All posts
Uncategorized
June 9, 2026

How Many AI Tools Is the Average Enterprise Running? [2026 Data]

The answer is higher than most CISOs think — and the gap between what IT knows about and what is actually running is wider than ever. Enterprise AI adoption has moved from deliberate strategic deployment to a fast-moving, decentralized free-for-all. Employees, departments, and development teams are independently sourcing, trialing, and embedding AI tools into their

How Many AI Tools Is the Average Enterprise Running? [2026 Data]

The answer is higher than most CISOs think — and the gap between what IT knows about and what is actually running is wider than ever.

Enterprise AI adoption has moved from deliberate strategic deployment to a fast-moving, decentralized free-for-all. Employees, departments, and development teams are independently sourcing, trialing, and embedding AI tools into their workflows — often without IT review, security assessment, or budget approval.

The result is AI tool sprawl: hundreds or thousands of AI-powered applications running across the enterprise, the majority of which are invisible to security and governance teams.

This post compiles the most current data on enterprise AI tool counts, growth trajectories, departmental distribution, visibility gaps, and the risk and cost implications of a proliferating AI estate that most organizations cannot fully see.

How Many AI Tools Is the Average Enterprise Running?

The short answer: far more than most security and IT leaders realize.

  • The average large enterprise (5,000+ employees) is running 700+ distinct AI-powered applications as of 2025 (Salesforce State of IT, 2024).
  • Fortune 500 companies average more than 1,000 SaaS applications with embedded AI features — a number that continues to grow as vendors retrofit AI capabilities into existing tooling (Gartner, 2025).
  • Enterprises with 1,000–5,000 employees average 250–400 AI tools in active use (Netskope Cloud and Threat Report, 2025).
  • Mid-market organizations (500–1,000 employees) average 100–200 AI tools; SMBs under 500 employees average 35–75 (Okta Businesses at Work, 2025).
  • The average enterprise employee uses 9.4 distinct AI tools in a given month — across personal accounts, employer-provided tools, and embedded AI features in existing software (Salesforce, 2025).

These figures include both purpose-built AI applications and traditional software platforms that have integrated AI functionality — which today encompasses virtually every major enterprise SaaS category, from CRM and HR platforms to IDEs and collaboration tools.

How Fast Is This Growing?

The trajectory is steep, and it is not flattening.

  • Enterprise AI tool adoption grew 400% from 2022 to 2024 (Gartner, 2024).
  • The number of AI-enabled SaaS applications in enterprise environments doubled between 2023 and 2024 alone(Netskope, 2025).
  • AI tool usage in the workplace grew 250% between Q1 2023 and Q1 2024 (Cisco AI Readiness Index, 2024).
  • AI model and tool deployments are projected to grow an additional 150% from 2025 to 2027 (IDC, 2025).
  • The number of AI tools per enterprise is projected to grow 3x by 2028 (IDC).

The compounding effect of existing tools adding AI features, new purpose-built AI applications entering the market, and employee-driven adoption means the AI tool count per organization is not just growing — it is accelerating. The enterprise that had 200 AI tools in 2023 likely has 600 today, and will have 1,800 by 2028 if current trajectories hold.

How Many of Those Tools Are Actually Sanctioned?

This is where the numbers become particularly consequential for security teams.

  • Approximately 65–75% of AI tools in active enterprise use are unsanctioned by IT or security teams (Salesforce, 2024; Cisco, 2024).
  • Only 26% of AI tools employees use regularly have been formally reviewed or approved by IT security (IBM, 2024).
  • The average enterprise has 3.4x more unsanctioned AI tools than sanctioned ones (Netskope Cloud and Threat Report, 2025).
  • 78% of AI users at work are using tools outside of IT approval (Microsoft Work Trend Index, 2025).
  • 71% of IT leaders say they have discovered AI tools in active use that they had no prior knowledge of (Salesforce State of IT, 2024).

To put those ratios in concrete terms: if your organization is running 500 AI tools, approximately 125 of them have gone through any form of IT or security review. The remaining 375 are operating entirely outside your governance perimeter.

Which Departments Are Running the Most AI Tools?

AI tool sprawl is not distributed evenly. Certain functions are accumulating AI tooling at a significantly higher rate than others — and the departments with the highest density often handle the most sensitive data.

Engineering and Development carries the highest AI tool density of any function:

  • The average developer uses 15–20 AI-powered tools — including coding assistants, code review automation, testing frameworks, CI/CD integrations, and, increasingly, MCP servers (GitHub, 2024; Gartner, 2025).
  • Developer tooling is also where MCP server proliferation is most acute and least governed.

Marketing averages 8–12 AI tools per person — content generation, SEO optimization, campaign analytics, personalization engines, and social media automation (Salesforce, 2024).

HR averages 6–9 AI tools — resume screening, onboarding automation, performance management, and sentiment analysis (Gartner, 2025).

Finance averages 5–8 AI tools — forecasting models, fraud detection, reporting automation, and FP&A tooling (Deloitte, 2025).

Legal averages 4–7 AI tools — contract review, legal research assistants, compliance monitoring, and document automation. Notably, 45% of legal professionals use consumer AI tools for work tasks without IT review (Thomson Reuters, 2024).

Customer Service averages 7–10 AI tools — chatbots, virtual agents, sentiment analysis, case routing, and interaction summarization (Salesforce, 2024).

The common thread across all departments: unsanctioned adoption is highest in functions with the most time pressure and the least direct IT oversight.

