The promise of AI is immense, but for many IT leaders, it’s becoming a compliance and security nightmare. To uncover this gap, we conducted a comprehensive survey of over 200 knowledge workers.
Our findings reveal that organizations are investing heavily, but often without the necessary guardrails, leading to staggering security risks and other consequences of AI Sprawl.
Key findings from our survey:
- 79.6% of teams lack a clear policy for unauthorized AI tools
- 60% of workers admit to using unauthorized AI tools, and 68% of leaders know it’s happening
- In 44% of teams, no one is formally accountable for the consequences of bad AI output
- Over 42% of companies are not confident they would pass a vendor security audit today
This AI sprawl isn’t just inefficient; it’s a critical security and accountability risk.
The solution lies in adopting secure, unified, and auditable AI, underpinned by emerging standards like ISO 42001—the first international standard specifically for Artificial Intelligence Management Systems (AIMS).
ClickUp is proud to be among the first platforms to achieve ISO 42001 certification. This rigorous certification demonstrates our commitment to secure, transparent, and ethical AI practices across all our solutions.
By meeting ISO 42001 requirements, ClickUp ensures your organization benefits from AI that is both innovative and compliant. Our certification provides verifiable assurance that your data and workflows are protected by the highest standards in the industry. With ClickUp, you can trust that your AI-powered work is governed responsibly, giving you a competitive edge in today’s digital landscape.
Summarize this article for me pleaseWhy Unauthorized AI Is a Threat to Your Enterprise
Significant data governance and compliance violations are direct consequences of unauthorized AI: 60% of workers admit to using unauthorized AI to get a head start on work tasks.
The cost isn’t just potential fines; it’s eroded trust, compromised data security, and a fundamental loss of control over your digital assets.
This stems from a chaotic and unmanaged approach to AI—without a structured AI governance framework in place:
- 49.8% of workers describe their team’s AI policy as “The Wild West”
- Another 29.8% operating under a risky “Don’t Ask, Don’t Tell” approach
Leaders know the risks are there, but they lack the resources to fix them:
- 33.17% believe their team is definitely not an exception to these violations
- 35.12% say their team is unlikely to be an exception
To combat this threat behind AI Sprawl, IT leaders need a proactive AI governance strategy—not blanket bans. Establishing a risk mitigation approach aligned with frameworks like ISO 42001 is critical to balancing innovation and control.
Summarize this article for me pleaseAI Without Accountability Is a Compliance Gamble
This lack of control leads to a terrifying lack of accountability and a real fear of being caught unprepared by clients or regulators. Without clear responsible AI governance, businesses face growing AI compliance risks and a lack of traceability in AI-driven decision-making.
For unintended consequences of bad advice or biased output from AI, 44% of teams say no one would be formally accountable.
Beyond this concerning fact, AI Sprawl makes it nearly impossible to trace AI decisions, demonstrate ethical use, or even confidently pass a security audit.
Over 42% of teams are not confident they would pass an audit for secure AI practices today.
Proactive AI governance is no longer optional. Standards like ISO 42001 provide the critical framework for transparency and accountability, directly counteracting the compliance risks of AI Sprawl.
Summarize this article for me pleaseEmpowering Your Workers Without Sacrificing Security
Workers are leveraging AI because it genuinely boosts their productivity. Attempting to ban it outright will lead to internal friction and continued AI Sprawl in shadow IT. Instead, organizations must enable secure AI adoption through clear policies, ethical AI practices, and visibility into the use of unauthorized AI tools.
A combined 82% of leaders expect worker complaints if unauthorized AI sites were simply blocked.
Workers‘ priorities are clear:
- 42.44% prioritize speed and efficiency
- 14.63% prioritize company policy and security
- 42.93% prioritize both
They demand a solution that doesn’t force a compromise between speed and security.
This underscores the critical need for a trusted, unified tool that simplifies AI management for IT and security teams, allowing teams to innovate without introducing unacceptable risk.
Summarize this article for me pleaseFrom Chaos to Compliance
The era of uncontrolled AI Sprawl is ending. It’s time to put the power back in IT:
❌ STOP: Relying on ad-hoc AI tool adoption and hoping for the best, allowing AI Sprawl to create unmanageable compliance blind spots.
❌ STOP: Implementing blanket bans on AI that stifle productivity and drive shadow IT.
❌ STOP: Evaluating ad-hoc AI tools for different teams, making effective governance nearly impossible.
✅ START: Implementing a unified AI platform that integrates seamlessly into existing workflows and provides the necessary audit readiness, risk controls, and oversight for regulatory compliance—all essential pillars of modern AI governance frameworks
✅ START: Prioritizing AI security from the outset. Integrate robust security measures into your AI strategy from day one, rather than treating it as an afterthought.
✅ START: Prioritizing AI solutions that offer enterprise-grade security and auditable accountability, like those aligned with ISO 42001.
This is precisely why ClickUp is engineered differently. We understand that IT leaders need more than just another AI tool; they need a comprehensive AI Management System designed to eliminate Sprawl and ensure compliance.
ClickUp now achieves ISO 42001 certification, setting a new standard for trustworthy AI in the workplace. This certification provides the verifiable assurance that our platform offers data security, accountability, and responsible AI practices that IT leaders desperately need, delivered through a trusted AI governance framework that meets global regulatory compliance standards.
Summarize this article for me pleaseThe Path Forward
AI Sprawl presents a dangerous frontier for the modern enterprise, especially for its IT leaders.
Here’s why: Our research shows employees are turning to unauthorized AI to boost productivity. Still, a staggering lack of accountability and audit-readiness exposes your business to compliance and security disasters.
Here’s what you must do: The path forward is not restriction, but strategic control. The solution is to consolidate AI within a single, unified platform that provides both the productivity employees demand and the enterprise-grade governance leaders need.
Here’s the ClickUp solution: ClickUp was engineered to eliminate AI Sprawl. As one of the first platforms to achieve ISO 42001 certification, we offer more than just powerful AI; we provide a verifiable AI Management System. This certification assures that ClickUp delivers the security, accountability, and responsible framework to turn chaos into a trusted, strategic advantage.
Summarize this article for me pleaseTake Action Today
Learn more about ClickUp Brain
The only ISO 42001 certified AI that connects across all of your work
📺 Access the on-demand webinar and playbook
See how leading teams are eliminating AI Sprawl and achieving real ROI.
💬 Schedule a personal consultation
Ready to see how ClickUp can provide the secure, unified AI solution your team needs, backed by ISO 42001 standards? Book a free consultation today.
Research Methodology Note: The data for this report was collected over a two-week period in late July 2025. The survey, consisting of 10 multiple-choice questions, was administered anonymously to over 200 participants. Respondents represented a balanced mix of professional roles, from executive leadership and managers to individual knowledge workers and entrepreneurs. For complete methodology and detailed findings, contact research@clickup.com.
Everything you need to stay organized and get work done.
