This study addresses the unauthorized deployment of cutting-edge artificial intelligence—termed “shadow AI”—within critical infrastructure, which circumvents established governance mechanisms and jeopardizes data security, decision reliability, and regulatory compliance. Through semi-structured interviews with 27 Australian critical infrastructure organizations, the research conceptualizes shadow AI as a systemic socio-technical challenge and proposes an empirically grounded threat model centered on three interrelated mechanisms of security degradation: boundary bypassing, unassessed capability expansion, and loss of observability due to governance evasion. Focusing on real-world deployments of large language models and agentic AI in sectors such as telecommunications, energy, and water utilities, the study reveals fundamental tensions between shadow AI practices and existing safety and compliance frameworks, advocating for path-aligned, context-specific governance strategies to manage unregulated risks.

Frontier AI systems, including large language models and emerging agentic AI tools, offer significant operational benefits but present unique challenges to critical infrastructure (CI) environments due to their non-deterministic and emergent properties. While formal adoption is inherently cautious and tightly controlled due to strict regulatory oversight, widespread accessibility has catalysed shadow AI: the unsanctioned use of frontier AI outside established organisational controls. In CI settings, shadow AI bypasses established assurance and oversight mechanisms, amplifying risks to data protection, decision reliability, and regulatory compliance, with potential consequences for essential service delivery. We present the first empirical study of shadow AI in CI environments, characterising it as a systemic socio-technical condition of assurance erosion. Drawing on semi-structured interviews with senior executives and functional leaders across 27 Australian CI organisations (Communications, Energy, and Water and Sewerage sectors), we analyse how shadow AI manifests in practice, how it interacts with existing technical and governance controls, and the resulting security, assurance, and compliance risks. We develop an empirically derived threat model identifying three primary mechanisms of security degradation: (i) boundary bypass, where data flows circumvent established perimeters; (ii) unassessed capability expansion, where embedded AI features introduce latent risks; and (iii) loss of observability via governance circumvention, undermining forensic auditability and least-privilege enforcement. Our findings demonstrate that shadow AI introduces unmanaged risks that fundamentally challenge existing security and compliance frameworks, necessitating tailored, pathway-aligned governance and control strategies.