Lookout Targets 'Shadow AI' Risk on Mobile with New Governance Tool

BOSTON, MA – April 29, 2026 – Mobile security firm Lookout today launched a new solution aimed at a growing and largely invisible threat to enterprise security: the unmonitored use of artificial intelligence on employees' mobile devices. The company's new offering, Lookout AI Visibility & Governance, is designed to give organizations the tools to discover and control this burgeoning “Shadow AI” ecosystem before it leads to a catastrophic data breach or compliance failure.

The new platform extends directly into the mobile environment, an area where traditional corporate security controls often have no reach. It promises to expose unsanctioned AI applications, monitor the behavior of autonomous AI agents, and enforce data policies on the smartphones and tablets that have become central to modern work.

“AI adoption is accelerating faster than most organizations can see or control, especially on mobile devices, where AI activity often operates outside traditional corporate boundaries and remains largely invisible,” said Jim Dolce, CEO of Lookout, in a statement announcing the launch. “We’re closing that gap, giving organizations the ability to see, understand, and govern AI usage at the mobile layer.”

The Unseen Threat of Mobile 'Shadow AI'

The term “Shadow AI” refers to the use of AI tools and applications by employees without the formal approval or oversight of their IT and security departments. While Shadow IT has been a long-standing challenge, the power and accessibility of modern generative AI have amplified the risks exponentially, particularly on mobile platforms.

A recent survey commissioned by Lookout paints a stark picture of this visibility gap. It found that nearly 60% of organizations are unable to monitor AI activity on mobile devices. Furthermore, 68% admit they lack visibility into the workflows of autonomous AI agents, and a staggering 72% cannot even identify which AI software development kits (SDKs) are embedded within the mobile apps their employees use.

These findings are echoed across the industry. Independent research from mobile security specialists NowSecure revealed that over half of the 50,000 mobile apps it tested contained AI components, many of which were not disclosed and could lead to unauthorized data sharing. This creates a massive blind spot where sensitive corporate data—from strategic plans to customer information—can be fed into public AI models, potentially being used for model training or exposed in future outputs without any audit trail. The financial consequences are severe, with some industry reports suggesting that data breaches involving Shadow AI can cost companies hundreds of thousands of dollars more than standard incidents.

A New Front in Mobile Security Governance

Lookout's new platform signals a strategic evolution in mobile security, moving beyond simply protecting the device to actively governing the AI-driven interactions occurring on it. The solution provides a real-time inventory of all AI applications, both sanctioned and unsanctioned, across corporate-owned and personal (BYOD) devices. This is a critical first step in turning an unknown risk into a governed asset.

Key features include the ability to monitor the behavior of AI agents, mapping their permissions to ensure they don’t execute unauthorized workflows or access sensitive enterprise systems. It also provides for the enforcement of “intelligent data guardrails,” which are designed to prevent sensitive data from being exfiltrated to unapproved AI services. This addresses the core risk of employees inadvertently leaking proprietary information by using public AI tools for work-related tasks.

This approach marks a departure from traditional Mobile Threat Defense (MTD) and Unified Endpoint Management (UEM) platforms, which have historically focused on device integrity, malware detection, and application management. While these solutions are increasingly adapting to AI-related threats, Lookout is positioning its offering as a specialized tool built specifically for the nuances of mobile AI governance.

“While monitoring and control over AI deployment on laptops and within the corporate network is rightly growing, monitoring of AI usage on mobile platforms lags far behind,” noted Mark Child, Associate Research Director at IDC. "This situation can create increased risk due to the lack of visibility and control over AI usage in the mobile domain."

Navigating the Emerging AI Regulatory Maze

The launch comes as organizations worldwide grapple with a rapidly evolving and complex web of AI regulations. The European Union’s landmark AI Act, the U.S. National Institute of Standards and Technology’s AI Risk Management Framework (NIST AI RMF), and the international standard ISO/IEC 42001 are shifting AI ethics from voluntary guidelines to mandatory compliance. These frameworks demand transparency, robustness, and clear governance over how AI systems are deployed and used.

For enterprises, unmanaged AI on mobile devices represents a significant compliance risk. An employee using an unvetted AI app that falls into a “high-risk” category under the EU AI Act could expose their entire organization to significant penalties. Without the ability to monitor, document, and control this activity, companies will find it nearly impossible to prove compliance.

Lookout is directly addressing this challenge by including features for automated compliance alignment. The platform is designed to generate audit-ready evidence that maps to the requirements of these major regulatory frameworks, providing the traceability needed for effective AI risk management. The demand for such solutions is surging, with the global AI governance market projected to grow from just over $350 million in 2025 to nearly $5.75 billion by 2034.

As AI becomes more deeply embedded in business processes, the line between personal and corporate technology continues to blur, especially on mobile devices. The introduction of dedicated governance tools highlights a critical new reality for enterprise security: it is no longer sufficient to secure the endpoint alone. Organizations must now gain visibility and control over the intelligent, autonomous, and often hidden AI activity that operates on it.