Dive Brief:
- Business application sprawl is derailing enterprise governance efforts, with the average large enterprise operating 2,191 applications, according to Torii’s 2026 SaaS Benchmark Report released Tuesday.
- The allure of AI is creating even greater IT sprawl, with legacy systems and outdated governance models struggling to keep pace. It’s also creating a rising security threat, with more than 61% of discovered applications not formally approved or overseen by IT teams.
- “AI didn’t create shadow IT, but it dramatically increased its speed and blast radius,” said Uri Haramati, co-founder and CEO of Torii, in a release accompanying the report. “These tools connect deeply, gain broad access instantly, and often persist long after teams stop using them.”
Dive Insight:
Despite fears that AI is replacing traditional software, employees are currently running far more applications than leaders realize, opening the door for new governance risks and wasted spend.
Instead of consolidating tools, AI experimentation is expanding the number of apps employees bring into the workplace, with the average employee interacting with 40 apps to do their job.
Unlike traditional SaaS adoption, these tools remain widely ungoverned, with Torii’s report finding only about 15% of discovered applications are fully sanctioned.
A lack of visibility creates financial challenges, according to the report. Inactive or unused SaaS licenses translate to hundreds of thousands, and sometimes millions, of dollars in wasted annual spend at larger organizations. It also creates security risks given that, in this environment, governance models can’t keep up.
In this environment, governance models can’t keep up.
“AI is accelerating software adoption across the enterprise,” said Haramati. “Employees are bringing in more tools faster than governance models were ever designed to handle.”
For CIOs, the findings underscore a growing tension: How to enable employees to experiment with AI tools while maintaining control and limiting sprawl.
Torii’s research finds the answer lies in reshaping governance for an era of rapid change, shifting IT teams’ role from reactive to proactive when it comes to data security.
“Software adoption no longer follows centralized or predictable paths,” said Uri Nativ, co-founder and CPO of Torii, in the release. “Organizations need governance models built for continuous discovery, not annual reviews.”
