ChatGPT epitomizes the duality of Shadow IT: it's a tool that offers users significant advantages in creativity and productivity, but it's also a potential vector for data leakage and compliance violations, with substantial unintended consequences if left unmanaged.

What does this mean for IT teams? Is there cause for concern? We've analyzed the real-world adoption of ChatGPT over the past six months. We've unearthed some intriguing insights by utilizing aggregate, anonymized discovery data from the Trelica customer base. These findings illuminate how businesses adopt ChatGPT and the broader implications for IT strategy and SaaS management.

In previous blogs, we articulated why the label 'Shadow IT' falls short in capturing the full spectrum of modern technology adoption. It's reductive to cast every instance of unapproved, unsanctioned, or unknown application usage under a negative light. 

The reality is far more complex and dynamic: users autonomously making technology decisions is not just a source of risk but also a wellspring of opportunity. The advent of ChatGPT offers a unique and notable example of this duality.

ChatGPT as a SaaS Product

ChatGPT's role in the SaaS landscape is both novel and transformative. As a sophisticated AI language model, it exemplifies the potential of SaaS products to deliver advanced capabilities through the cloud. 

Unique in its offering, ChatGPT adheres to the freemium model prevalent in modern SaaS solutions. This model allows everyone basic access, allowing users to upgrade to premium services for enhanced features. By allowing easy initial access, the freemium model significantly contributes to the rise of Shadow IT, enabling users to adopt tools without formal IT approval. It's the trojan horse that allows users to adopt new tools informally and incrementally. Before you realize it's a fait accompli - the tool is already essentially adopted.

Understanding the usage of ChatGPT is pivotal for IT operations. From an IT perspective, ChatGPT offers a range of benefits, including enhanced efficiency, innovative problem-solving, and support in creative tasks. However, it also introduces risks such as potential data security concerns, compliance issues, and the possibility of reliance on AI for critical decision-making. Balancing these benefits and risks is essential for organizations to harness ChatGPT's capabilities effectively while maintaining robust IT governance and security standards.

Research Questions and Methodology

Several critical questions drive our exploration into ChatGPT's impact:

  1. Adoption and Usage: What proportion of organizations and their employees use ChatGPT?
  2. Financial Commitment: How are organizations investing in ChatGPT or OpenAI services?
  3. Usage Insights: What patterns emerge from the usage of ChatGPT, and what do they signify?

We combined anonymized data extraction from Trelica's extensive database and qualitative analysis to address these queries. This analysis included examining login patterns, financial expenditures on OpenAI services, and analyzing usage trends. 

What is the adoption rate of ChatGPT?

70.8% of our customer base is utilizing ChatGPT in some capacity. Interestingly, this is slightly lower than OpenAI's estimate from August 28th, 2023, which stated, "Since ChatGPT's launch just nine months ago, we've seen teams adopt it in over 80% of Fortune 500 companies."

This adoption rate was nearly uniform across industry sectors and geographies - ChatGPT appears universal.

By Company Size:

  • Smaller companies (0-100 employees) demonstrated the highest adoption rate at 38.8%.
  • Medium-sized companies (100-1500 employees) followed with a 24.6% adoption rate.
  • Larger organizations (over 1500 employees) showed a lower adoption rate of 12.7%.
ChatGPT Adoption by company size

Key operational characteristics unique to smaller companies contribute to the higher adoption rate of ChatGPT in these businesses:

  1. Agility and Flexibility: Smaller firms can swiftly adopt new technologies like ChatGPT due to less bureaucracy and faster decision-making processes.
  2. Resource Optimization: ChatGPT offers small companies an affordable way to enhance productivity and customer support, which is crucial for businesses with limited resources.
  3. Competitive Advantage: Adopting advanced technologies such as ChatGPT helps small businesses differentiate themselves in competitive markets and drive growth.
  4. Ease of Implementation: A smaller scale of operations allows quicker integration and a shorter learning curve for new tools like ChatGPT.
  5. Customization and Experimentation: Small businesses have more scope to tailor technologies like ChatGPT to their specific needs, fostering innovation and efficiency.

The trend towards higher ChatGPT usage in smaller companies reflects their need for flexibility, efficiency, and technological leverage to compete effectively.

Financial Implications of ChatGPT in Organizations

We found only 18% of Trelica customers currently have expenses associated with ChatGPT / OpenAI, representing a quarter of those customers we saw using it. In almost all cases, this spend comes from an individual or a few individuals with separate expense claims who have signed up for a premium subscription. We recommend engaging with these early adopters before spending proliferates and becomes out of control.

The low financial commitment, despite the high usage rate, suggests several underlying factors influencing organizational investment decisions regarding new technologies like ChatGPT:

  • Uncertainty About ROI: Companies may be cautious about investing in ChatGPT without clear, quantifiable benefits.
  • Exploratory Phase: Many organizations are likely using ChatGPT's basic features to gauge its impact, which does not necessitate the premium features of paid subscriptions.
  • Lack of Defined Use Cases: The absence of precise, business-specific applications for ChatGPT could lead to hesitation in financial commitment.
  • Budget Constraints and Priorities: During economically uncertain times, investors often direct their investments toward technologies with immediate strategic relevance. ChatGPT has yet to be a priority.
  • Data Security and Compliance Concerns: Data security and regulatory compliance concerns might deter companies from investing in ChatGPT financially until they resolve these issues.
  • The Freemium Model's Influence: The availability of basic functionalities without cost might discourage immediate financial investment as companies explore ChatGPT's capabilities.

As such, while the usage of ChatGPT is widespread, its financial implications in organizations are still evolving. Strategic caution, exploration, budget considerations, and an emerging understanding of ChatGPT's value proposition influence investing in it. The landscape of AI in business is rapidly changing, and we will likely see a shift in this trend as organizations begin to recognize and harness the full potential of ChatGPT.

How are IT teams responding to ChatGPT adoption?

To best understand how IT teams respond to the upsurge in ChatGPT discovery, we analyzed how Trelica app inventories represent the app. Trelica assigns every app a 'status,' indicating the extent of its 'sanction' or control by the IT team. We've mapped these statuses to the broad categories below to paint a picture of where companies are regarding ChatGPT adoption.

Trelica status for ChatGPT by proportion of organizations
  • Unmanaged (32.6% of organizations): ChatGPT is still a 'New' entity for many organizations, likely reflecting a rapid adoption rate that outpaces existing IT controls. These organizations might be evaluating the tool's implications, leading to its current unmanaged status.
  • Active Monitoring (23.9%): Many organizations have ChatGPT 'In review,' indicating that they are actively monitoring its usage to understand its impact and potential risks. This proactive approach suggests a balanced view, recognizing the benefits and the possible security or compliance concerns associated with ChatGPT.
  • Formal Integration (17.4%): Organizations that have marked ChatGPT as 'Managed' are incorporating it into their IT systems with policies and guidelines. They likely recognize ChatGPT's potential value and are committed to maintaining oversight and control.
  • Acknowledged (Not Managed) (21.7%): Some organizations categorize ChatGPT as 'Accepted,' acknowledging its presence but not actively managing it. This could be due to resource constraints, competing priorities, or a wait-and-see approach to gauge its long-term viability before committing to active management.
  • Deliberate Non-Engagement (4.3%): A small segment has labeled ChatGPT as 'Ignored,' which may be due to a strategic decision to focus on other technologies, concerns about the fit of ChatGPT within their existing tech ecosystem, or skepticism about its applicability to their specific business needs.

Through these varied responses, IT teams demonstrate a spectrum of strategies for ChatGPT, ranging from cautious observation to active integration. This diversity underscores the importance of context-specific strategies in SaaS management, reflecting each organization's unique needs, resources, and technological landscapes.

Trelica's take on how ChatGPT adoption is likely to play out

Trelica works with dozens of technology leaders, many at the forefront of the technology fields. In addition to our analysis of adoption data, we've also discussed policies and approaches with senior IT leaders. We've learned that the adoption lifecycle of ChatGPT in organizations typically follows a progressive path from initial exploration to formal policy development. Here are some best practices to help organizations navigate this transition effectively:

Initial Exploration to Formal Evaluation:

  1. Encourage Open Communication: Foster an environment where employees feel comfortable sharing their experiences and use cases with ChatGPT.
  2. Establish Clear Evaluation Criteria: Define specific metrics and goals for evaluating ChatGPT. 

Formal Evaluation:

  1. Conduct a Risk-Benefit Analysis: Weigh the advantages of ChatGPT against potential risks such as data security and compliance issues.
  2. Engage Cross-Functional Teams: Involve stakeholders from IT, security, compliance, and the business units. 

