The Rise of Shadow AI in the Enterprise
In 2026, employee adoption of generative AI tools (ChatGPT, Claude, v0, Midjourney, and thousands of specialized domain agents) has outpaced traditional IT approval cycles. This adoption creates Shadow AI—unauthorized, unvetted AI applications accessed by employees using enterprise credentials or corporate devices.
Shadow AI introduces severe business risks:
- Intellectual Property Exposure: Employees pasting proprietary code, customer lists, or financial models into public LLM training prompts.
- Regulatory Non-Compliance: Violating GDPR, DORA, and the EU AI Act (which mandates strict risk classifications for AI tools).
- Ghost Subscription Costs: Untracked credit card expenses (expensed SaaS seats) that bypass standard procurement review.
To secure your software estate, security and Software Asset Management (SAM) teams need a structured, multi-layer approach to discover and govern AI tools.
The AI Discovery Stack: Comparison of Detection Methods
To build an accurate AI Bill of Materials (AI-BOM), organizations combine different telemetry layers. Each layer has specific trade-offs:
| Detection Layer | Data Source | Coverage | Implementation Effort | Trust Level |
|---|---|---|---|---|
| 1. Identity & SSO (OAuth) | Okta, Entra ID, Google Workspace | SSO-enabled enterprise AI accounts | Low (API-first, minutes) | 1.0 (High) |
| 2. Billing & Finance | ERP logs, corporate card expenses | Paid subscriptions expensed via invoices | Low (CSV/API matching) | 1.0 (High) |
| 3. Web Gateway & SIEM | Proxy logs, DNS queries, firewall | All network-based visits to AI domains | Medium (Log ingestion) | 0.90 (Medium) |
| 4. Endpoint/Browser Extension | Browser agent telemetry | Direct web sessions, extension-based tools | High (Agent rollout required) | 1.0 (High) |
Step-by-Step Guide to Implementing Shadow AI Discovery
Step 1: Map the Identity Perimeter
Over 70% of unauthorized AI tool logins occur using the standard “Sign in with Google” or “Sign in with Microsoft” OAuth flows.
- The Method: Query your identity provider’s directory APIs (Okta/Entra ID) to list all user-consented third-party applications.
- What to Look For: Filter the application permission grants for scopes that permit data access (e.g.
userinfo.email,drive.readonly). Cross-reference the application names against an active database of known generative AI endpoints.
Step 2: Financial Expense Reconciliation
Employees often bypass SSO by paying for Pro seats (e.g., ChatGPT Plus, Claude Pro) on personal corporate credit cards and expensing them.
- The Method: Ingest purchase logs and expense records from ERP systems (e.g. NetSuite, SAP, Concur).
- What to Look For: Use automated string matching to scan line-item descriptions for keywords like
OpenAI,Anthropic,Midjourney,Copilot, andPerplexity.
Step 3: Network Traffic Analysis (SIEM/DNS)
Network-level visibility catches employees accessing free AI tools without logging in or using personal email accounts.
- The Method: Stream DNS and proxy logs (from cloud firewalls or Secure Web Gateways) to your SIEM platform.
- What to Look For: Monitor outgoing traffic to known AI domains. Look for patterns of continuous API requests or large outbound payloads, which can signal unauthorized data exfiltration or batch model training.
Step 4: Endpoint & Browser Telemetry
The final layer of defense is endpoint monitoring, which catches localized AI browser extensions, IDE plugins, and standalone desktop binaries that bypass identity and network layers.
- The Method: Deploy lightweight user-space runners to monitor active processes and browser extension lists.
- What to Look For: Interrogate local process tables for running AI wrappers and inspect browser profile directories for unauthorized GAI extensions.
Privacy-by-Design: Governing AI Without Surveillance
While detecting Shadow AI is crucial for security, continuous monitoring of employee endpoints can trigger Works Council objections and GDPR violations in strict jurisdictions.
To maintain compliance:
- Avoid Keylogging or Screen Capture: Never use tools that log active keystrokes, capture screen buffers, or record raw browser history.
- Anonymize PII at the Source: Use local cryptographic hashing (e.g., hashing user emails using SHA-256 with a tenant-specific salt) before telemetry is transmitted to GRC dashboards.
- Implement Multi-Signal Activity Checks: Instead of tracking detailed user behavior streams, infer active usage locally using system resource metrics (CPU/GPU load spikes, network bandwidth, process lifecycle state).
Building Your AI Bill of Materials (AI-BOM)
Once discovery is complete, compile your findings into a central AI Bill of Materials (AI-BOM). Classify each detected AI tool into one of three risk categories:
- Approved/Sanctioned: Tools that have undergone security review, possess signed enterprise data privacy agreements, and are integrated into enterprise SSO.
- Tolerated: Low-risk utility tools (e.g. translation, spelling correction) that do not store PII or corporate code.
- Prohibited: Tools that store submitted prompts to train public models, lack security attestations, or violate regional regulations (such as DORA or the EU AI Act).
Further reading
- EU AI Act, DORA & NIS2: Daily Estate Intelligence in Regulated Environments
- Designing Cryptographically Verifiable Audit Evidence
- Shadow AI Detection — Platform Overview
- Unified Software Risk Visibility
Last reviewed on July 18, 2026 by Mima Intelligence