and monitor workflows. These tools index data across environments and support governance with auditing capabilities. Komprise for AI data workflows.
5. AI Infrastructure Becomes Top IT Priority: AI infrastructure now outranks cybersecurity and cost control in IT budgets. Despite economic pressure, leaders are investing in fast, secure systems and AI-ready storage. These moves ensure data is prepared and protected for AI with proper compliance measures.

Enterprise AI Risk Report Media Response

TechNewsWorld writer John P Mello Jr covered the survey, interviewing several experts about the findings. The notion of AI introducing “security blind spots” was a hot topic. Said Melissa Ruzzi, director of AI at AppOmni: “The biggest risk with shadow AI is that the AI application has not passed through a security analysis as approved AI tools may have been.”

Another expert noted that shadow AI extends beyond unapproved applications and involves embedded AI components that can process and disseminate sensitive data in unpredictable ways.

Komprise COO Krishna Subramanian emphasized that shadow AI poses a much greater problem than shadow IT, which primarily focuses on departmental power users purchasing cloud instances or SaaS tools without obtaining IT approval. “Now we’ve got an unlimited number of employees using tools like ChatGPT or Claude AI to get work done, but not understanding the potential risk they are putting their organizations at by inadvertently submitting company secrets or customer data into the chat prompt,” she explained.

“The data risk is large and growing in still unforeseen ways because of the pace of AI development and adoption and the fact that there is a lot we don’t know about how AI works. It is becoming more humanistic all the time and capable of making decisions independently.” — Krishna Subramanian

In TechRepublic’s coverage, Megan Crouse wrote about how to prepare unstructured data for AI: “A key component of using generative AI safely is making sure you know which data is exposed to the model. When preparing large amounts of company data to be fed into AI, 73% of IT teams approach it by classifying sensitive data, then using workflow automation to restrict its use by AI. Unstructured data management solutions that use tags and keywords can leverage those keywords to sort the data.”

In closing, Subramanian remarked: “IT really needs to lead the charge on education, training and policies. They must go hand-in-hand. Employees need to understand the risks so that they can use AI safely and not expose sensitive and proprietary corporate data to public AI applications.”

Komprise CEO Kumar Goswami discusses sensitive data management capabilities in Komprise, which help with AI data governance.

The Time to Act is Now

AI hype is unreal, but the risks are not. We expect to see more bad, publicly-reported outcomes from AI, at brands large and small. Preventing your company from getting in the news starts with an internal conversation and a line in the sand from every CEO. Your people are using AI regularly. Make sure they understand the risks and best practices. Create a policy on AI usage that managers should commandeer to their teams. Policies aren’t easily enforceable: organizations will need the right technical tools and controls to track data movement to AI and prevent protected IP, customer and PII data from getting into public AI LLMs. The time to act is now.

You can subscribe to our blog to receive new posts in your inbox as well as our YourTube channel. Be sure to also check out what’s new by visiting our Resource Center.