Shadow AI

what shadow AI is

Shadow AI refers to AI tools and services used within an organization that were not reviewed, approved, or documented by IT. This includes personal AI accounts employees use for work tasks, consumer-tier AI tools installed or accessed through a browser, AI browser extensions that read page content, and AI productivity apps connected to work email or documents through OAuth grants.

According to Microsoft's 2024 Work Trend Index, 75% of knowledge workers use AI at work, and 78% of people who use AI at work bring their own tools rather than wait for an approved option.

Those numbers reflect how quickly useful tools spread when they solve real problems. Shadow AI is the AI equivalent of shadow SaaS: adoption that happens in the gap between what the business needs and what IT has formally evaluated.

why shadow AI is structural, not behavioral

The cause is an approval gap rather than negligence. When an employee finds a tool that makes their work meaningfully faster, and no approved alternative exists, and the barrier to use is a browser tab or an extension install, adoption happens. That is predictable behavior in any organization.

Consumer AI tools are specifically designed to be frictionless. There is no purchase order, no IT ticket, no onboarding. An employee signs up with a personal email, starts using a free tier, and your directory has no record it ever happened.

The pattern compounds over time. More tools, more departments, more personal accounts, more OAuth connections made with individual employee credentials. Each one is invisible until something triggers a review.

what you cannot see, you cannot govern

Data exposure. Employees using personal AI accounts operate under the vendor's personal-use terms of service, not your data processing agreement. Many consumer-tier AI tools explicitly state that inputs may be used to improve their models. Company data entered into those tools, whether a contract draft, a customer email, or a financial figure, leaves your environment under terms you never reviewed.

Access you did not authorize. AI tools frequently request OAuth access to email, calendar, documents, or the directory when a user signs up. Those grants are made with the employee's credentials and appear in your IdP. In most environments, they are never reviewed.

No audit trail. When data moves through a personal AI account, there is no log you can access. If a security incident later involves that tool, you have no record of what was shared, when, or by whom.

what works

Discovery runs through the IdP first. Google Workspace, Okta, and Entra each provide a view of third-party applications with directory access, and filtering it for AI-related apps, with the granted scopes noted, surfaces most of the shadow AI that touches company systems. Endpoint management adds the next layer: a report of installed browser extensions, flagged for AI and checked for the permissions they request, tab reading, text access, storage. DNS-layer filtering or monitoring closes the technical loop by showing which AI domains are reached from the network, which catches browser-based tools that leave no other trace.

Technical discovery still misses the personal account on the personal device, and the fastest route to that part of the picture is asking. A short internal survey of which AI tools people use for work, anonymized so the answers stay honest, works when people trust that the purpose is governing data rather than policing individuals. The comparison comes last: the tools in use, set against any existing approved list. The gap is the shadow AI surface, and it triages naturally by access scope, with broad grants to mail and documents addressed before single-purpose tools that touch nothing sensitive.