A recent segment on shadow AI from Australian outlet Ticker News highlighted that close to 70% of C-suite leaders admit to prioritizing speed over security when it comes to AI tools, while frontline employees report far more caution. The segment included commentary from Dr. Karen Sutherland, associated with the University of the Sunshine Coast, who noted that the "do as I say, not as I do" executive isn't new.
What's new is what executive exceptions can now expose. A VP who connects a personal – or worse, anonymous – AI account to a corporate machine creates standing, silent access to everything that machine touches — with no discrete incident for anyone to eventually notice.
Neon Cyber's recent research shows exactly how far that gap goes, and how much more expensive the same old exception has gotten.
Does shadow AI use increase with seniority?
Yes, and the pattern is close to linear. Among individual contributors surveyed, 14% reported using unapproved AI tools. Among leads, managers, and directors, that figure jumps to 63.7%. Among VPs and above, it reaches 70%. The people with the most access to sensitive data and the most authority to approve their own purchases are the same people most likely to route around IT entirely.
That 70% figure sits close to the range cited by Ticker and pointing to the same underlying dynamic: risk is concentrating at the top of the org chart, not the bottom.
Key takeaway: The people most likely to call AI essential are the same people most likely to route around the controls meant to govern it.
Why do executives use more shadow AI than frontline employees?
Three things stack on top of each other as seniority increases, and none of them require bad intent.
Stakes go up. A senior leader's deadlines carry more visibility and more consequence than an individual contributor's. Missing a board deliverable is a different kind of failure than missing a routine task.
Access goes up. More senior roles typically come with broader access to financial data, strategic plans, and customer information — meaning when shadow AI use does happen at this level, there's more sensitive material available to expose.
Friction goes down. A senior-enough role rarely needs procurement's sign-off to try something new. A marketing manager facing a tight deadline can easily subscribe to a $39/month AI tool, put it on a credit card, and connect it to her team's shared drive in one click. If it's a personal credit card, the expense report will read "Subscription for Campaign." If it's a corporate card, the number is so low, it'll barely register on the balance sheet.
Nothing about the mechanics of this process changes at the VP or C-suite level — it just gets easier, because the further up the chain, the less anyone questions a $39 reimbursement request.
Based on our findings, experience in security, and external reports like the one from Ticker, it’s clear this pattern is structural: the more senior the role, the higher the stakes, the pressure, and the data access – all arriving at once – while the tools meant to catch unauthorized activity keep watching the frontline.
Why do enforcement gaps widen at the top of the org chart?
Most practitioners running a security awareness program already know it isn't what stops shadow AI. It exists because a regulator, an auditor, or a cyber insurance policy requires it — not because they believe an annual training module changes what happens at the moment of a paste or a click. Neon Cyber's own research backs that up directly: 63.0% of workers report having a clear AI policy they understand, and 48.3% of those workers knowingly breach it anyway. With this self-reported data, it’s clear that the missing piece is enforcement at the point of click, not awareness of the policy.
The seniority data puts a harder edge on this finding.
The same "do as I say, not as I do" dynamic that shows up around expense reports and travel policy tends to show up around security controls too — senior leaders are the ones best positioned to push back on a restrictive tool, request an exception, or route around a control that nobody on the security team wants to be the one enforcing against them. Combine that with 63.4% of workers rating AI as essential or very necessary to their job, and 41.4% expecting a new tool to take more than two weeks to get approved, and the incentive to work around a control lands hardest on exactly the population most able to get away with it.
How do you govern workforce AI use without blocking productivity?
The instinct to lock this down with tighter restrictions runs into the same problem every ban does: it doesn't survive contact with a deadline. What does survive is visibility that reaches every seniority level equally — the same browser-level monitoring that can see a personal account signing into a corporate Google Drive, whether that account belongs to an intern or a VP.
Neon Cyber is built to close exactly this gap: visibility and enforcement that operate in the browser session itself, regardless of who's in it or what card is expensing the subscription. It doesn't require IT to guess which department is most likely to go rogue, because the answer to that question changes depending on who has the least patience for a two-week approval queue that day.
The demand for this exists already.
79.7% of the workers Neon Cyber surveyed said they're interested in secure AI solutions — one that lets them move fast without routing around IT. That’s a request fora better, securer option, not a fight against oversight or company policies. Building the safe and easy path is what gets people to actually take it.
See the full picture
Recent coverage in Australia and Neon Cyber's own research point to the same structural pattern from two different angles: shadow AI risk rises with seniority, not access controls' ability to catch it. Our research report, Quantifying Shadow AI Risk in the Browser, breaks down how this plays out across 227 U.S. knowledge workers. Download the full report and key findings.
Want the story that accompanies this blog post? Check out our full infographic on Priya, the marketing manager who buys the AI tool she needs for just $39: