The shadow AI problem HR leaders can no longer ignore

AI is already deeply embedded in daily work across most organisations, largely outside the boundaries of formal company policy – and the gap between adoption and governance is widening. That is the central finding of Lenovo’s latest Work Reborn Report, which surveyed 6,000 employees worldwide.

More than 70% of employees use AI weekly, with up to one-third doing so without IT oversight. Eight in 10 expect to increase their reliance on AI within the next year. The report described this as a growing “AI execution gap” – usage is accelerating, but organisational control is not keeping pace.

The consequences are already measurable. Organisations are experiencing delayed ROI as AI initiatives remain fragmented across teams, duplicated spending as multiple tools solve the same problems in silos, and an expanding attack surface as unsanctioned tools access enterprise data. Meanwhile, the lack of visibility makes it difficult for leadership to identify what is working and scale it effectively.

The workforce itself is splitting as a result. Some employees operate within secure, optimised environments with access to approved tools. Others rely on whatever they can access to stay productive. This two-speed dynamic slows decision-making, duplicates effort, and makes consistent AI adoption across the business difficult.

Security concerns are compounding the problem. Some 61% of IT leaders report a rise in cybersecurity threats linked to AI, yet only 31% feel confident in their ability to manage those risks. Nearly half of all employees – 43% – said they are worried about AI-driven data exposure or attacks.

READ MORE: The agile anchor: How Lenovo reimagines stability for a volatile world

“AI adoption is no longer the challenge. Execution is,” said Rakshit Ghura, Vice-President and General Manager of Digital Workplace Solutions at Lenovo. “Usage is growing faster than organisations can control or secure it. Without that control, AI introduces as much risk and cost as it does opportunity.”

Lenovo’s proposed solution centres on establishing control at the device level, integrating deployment, lifecycle management, infrastructure, and security into a single managed service called TruScale Device as a Service for Security. The organisation argued that most organisations are currently managing AI across disconnected layers – devices, infrastructures, and security, each handled separately – and that this fragmentation is the root cause of the execution gap.

Despite the challenges, the report strikes a cautiously optimistic note. More than 70% of employees already recognise AI’s potential to deliver gains in productivity, speed, and quality. Closing the execution gap, the report concluded, is what separates organisations that will release that value from those that will not.