6 min to read

The cave of shadows: getting a grip on Shadow IT, Shadow SaaS, and Shadow AI

A silhouette of a person on a white background.
Tamara LajaraFinOps Principal Consultant
shadow-it-shadow-saas-shadow-ai-adobe-1498810023-blog-hero

Most IT leaders believe they understand their technology estate. They can point to the core systems, the major platforms, the contracts that matter. But what they are seeing is often only part of the picture.

Plato’s allegory of the cave describes prisoners mistaking shadows on a wall for reality, unaware of the fuller world behind them. Modern IT faces a similar challenge. The usage and spending IT leaders can see is often a very limited representation of what’s really happening in their organisation.

This is the reality of Shadow IT, Shadow SaaS, and Shadow AI. It is not a new problem, but it is a growing one. Back in 2024, Flexera's State of ITAM report already flagged that 53 percent of IT teams lacked full visibility over their assets. Two years on, the rapid spread of AI has widened that gap to 64 percent.

The estate has grown faster than the map

The scope of IT keeps expanding. A typical organisation runs a mix of on-premises systems, SaaS applications, public cloud services, and fast-growing layers of AI tools. Most of that growth is healthy. Teams get the tools they need quickly, and the business moves at the speed it wants to.

The catch is governance. The Flexera State of IT Asset Management Report 2026 found that the share of organisations reporting complete visibility into their estate fell by 7 percentage points year over year.1 Flexera links part of that drop to the growing presence of SaaS and AI outside traditional governance models. In plain terms, more of your technology is being adopted in places your current processes were never designed to see.

1 Flexera State of IT Asset Management Report 2026.

Three shadows, one blind spot

It helps to name the three forms this takes, because each one behaves a little differently.

Shadow IT is the original version. It is the hardware, software, and services bought and used without the knowledge or approval of IT.

Shadow SaaS is its modern cousin. Cloud and software subscriptions alike are easy to sign up for, easy to expense, and easy to forget – even if they differ in exactly how they are bought, owned, and renewed

Gartner research finds that IT is typically aware of only about one third of the SaaS applications in use, because ownership is spread across teams rather than held centrally.2

Shadow AI is the newest and the fastest moving. AI and generative AI tools are being adopted faster than security, finance, or IT can put guardrails around them. Flexera found that tracking or adopting new AI applications is now the top combined challenge for the people who manage technology, cited by 84 percent of respondents. Yet only 31 percent say they have visibility into AI usage today, even though 47 percent plan to increase their focus on it. And unlike a fixed subscription, AI now has a metre that runs on tokens, so the cost moves with every use. That gap between adoption and oversight is the heart of the Shadow AI problem.

Three different shadows, but one shared blind spot: technology the business takes on faster than it can be seen, costed, or governed.

2 Gartner Market Guide for SaaS Management Platforms, December 2022: Dan Wilson, Jaswant Kalay, Tom Cipolla, Joe Mariamo.

What the shadows cost you

The numbers confirm that the governance requirement is no mere tidy-up exercise.

Cost is the most visible issue. Gartner research indicates that organisations without centralised SaaS visibility and coordination overspend on SaaS by at least 25 percent.3 The Flexera 2026 findings point the same way, with reported SaaS wasted spend rising by 10 percentage points year over year. On the AI side, 59 percent of organisations say wasted AI spend increased over the past year, a sign of fast experimentation without much governance behind it.

Risk is the quieter issue, and often the more serious one. Gartner research finds that organisations that do not centrally manage their SaaS lifecycles are five times more susceptible to cyber incidents or data loss.3 Unmanaged apps and AI tools can hold sensitive data, sit outside security review, and fall short of licencing or regulatory requirements without anyone realising.

3 Gartner Magic Quadrant for SaaS Management Platforms, 2025: Tom Cipolla, Dan Wilson, Lina Al Dana.

When AI has a unit price: tokenomics

If SaaS taught finance and IT to watch subscriptions, AI asks them to watch something smaller and faster moving: the token. Every prompt and every response carries a token cost, so AI spend rises and falls with use rather than sitting still on an annual contract. The FinOps Foundation, amongst others, is looking for an answer to this issue. Tokenomics, in their words, is FinOps applied to AI: the work of turning energy and money into tokens, using those tokens efficiently, and getting real value from what they produce.4

It is already the headline issue. The FinOps Foundation's practitioner survey found that managing the cost and use of tokens in SaaS-based AI is the top challenge practitioners face today.5

The practical response has three parts, and the order matters.

