June 13, 2026

The shadow AI blind-spot: Asia’s enterprises at risk

TNG News January 31, 2026

While business leaders celebrate productivity gains from ChatGPT, Claude, and GitHub Copilot, a more troubling reality is emerging: 91% of AI tools now operate outside IT control, with organisations averaging 269 shadow AI applications per 1,000 employees, according to SaaS and AI security platform Reco’s 2025 State of Shadow AI report.

Unlike traditional shadow IT, where employees might install unauthorised software, shadow AI spreads differently. Employees access these tools directly in existing platforms, removing friction and enabling data exposure in seconds not days.

“When employees paste code, customer data, or plans into public AI platforms, that information may be retained or used for training, creating lasting IP leakage that traditional security tools cannot detect,” says Gal Nakash, co-founder and chief product officer at Reco.

The timing could not be worse for Asia. The region faces what Nakash calls a “regulatory kaleidoscope,” largely powered by China’s Personal Information Protection Law (PIPL)India’s Digital Personal Data Protection Act (DPDPA), Singapore’s updated Personal Data Protection Act (PDPA), South Korea’s AI Basic Act, plus new legislation in Malaysia, Indonesia, Thailand, Vietnam, and Japan. Each carries different requirements, and unlike Europe’s unified GDPRcompliance demands navigating multiple jurisdictions simultaneously.

This creates precarious situations where, for instance, an AI tool compliant in Singapore may violate regulations in China. For enterprises operating in Regional Comprehensive Economic Partnership RCEP countries – that is, 15 countries in Asia Pacific with a free trade agreement – or managing diversified supply chains, uniform AI governance is not optional. It is now existential and could be the single factor that decides the continuity or end of a business.

Meanwhile, the scale of this situation further intensifies the challenge. Enterprises now run 1,061 SaaS applications on average, up 26% in two years, with 80% of employees using unauthorised tools, contributing to 35% of data breaches, according to IBM research. Asia-Pacific’s 4.6% economic growth in 2024 and its digital economy trajectory toward $1 trillion by 2030, per IMF projectionstranslate to thousands of new hires daily in the region – each potentially introducing unauthorised AI tools that security teams will not likely discover until after a breach.

The compliance calculus

Regulated industries face perhaps the sharpest edge of this problem. A single healthcare employee could potentially trigger GDPR, PDPA, or HIPAA violations by pasting patient data into ChatGPT, which could result in audits that might lead to regulatory fines amounting to millions of US dollars.

Non-regulated industries are not immune, as they also face IP theft, competitive disadvantage, and reputational damage. But the important difference, Nakash notes, is that regulated industries must demonstrate continuous compliance, making proactive shadow AI governance essential, not reactive.

Traditional security tools often struggle here, with legacy systems taking months to integrate new applications and typically reacting to breaches not preventing them. They lack visibility into zero-footprint applications – AI tools that leave no installation trail, but access sensitive data constantly.

Rethinking AI security

Reco’s approach centres on speed and visibility. The company’s App Factory integrates new applications in three to five days versus months for competitors, discovering over 50,000 applications, including all major AI tools. The platform detects ChatGPT, Claude, GitHub Copilot, and custom AI agents, then maps data flows to understand exposure paths.

“We provide visibility into AI use without shutting it down,” Nakash explains. “Risk-based policies allow approved use, while preventing exposures. User coaching educates not just blocks.”

The company’s platform classifies sensitive data in prompts and outputs, enforces policies in real-time, and maintains audit-ready compliance as new AI tools emerge. An identity-centric approach maps every AI interaction to user identity, permissions, and behaviour, helping teams prioritise important risks.

Reco’s traction so far suggests enterprises are responding, with the company reporting a 5x annual recurring revenue (ARR) increase over the past year, 3x customer growth, and an 82 net promoter score (NPS), establishing the loyalty of its customers. The company raised a $25 million Series A extension in April 2025, bringing its total funding to $55 million, with the workforce doubling in multiple regions.

The strong momentum in financial services, insurance, healthcare, pharma, and technology – which are all major Asian sectors – has informed the company’s regional expansion strategy. Bob Horn, recently appointed chief revenue officer at Reco, is leading global sales strategy with a specific focus on accelerating channel partnerships in the US and abroad.

The company’s AWS Marketplace presence provides established procurement relationships in Asia-Pacific, while partnerships with Wiz, Palo Alto Networksand Torq as well as White, NetSuiteand HPE – all with substantial Asia operations – offer technical integration and go-to-market use.

What comes next

As new rules go into effect in the region, Nakash envisions the shadow AI landscape changing from reactive to proactive. The next generation, which will include not only autonomous AI bots, but also AI agents with more power, will amplify risks further.

In addition to global platforms like ChatGPT and Claude, localised AI tools will emerge, and each will need to have security built in. As more AI features are added to existing SaaS applications without security reviews, continuous discovery becomes a must.

That’s why Nakash believes that the future belongs to organisations moving fast while maintaining security. “That is particularly important in Asia, where AI opportunities and risks are amplified by scale, speed, and regulatory complexity,” he says.

For enterprises navigating Asia’s complicated compliance environment, while pursuing AI-driven growth, the question is not whether shadow AI will create problems; it is whether they will detect those problems before regulators do.

Image source: Unplash

TNG – Latest News & Reviews

More News

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

PeopleSoft 0-day affecting hundreds of organizations steals gigabytes of data

TNG News June 12, 2026
POP MART’s LABUBU makes a surprise appearance at the 2026 FIFA World Cup opening ceremony · TechNode

POP MART’s LABUBU makes a surprise appearance at the 2026 FIFA World Cup opening ceremony · TechNode

TNG News June 12, 2026
Anthropic builds out Claude as OpenAI and Google stay ahead

Anthropic builds out Claude as OpenAI and Google stay ahead

TNG News June 12, 2026

You may have missed

Knciks vs. Spurs predictions, odds: Experts make Game 5 score picks

Knciks vs. Spurs predictions, odds: Experts make Game 5 score picks

TNG News June 13, 2026
AI Agent Accounts Meet DeFi: The Next Risk Layer Is Authorization, Not Yield

AI Agent Accounts Meet DeFi: The Next Risk Layer Is Authorization, Not Yield

TNG News June 13, 2026
Sunderland and Nottingham Forest learn Celtic star Engels’ next club preference

Sunderland and Nottingham Forest learn Celtic star Engels’ next club preference

TNG News June 13, 2026
Blockworks Acquires Messari in Deal Highlighting Crypto’s Data Consolidation Race

Blockworks Acquires Messari in Deal Highlighting Crypto’s Data Consolidation Race

TNG News June 13, 2026
Spurs’ Victor Wembanyama unbothered by Knicks fans throwing eggs at him

Spurs’ Victor Wembanyama unbothered by Knicks fans throwing eggs at him

TNG News June 13, 2026