AI sprawl vs. CIOs: The battle to control enterprise AI

Why is AI sprawl happening?

The pressure on technology leaders to implement AI is palpable. In McKinsey & Company’s 2025 State of AI report, 88% of organizations reported regular use of AI in at least one business function, up from 78% the previous year. For CIOs and other technology leaders, the message from the top is clear: move fast.

"Boards and leadership teams are having these mandates, 'Execute on AI, use AI or else,'" said Cindi Howson, chief data and AI strategy officer at ThoughtSpot.

The rush to deploy AI can create problems early in an organization's AI journey. When leaders move too quickly to put tools in employees' hands, important governance and rollout decisions can be overlooked, which lays the groundwork for AI sprawl.

"For CIOs who are racing to get tools into the hands of users, the easiest thing to do is turn on capabilities across the organization," said Shannon Bell, EVP, chief data officer and CIO at OpenText. "But trying to roll AI tools out all at once is not a success path. Tools should be rolled out cohort by cohort."

Blanket deployment of AI is a common mistake, often driven by the same executive pressure described by Howson. CIOs must balance the urgency to innovate with the discipline needed to deploy AI responsibly. Move too slowly, and organizations risk falling behind competitors. Move too quickly, however, and companies may introduce new risks by placing powerful AI tools in employees' hands without the right guardrails in place.

"As we're rolling out AI tools, we want to do it in a responsible way that builds in best practices from a data governance perspective," Bell said. "But at the same time, you can't go too slowly, or your employees will seek out those tools from other places, putting the enterprise at risk."

Common mistakes that lead to AI sprawl

As organizations rush to deploy AI, they often make multiple common mistakes that occur early in an AI journey. These mistakes create conditions for long-term AI sprawl and, if avoided, can help prevent AI sprawl altogether.

These mistakes include the following:

1. Treating governance as a barrier rather than an enabler

AI governance is often treated as a barrier that slows innovation. In reality, AI governance and its controls help an organization innovate without risk.

"We use a Formula One analogy," said Dan Diasio, global AI leader and Americas chief technology officer at EY. "Without brakes, a driver cannot go fast. Brakes allow speed. Governance and controls allow organizations to move faster by building reusable, scalable capabilities rather than one-offs."

By framing governance as something that slows innovation, rather than enabling it, employees will naturally look for ways around it. This, in turn, contributes to the growth of shadow AI.

"In most organizations, governance is seen as a gate. It's not seen as a service. And if you make it a gate, then people will find their way through the gate, around the gate, over the gate," said Diasio.

2. Allowing business units to pursue separate AI strategies

When a business operates with multiple AI strategies, avoiding overlap and unnecessary cost becomes more difficult, and visibility becomes impossible. A shared enterprise AI strategy provides different business units with the autonomy to experiment with AI in ways that align with broader business objectives.

"Every business unit is coming up with their own AI strategies," Howson said. "There is not an AI operating committee, and everyone just does their own thing."

Without central coordination and a shared strategy, CIOs may find themselves managing a patchwork of tools, models and platforms that are difficult to integrate or govern at scale.

3. Avoiding the AI rush altogether

"There are organizations sticking their heads in the sand and saying, 'We're not going to use AI. It's not ready. We don't understand hallucinations.' And then they will use excuses," said Howson. "But the reality is, employees will use their own tools, which is even worse because you don't want employees uploading confidential information to a third-party tool."

Avoiding AI doesn't mean organizations don't have to deal with AI sprawl. In fact, avoiding AI can contribute to sprawl when employees take matters into their own hands.

4. Focusing too much on models instead of architecture

Many organizations also fall into what some experts call the model trap.

"There's something I've called the model trap, which is focusing too much on the model and not the architecture around it," said Diasio. "A generative capability shouldn't be taking action without the robustness of an architecture put in place around it."

Without strong architecture and governance frameworks in place, even well-performing models can introduce operational risk when deployed at scale.

5. Inadequate training for employees

If an organization wants its employees to use designated tools, it should provide extensive training. Training can reduce the risk of shadow AI and help employees feel able to do their best work with the tools provided.

"In our recent EY Work Reimagined survey, we see that 88% of employees are using AI as part of their work, but only 12% feel like they're receiving sufficient training to do so effectively," Diasio said. "In some cases, over half of employees are bringing their own tools to work because they don't feel like their employers are giving them the adequate tools to do their job."

Practical steps for CIOs to avoid AI sprawl

Preventing AI sprawl requires more than awareness; it demands deliberate action. For CIOs, establishing the right guardrails while providing teams with practical guidance keeps AI adoption both innovative and controlled, minimizes risk while maximizing value and focuses on innovation.

Practical steps to achieve this include the following:

1. Start with targeted use cases

Using a blanket approach to AI adoption is a common mistake. Experts warn that, when it comes to AI, the one-size-fits-all approach is likely to lead to sprawl. Instead, simple roadmaps that tackle one problem at a time can prevent AI sprawl.

"Focus on what problems you're trying to solve," Bell said. "Start small, cohort by cohort. Don't rush to get tools into the hands of the users without really understanding what they're going to do with them."

2. Reframe governance as support

"If governance becomes a checklist of standards and questions rather than support, that is when sprawl begins," Diasio said.

Governance should provide a framework to innovate, but it is too often a barrier that employees seek ways around.

"Safe experimentation, or a risk-based model for experimentation, is key," Howson said.

By granting employees flexibility to experiment securely, leaders can avoid restricting their workers, an instead, allow employees to find what works best for them within a secure environment.

3. Match tools to roles

Ultimately, AI can empower employees to do their best work. Not every AI tool fits every role, though. When gaps appear, employees will naturally seek tools on their own.

"You don't have to give the same tool to everyone," Bell said. "You have to give the right tool to the right person in the right role to make them more efficient and productive."

When rolling out tools, create clear descriptions that outline what each one should do and align them with the day-to-day tasks performed by a cohort of employees.

Rosa Heaton is a content manager and writer for the IT Strategy team at TechTarget.