Shadow AI used to mean employees pasting things they shouldn’t into ChatGPT. It now means something bigger: employees building full applications with AI, wiring them into production systems, and publishing them on the open internet. Without Security or IT in the loop.
The artifact moved from a prompt to a product. The risk surface moved with it.
In The Shadow Builders report (get it here), a
