Earlier this year, a quiet courtroom in the Central District of California made noise the entire cybersecurity industry should be hearing: for the first time ever: a federal judge used the term “Shadow IT” in a legal ruling. And just like that, something we’ve all seen a thousand times—rogue cloud accounts, personal AI use, unsanctioned Githubs—was transformed from “nuisance” to “liability.” 

The case? Moement, Inc. V. Groomore, Inc. Et Al. A group of contract developers uploaded Moement (they actually go by MoeGo)’s source code to their personal GitHub repos. When they left the company, they spun that code into a competing platform. The jury sided with MoeGo. The damage? $572K, plus fees. Add another $1M+ in default judgments against other developers. That’s over $1.5M in fallout—because of Shadow IT. 

Why This Matters for MSPs 

You’ve probably already seen it: employees using ChatGPT to draft contracts, syncing files to Dropbox, texting passwords across personal phones. That’s Shadow IT. And when the breach hits—or the lawsuit lands—your client won’t be asking if it was “officially approved.” They’ll be asking why you didn’t stop it. 

Shadow IT isn’t just risky. It’s insurable-denial risky. 

According to the IBM 2025 Cost of a Data Breach Report, companies with high levels of Shadow AI usage incurred $670,000 more in breach costs than those who didn’t. That’s before the fines, class actions, or client loss. 

Worse? Insurance carriers love to cite “unauthorized use” when rejecting claims. Shadow IT fits that excuse like a glove. 

What You Should Be Doing Yesterday 

  1. Update your Acceptable Use Policies. Include explicit language around generative AI, personal cloud storage, and device usage. 
  2. Roll out a Shadow IT detection tool (yes, that’s now a thing). 
  3. Document your warnings and rejections. You’re not protected unless you have evidence. 
  4. Educate your clients. Use our new SecOps module on Shadow IT to show clients exactly what’s at stake. 

The Galactic Opportunity 

If you’re not talking to your clients about Shadow IT, someone else will. And when they get that gig, they won’t stop at AI usage policies. They’ll replace your stack, your seat at the table—and you. 

Start the conversation. Offer a Shadow IT risk assessment. Show them the lawsuit. Use the term “evidence gap.” 

Because right now, that’s exactly what their lawyers (and insurers) are circling for.