Top Suppliers Driving The Highest Shadow Spend (And How To Regain Control)

Your finance team just closed the books. You're reviewing the P&L, and there it is again - software spend climbed another 8% despite your hiring freeze and cost controls. You know your major vendors. You negotiated the enterprise agreements. Where's the leak?

What we discovered analyzing over $18 billion in software transactions at Tropic: the vendors driving the most shadow spend are your stickiest platforms you use all the time - Google, Microsoft, OpenAI, Atlassian, GitHub. The difference is how they're being purchased.

Shadow IT (or shadow spend), has evolved. Understanding this evolution is the difference between controlling costs and watching your budget bleed out $100 at a time.

Understanding the Two Types of Shadow IT Exposure

The 2025 data reveals shadow spend manifests in two distinct ways, and recognizing both is critical for effective governance:

1. By dollar amount, the exposure lives in operational infrastructure: Google dominates, followed by Circle, New Relic, Rippling, and Snowflake. These are core business systems that scaled outside proper oversight. When engineering expands cloud infrastructure without procurement visibility, or HR adds modules to Rippling across departments, individual decisions compound into material budget impact. The financial risk here is substantial: contracts signed outside procurement, pricing negotiated (or not negotiated) by individual teams, renewals happening automatically without review.

2. By frequency, it's platforms engineered to bypass procurement: Google, Microsoft, OpenAI, Atlassian - these share a common DNA. They're designed with product-led growth mechanics that make adoption easy and expansion automatic. Usage-based pricing scales seamlessly. Free tiers graduate to paid without friction. Integrations make tools sticky before procurement gets involved. The playbook is consistent: make it easier for teams to adopt than to wait for approval.

An important thing to keep in mind is that shadow spend isn't one problem requiring one solution. It's high-value contracts signed without leverage and high-frequency small purchases that accumulate. The vendors showing up on both lists - Google, Microsoft - represent the most sophisticated challenge: large dollar exposure combined with distributed adoption patterns.

Meet The Culprits: Vendors Driving The Most Shadow IT

Let's talk specifics about the platforms designed to engineer around procurement most frequently, based on our analysis of hundreds of companies:

• Google dominates both dimensions. By dollar amount, Google represents the largest single source of shadow spend exposure, significantly outpacing all other vendors. By frequency, Google leads as the most common shadow spend supplier. The pattern is consistent: teams start with approved Workspace licenses, then add Drive storage, scale up Cloud compute, purchase premium features, or expand into new Google services all without central oversight.
• The high-frequency tier: Microsoft, OpenAI, Atlassian. After Google, these three vendors appear most frequently in shadow spend. Microsoft shadow spend happens when your enterprise Office 365 agreement expands into Teams premium features, Azure consumption that bypasses IT, or Power Platform licenses purchased departmentally. OpenAI represents the AI-native challenge - individual subscriptions for ChatGPT Plus or API credits that proliferate across teams. Atlassian follows the expansion model: enterprise Jira becomes Advanced Roadmaps, Atlassian Access, separate Confluence upgrades, and Trello subscriptions, each purchased to solve an immediate need.
• The self-service platforms: Twilio, GitHub, Adobe. These vendors make the top 11 because they're designed for team-level adoption. Twilio starts with approved communication APIs, then expands into related services. GitHub seats multiply across departments. Adobe Creative Cloud individual licenses proliferate before anyone realizes enterprise terms were available.
• Collaboration and workflow tools: HubSpot, Figma, Slack. Rounding out the top shadow spend vendors, these tools are engineered to encourage organic adoption. HubSpot contacts overflow into new tiers. Figma viewers become editors across teams. Slack channels become separate workspaces with their own billing. Easy adoption means easy expansion (without procurement approval).

The pattern is clear across all these vendors: platforms that make procurement optional will see procurement bypassed. When we examined companies with strong spend governance, the same vendors still appeared in shadow spend - just at lower frequencies and dollar amounts.

The difference was how quickly shadow spend got discovered and consolidated.

What Actually Works: How to Mitigate Shadow IT

After working directly with finance and procurement leaders managing this problem, three strategies separate companies that control shadow spend from those perpetually playing catch-up.

1. Build continuous detection, not just approval checkpoints

You need to see everything automatically and act on what matters:

• Connect your payment rails to one system. Corporate cards, expense systems, and AP all process shadow spend. When these feeds connect, you automatically categorize software purchases, flag new vendors, and identify duplicate suppliers the moment charges appear.
• Add usage data for validation. SSO logs, VPN access, and API patterns show what's actually being used versus what's being paid for.
• Automate the triage. When new spend appears: identify the supplier, categorize it, flag duplicates, and route material spend for review. Pre-set thresholds determine what gets auto-approved versus what triggers consolidation discussions (see tip 2 below).
• Build exception handling into the workflow. Who reviews shadow spend discoveries? What's the timeline? How do you consolidate? Without clear protocols, you'll identify duplicate licenses and still take X number of months to act because no one owns the decision.

2. Build pre-approved rails for high-frequency vendors 

Fighting shadow spend by blocking purchases creates the exact behavior you're trying to prevent. Teams will find workarounds. The smarter approach: accept that certain vendors will be adopted at the team level, and build infrastructure to manage that reality.

For the vendors that consistently appear in shadow spend - Google, Microsoft, Atlassian, OpenAI, GitHub, Adobe - establish threshold-based approval. Individual purchases under defined limits auto-approve but get logged and tracked. Cumulative spend over thresholds triggers procurement review. This approach acknowledges that a $50 monthly subscription shouldn't require CFO approval, but $15,000 in accumulated team subscriptions absolutely should trigger consolidation conversations.

3. Factor "adoption ease" into your total cost of ownership 

When evaluating new vendors, explicitly ask: how easy is it for teams to adopt this without our knowledge? Vendors with strong self-service capabilities, freemium tiers, or usage-based pricing require tighter ongoing governance. This isn't a reason to reject the vendor - it's a reason to build controls before you sign, not after you discover distributed spend.

We've seen companies negotiate vendor-side controls directly into contracts: spending caps that trigger alerts, departmental charge codes required for new licenses, consolidated billing that rolls up distributed purchases. These terms don't appear in standard agreements - you have to negotiate them. But for vendors like Google, Microsoft, or OpenAI where team-level adoption is inevitable, vendor-side controls prove more effective than post-purchase policy enforcement.

Turn Shadow IT Into a Competitive Advantage

As you’re navigating your software budget and forecast in 2026, assume a percentage of your actual spend will happen outside your procurement process. And understand that shadow spend not only represents a problem to solve, but a signal to exploit.

When teams adopt features or add-ons outside procurement, they're telling you exactly what capabilities they need and where your approved stack has gaps.

Companies that treat shadow spend purely as a compliance issue miss the strategic insight. You can use shadow spend data to inform their vendor negotiations, consolidation decisions, and tech stack optimization.

Implement continuous detection, establish 30-day resolution protocols, and use the patterns you uncover to negotiate better. Every shadow spend discovery is leverage for you. Google charging various departments separately? That's consolidation power. Teams buying individual OpenAI subscriptions? That's your signal to negotiate enterprise terms before spend disperses further.

These shadow spend culprits have built product-led growth engines that easily bypass traditional procurement. Rightfully so, they've made adoption easy because easy adoption drives revenue. It’s on you to move from shadow spend discovery to action. The faster you do, the more money stays in your budget instead of leaking around procurement. 

You need to weaponize this visibility to drive better economics across your entire software portfolio.

For more data like this, grab our full Spend Report here.