Policy Development:

  1. Draft Preliminary Guidelines: Based on the evaluation, start drafting guidelines that outline acceptable uses of ChatGPT, data handling practices, and any necessary restrictions.
  2. Pilot and Iterate: Implement these guidelines in a controlled pilot phase. Monitor the outcomes and gather feedback to refine the policies.
  3. Formalize Policies: Finalize the policies based on insights from the pilot phase. Ensure they are clear, practical, and aligned with organizational objectives and IT strategies.
  4. Communicate and Train: Disseminate the policies across the organization. Conduct training sessions to educate employees on the guidelines, emphasizing the importance of adherence to security and efficiency.

Ongoing Management and Review:

  1. Monitor and Adapt: Regularly monitor the usage of ChatGPT and the effectiveness of the policies. Be prepared to adapt and update the policies as ChatGPT evolves and new use cases emerge.
  2. Leverage SaaS Management Tools: Utilize tools like Trelica to gain visibility into ChatGPT usage, manage compliance, and ensure optimal utilization.

In implementing these best practices, it's crucial to acknowledge the need for expedience. ChatGPT's rapid rise in importance and adoption necessitates swift action. Organizations must quickly move through these stages, especially in developing and enforcing policies, to avoid potential risks while capitalizing on the benefits. This rapid response is vital to harness ChatGPT's capabilities effectively in a swiftly evolving digital landscape.

Role of SaaS Management in ChatGPT Utilization

As a SaaS management platform, Trelica's role in overseeing the utilization of ChatGPT focuses on streamlining its integration into organizational systems and ensuring its efficient and compliant use. Here's how Trelica specifically supports organizations in managing ChatGPT:

Visibility and Discovery:

  • Trelica provides comprehensive visibility into how organizations use ChatGPT, including tracking who uses it, how much, and through engagement tools, for what purposes.
  • By identifying and cataloging the use of ChatGPT across different departments, Trelica helps organizations understand the tool's penetration and usage patterns.

Cost Management:

  • Trelica aids in managing the financial aspects of ChatGPT adoption. It helps track any subscriptions or expenditures related to ChatGPT, providing insights into the cost-effectiveness of its deployment.
  • For now, this would mean keeping track of individual expenses from ChatGPT. As adoption grows, this data would drive negotiations for an enterprise subscription and future right-sizing based on adoption and real-world usage.

Compliance and Policy Management:

  • By monitoring access, Trelica helps verify that the use of ChatGPT aligns with organizational policies and access controls.
  • In cases where people leave or should no longer be using ChatGPT, Trelica provides the facility to revoke their OAuth tokens, thereby removing access.

Facilitating Informed Decision Making:

  • By providing detailed analytics and insights on ChatGPT usage, Trelica empowers IT leaders to make informed decisions about the tool's future deployment and integration within their tech stack.
  • This data-driven approach supports strategic planning and helps to maximize the benefits derived from ChatGPT.

In essence, Trelica's capabilities in SaaS management are crucial for organizations to manage ChatGPT's integration and use efficiently. The platform ensures that organizations benefit from ChatGPT's advanced capabilities and maintain control, compliance, and cost-effectiveness.


ChatGPT exemplifies the dual-edged nature of modern technology adoption, especially in Shadow IT. As with so many modern SaaS productivity tools, its widespread, user-driven adoption highlights a shift in how technology is perceived and utilized within organizations. What distinguishes ChatGPT is its considerable benefits in terms of productivity while simultaneously posing significant data leakage risks. 

This duality between risk and opportunity in Shadow IT - epitomized by ChatGPT - underscores the critical role of IT teams and SaaS management platforms (SMPs) like Trelica. SMPs are tools for control and enablers that help balance the scales between opportunity and risk. The good news is that - from our analysis, at least - despite the hype, it's still early days for ChatGPT enterprise adoption. Usage is broad but shallow and mainly on a freemium basis. Now is the time to engage with early adopters, shape policy, and harness the benefits while managing the risk – that journey starts with discovering and understanding usage.


Please note that the insights and conclusions in this article are derived from aggregate, anonymized data analysis conducted by Trelica and only where explicit permission has been granted for such use. Trelica is committed to the ethical handling of data and does not engage in the sale of data. While this dataset offers valuable perspectives on ChatGPT's usage and impact across various organizations, it represents a subset of the global corporate landscape. Our findings should be viewed as indicative trends due to limitations in the available data.