  • Allocate: Tie spend to owners from day one, so every dollar of AI and SaaS cost has a home. Chasing total visibility before allocation is a trap, because you can easily burn hours surfacing a $12-a-year subscription that nobody needed to see.
  • Measure: Judge value per token against the output it produces, rather than staring at a single bill.
  • Control: Set guardrails, and decide case by case whether a task needs a frontier model, a smaller model, a cached response, or no AI at all. One caution is worth keeping in mind. The token invoice is only part of the story, counted by the FinOps Foundation as one of nine cost buckets, so a forecast built on token cost alone will miss most of the picture.
4 FinOps Foundation, 2026.
5 State of FinOps Report, FinOps Foundation, 2026.

Why this is hard to fix alone

None of this means teams are careless. The opposite is usually true. People adopt tools because they are trying to do good work quickly. The issue is cultural. When ownership of software, SaaS, and cloud is spread across many teams, no single group has the full view or the clear responsibility to bring it all together and keep it current. A house without an owner does not get cleaned, however good the broom.

That is why a one-off clean-up rarely sticks. Visibility fades the moment the project ends and the next wave of tools arrives without anyone being responsible for the big picture. What organisations need is a way to see the whole estate, reduce the waste inside it, and hold that discipline as things change.

How we help, starting with cost

Our approach is simple to describe. We zero-in on the most costly areas, cut the waste hiding in software, SaaS, and cloud, and turn those savings into room for the projects that matter next. We like to take cost out first, so the savings help fund what comes after.

Two capabilities sit behind that. IT Asset Management gives you visibility and control across on-premises, SaaS, and cloud, throughout the software lifecycle. FinOps brings finance, engineering, and operations onto the same page through forecasting, budgeting, and continuous optimisation, so IT costs are properly understood and every line of spend has an owner.

Together they answer the four questions most leaders are asking: what do we have and who is using it, what is it costing us, are we safe and compliant, and where can we do better.

You can engage us in whichever way fits the moment. A point-in-time engagement, delivered through advisory, consulting, or professional services, helps you assess where you stand, plan the route forward, and put the right practises and tools in place. Managed services then keep it running for the longer term, so cost control compounds over time rather than fading after a single project. Two models, four flavours, one outcome: discipline that lasts.

Where to start

For most organisations, the quickest win is a SaaS Visibility Advisory. It gives you a full, risk-scored view of your SaaS estate in a matter of weeks, including the shadow IT you cannot currently see, and it often surfaces 20 to 40 percent of tail-end SaaS spend that can be reduced or removed. The savings frequently cover the cost of the work itself.

From there, an ITAM Diagnostic benchmarks your maturity and tests more than 40 proven savings ideas to produce a prioritised, costed action plan. And as AI adoption grows, folding AI and token spend into your ITAM and FinOps reporting, which is tokenomics put into practise, means it is governed on purpose, not guessed at after the fact.

Both starting points are designed to lead naturally into longer-term support. SaaS Visibility Advisory creates the baseline for SoftwareOne SaaS Management services, where discovery, governance, usage insight, and optimisation are turned into an ongoing practise. The ITAM Diagnostic does the same for managed ITAM, giving you the roadmap and business case to move from one-time assessment to continuous licence management, compliance monitoring, and cost optimisation. From a FinOps perspective, our Managed Services enable more effective management of your IT estate by establishing the governance, cost allocation, and visibility required to bring light to the shadow spending. They also provide the sustained operational support needed to manage costs effectively in the long run, avoiding the one-off cleanup, tailoring our scope to address the points from SaaS Visibility Advisory and ITAM Diagnostic. Together, they help you move from finding the shadows to reduce them.

Bring your shadows into the light

Shadow IT, Shadow SaaS, and Shadow AI are not going away, and the aim is not to slow your teams down. The aim is transparency: a clear view of what you own, what it costs, and where the risk sits, so you can make confident decisions and free up budget for what is next.

That is the work we do every day, with more than 80,000 clients in over 70 countries, supported by more than 1,400 dedicated ITAM and FinOps consultants and around 4,500 software procurement experts. If you would like to see what is hiding in your own estate, let's talk.

An image of a dark room with neon lights.

Bring shadow IT into view

See how SoftwareOne can help you uncover hidden SaaS, AI, and IT spend, reduce waste, and build lasting governance.

Bring shadow IT into view

See how SoftwareOne can help you uncover hidden SaaS, AI, and IT spend, reduce waste, and build lasting governance.

Author

A silhouette of a person on a white background.

Tamara Lajara
FinOps Principal Consultant