In short: One in five data breaches in 2026 is now linked to "shadow AI" — employees quietly feeding corporate data into unsanctioned AI services outside any security oversight. Russian analysts at Informzashchita put the figure at 20% of incidents, up from 12% a year earlier, and each such breach costs on average $670,000 more because it is spotted late. The danger is not that AI cracks encryption — it does not. The danger is that people voluntarily hand over source code, client data and documents to a cloud they do not control. The same habit puts your personal data at risk too.
What happened
On 17 July 2026, Russian cybersecurity firm Informzashchita published an analysis showing that shadow AI is now behind every fifth data breach — 20% of incidents, against 12% a year earlier. Only about 30% of companies keep any inventory of which AI services their staff actually use, so most leaks of this kind surface long after the data is gone. The picture matches global numbers: IBM's Cost of a Data Breach report likewise ties roughly a fifth of breaches to shadow AI, and Verizon's 2026 DBIR found that 45% of employees now use AI tools on work devices, most through personal accounts. We covered the wider trend of AI supercharging attacks in our piece on AI-driven cyberattacks.
"Shadow AI" simply means AI tools used at work without the security team's knowledge or approval — a public chatbot, a browser AI assistant, an unofficial API. The problem is the same one we explain in detail in our guide on protecting your data in ChatGPT and Claude: whatever you paste into someone else's cloud, you no longer control.
How data leaks through shadow AI
Informzashchita breaks the incidents down by channel. Public AI web interfaces are the biggest, at about 42% — staff paste contracts, code, correspondence and client requests straight into a chatbot. Browser extensions and AI assistants account for another 24%; self-connected APIs and libraries for 19%; and AI-powered developer tools for 15%. Separately, AI browser extensions were found to contain known vulnerabilities 60% more often than ordinary add-ons, and 29.5% of AI-using organisations had at least one exposed secret or API key.
The exposure is uneven by sector: IT and software development lead at about 31% of breaches involving shadow AI, followed by finance (22%), industry (18%), retail (16%) and professional services (13%). Related research put hard numbers on the everyday behaviour behind this — a large share of employees admit copying confidential information into AI prompts, most of them through unmanaged personal accounts, and a meaningful fraction of PDFs uploaded to chatbots contain confidential data.
Why this matters for ordinary users
You are almost certainly a "shadow AI" user yourself. Ask a chatbot to fix a CV and you hand it your name, phone and address; ask it to summarise a medical result and you hand it health data tied to your identity. Once that text sits on a provider's servers, it can be stored, sampled by human reviewers and used to train models — and you cannot take it back. If your login to that AI account is weak or reused, anyone who gets in can read your whole history.
There is a legal dimension in Russia, too. Transferring citizens' personal data to foreign services without consent runs into 152-FZ, and in 2026 the regulator FSTEC formally recognised AI-related risks as a separate category of threats. For a business, an employee who pastes a client database into a public chatbot is not saving time — they are moving personal and commercial data outside the company's perimeter, with real liability attached.
How to protect your data
Decide what may leave your device. Never paste passwords, passport or payment numbers, other people's personal data or trade secrets into a public AI chat. Anonymise prompts — swap real names and numbers for placeholders. The model almost never needs the real identifiers to do the job.
Use privacy settings and safer tools. Turn off "use my data for training", clear chat history, and for sensitive work prefer a temporary mode, a corporate plan with a no-training guarantee, or a locally run model. Keep unique passwords in a password manager and enable two-factor authentication so a leaked account does not open everything else.
Encrypt your connection on untrusted networks. A VPN will not stop you over-sharing with a chatbot — be honest about that. What it does protect is your side of the wire: on public or shared Wi-Fi it routes your traffic through an encrypted tunnel, so no one on the same network can intercept the logins and sessions you send to AI services, mail or work portals, and it hides from your provider which services you use. For teams the same logic scales up — see our note on VPN for business. LiMP VPN is a no-logs service for iOS and Android — see the features and plans, and more privacy news on our blog.
Why do bans on AI not work?
Because employees use AI to get their jobs done faster, and a blanket ban just pushes the use underground — into personal accounts and unmanaged tools, where security has zero visibility. That is exactly what makes shadow AI a blind spot: with no inventory of which services are in use, a breach is discovered late and costs more. The realistic answer is not prohibition but governance — approved tools, clear rules on what data may go in, and the same personal hygiene at home: anonymise, use privacy settings, and encrypt your connection.
Sources
This report is based on Informzashchita analytics as published by CNews and the shadow-AI analysis by Anti-Malware.ru, July 2026, with global figures from IBM's Cost of a Data Breach and Verizon's 2026 DBIR.
