MSPs already juggle a growing list of responsibilities—and that list keeps expanding while resources do not. One issue increasingly demanding attention is the rise of employees adopting tools that neither internal IT nor the MSP has approved.
This concern comes up frequently in conversations with IT leaders. Many admit it’s a problem but hesitate to discuss it publicly for fear of ruffling feathers. That’s why the topic of “hidden tools” feels particularly timely.
Consider a few all-too-common examples: a project manager tests out Notion over the weekend, a sales rep starts logging leads in a free Airtable account, or a developer spins up a Vercel project to prototype an idea. Within hours, sensitive company data is flowing into applications completely outside IT’s visibility.
Why AI is accelerating shadow IT risks
Experts call this phenomenon shadow IT, and it’s becoming more dangerous—especially as AI‑powered tools promise instant productivity gains.
Recent research underscores the scale of the issue. The average company uses 371 SaaS applications, yet IT teams only know about half of them. Compounding the risk, 27 percent of employees use unauthorized generative AI tools, and 70 percent of those users upload sensitive company data.
What makes 2026 different isn’t just the volume of these tools—it’s their sophistication and the ease with which employees can embed them into essential workflows before anyone in IT notices. For MSPs, that creates both a challenge and an opportunity.
“This represents both a massive security exposure in your client base and a significant service opportunity,” one CISO told me, noting that MSPs often have the cross‑client perspective needed to address tool sprawl. He declined to be identified but stressed that the issue is universal.
What MSPs can do to strengthen oversight
Braden Perry, a litigation, regulatory, and government investigations attorney with Kansas City–based Kennyhertz Perry, says this trend deserves close attention.
“Employees are effectively onboarding third‑party vendors, granting data access, and altering workflows without controls or oversight,” Perry explains. He adds that AI amplifies the risk. “Many AI‑enabled SaaS tools retain and ingest data received via APIs. This often leads to leakage and potentially regulatory exposure.”
According to Perry, shadow SaaS is now a common starting point for cyber incidents—and a source of regulatory, contractual, and fiduciary failures.
“Companies must have guardrails and processes to ensure oversight within the MSP framework,” he says. That includes mapping authority to engage MSPs, understanding where data and workflow exposure occurs, and identifying how risks compound across vendors. This visibility, he notes, allows organizations to spot elevated risks before a failure happens.
“This proactivity is the standard—not reactive mitigation after an event,” Perry emphasizes.
Yakir Golan, CEO and co‑founder of Kovrr, agrees that AI is making these hidden tools harder to detect. Many applications now embed AI capabilities in ways that traditional SaaS discovery methods simply miss.
However, Golan notes that MSPs are uniquely positioned to tackle the problem. “Because MSPs already work across a wide range of tools in multiple environments, they gain broader exposure and practical experience than any single organization,” he says. That expertise can be paired with emerging AI asset‑visibility tools.
“These tools give a clearer view of where AI is operating, what data those systems access, and whether those assets are approved, embedded, or unsanctioned,” Golan explains.
Photo: SaddhaPic / Shutterstock