The Visibility Gap: What You Don’t Know About Your Own AI Estate

The most dangerous dimension of AI tool sprawl is not the number of tools. It is the number of tools that are invisible to the teams responsible for securing them.

  • 43% of organizations cannot produce an accurate AI tool inventory — a foundational requirement of the EU AI Act, NIST AI RMF, and ISO 42001 (Gartner, 2025).
  • 60% of security teams say they lack visibility into which AI tools employees are actively using (Cisco AI Readiness Index, 2024).
  • Only 34% of organizations have a formal shadow AI detection program in place (Gartner, 2025).
  • Less than 20% of enterprises have implemented AI-specific asset management or inventory tooling (IDC, 2025).
  • 52% of organizations have no formal policy governing employee use of external AI tools (KPMG, 2025).

The tools you do not know about cannot be assessed for security risk, cannot be governed under a data protection framework, and cannot be included in any regulatory compliance mapping. Every unknown AI tool is a gap in your security perimeter — and at 700+ tools per enterprise, most organizations are managing hundreds of gaps simultaneously.

The Cost of AI Tool Sprawl

Beyond the security implications, ungoverned AI proliferation carries significant and often overlooked financial consequences.

  • Organizations waste an average of 25–30% of AI and SaaS spend due to redundant tooling and ungoverned usage (Zylo SaaS Management Index, 2024).
  • Enterprises overspend by an estimated $18 million per year on average because of unmanaged AI and SaaS sprawl (Zylo, 2024).
  • AI tool redundancy costs large enterprises $2–5 million annually in duplicate licensing and overlapping capabilities (Gartner, 2025).
  • 38% of AI tools purchased by departments are never formally integrated into enterprise workflows — paid for but persistently underused (Salesforce, 2024).

The proliferation problem is not only a security problem. It is also a budget problem — one that compounds as AI spend increases and governance infrastructure fails to keep pace.

The Security and Compliance Risk Profile

An ungoverned AI estate is not merely untidy. It is actively dangerous.

  • 40% of organizations experienced an AI-related security incident in 2024 (IBM X-Force Threat Intelligence Index, 2025).
  • 11% of data entered into AI tools is sensitive or confidential — a ratio that translates into an enormous aggregate exposure across hundreds of tools and thousands of employees (Cyberhaven Data Security Report, 2024).
  • Data events involving AI tools increased 485% year-over-year (Cyberhaven, 2024).
  • Enterprises running 10 or more ungoverned AI tools are estimated to be 3x more likely to experience a data leakage incident (Gartner, 2025).
  • EU AI Act non-compliance penalties can reach €30 million or 6% of global annual turnover — and organizations that cannot inventory their AI tools cannot demonstrate compliance.

The Agentic AI Layer: A New Category of Invisible Risk

The AI tool count problem is about to get significantly more complex. As agentic AI and MCP-based architectures become mainstream, the definition of “AI tool” expands beyond applications to include autonomous agents and connected servers with the ability to take action across enterprise systems.

  • MCP server adoption grew more than 400% in 2025, with the vast majority of deployments occurring outside of any formal security review.
  • The average enterprise developer has access to 12 or more MCP servers as of Q1 2025 — most of which have never been inventoried or assessed by a security team.
  • Only 18% of enterprises have any policy governing MCP server use (Gartner, 2025).
  • Gartner projects that by 2026, 30% of new enterprise AI applications will use agent-based architectures — a category for which most current security tooling has no visibility.

Unlike a SaaS application, an ungoverned AI agent is not simply a passive consumer of data. It can read files, call APIs, execute code, and take persistent actions across systems — without generating the kind of audit trail that would alert a security team. The AI tool count problem is serious today. The agentic AI inventory problem is the version of this challenge that security leaders need to be preparing for right now.

What Governance-Mature Organizations Are Doing

Organizations that are successfully managing their AI estate share a set of common infrastructure investments:

  1. Automated AI discovery — continuous, real-time scanning across browser telemetry, network traffic, endpoint data, and identity provider logs to detect AI tools as they emerge, not after an annual audit.
  2. Centralized AI inventory — a living register of all sanctioned and detected AI tools, updated in real time, mapped to owners, data classifications, and regulatory obligations.
  3. AI gateway routing — all sanctioned AI traffic flowing through a governed proxy that enforces policy, logs interactions, and enables DLP controls.
  4. MCP server governance — dedicated tooling to discover, inventory, and assess the security posture of MCP servers accessible to developer and agent workflows.
  5. Browser-level controls — real-time detection and blocking of access to unsanctioned AI tools before sensitive data is submitted.
  6. Spend governance — integration of AI tool inventory with procurement and finance systems to eliminate redundant licensing and shadow AI spend.

The organizations that have addressed the AI tool count problem are not doing so through policy alone. They have built detection and inventory infrastructure that operates at the speed of AI adoption — not the speed of annual compliance audits.

The Bottom Line

The average large enterprise is running more than 700 AI tools. Most of them have not been reviewed by a security team. Most of the employees using them have no formal guidance. And most of the organizations in which they operate cannot tell you, with confidence, what that number actually is.

AI tool sprawl is not a future governance challenge. It is the current state of the enterprise — and the organizations that build visibility and control infrastructure now will be the ones that avoid the breach, the regulatory penalty, and the board conversation that follows.

The first step in governing your AI estate is knowing what is in it.

Want to see how Airia discovers and governs every AI tool across your enterprise environment — including shadow AI, agentic workflows, and MCP servers?

Book a Demo

Put these ideas to work.

Schedule a 30-minute walkthrough with our team.

Talk through your use case