Step 1: Define what counts as shadow AI
Shadow AI is any use of AI tools or services that your security and governance teams have not reviewed or approved. That includes public chatbots staff paste work into, browser extensions that call a model, AI features quietly switched on inside SaaS apps you already pay for, and code assistants connected to your repositories. Write the definition down before you start looking, because the goal is not to ban AI. It is to find where AI is already touching company and customer data without controls, so you can govern it rather than pretend it is not happening.
Step 2: Pull the signals you already have
Start with network and proxy logs. Query outbound traffic to known AI domains and API endpoints to see which model services your users reach and how often. Check your identity provider for single sign-on grants to AI applications. Review SaaS admin consoles for AI features that are enabled. Inspect expense and procurement records for AI subscriptions bought outside IT. Each source is partial, so combine them. Together they turn a vague worry into a concrete list of tools, the teams using them, and roughly how much.
Step 3: Ask the people, not just the logs
Logs miss tools that run on personal devices or accounts. Run a short, blameless survey asking which AI tools staff use and what tasks they use them for. Frame it as helping the organization adopt AI safely, not as an audit that gets people in trouble, or the answers will be useless. Pair the survey with a few interviews in the teams that move fastest. They are usually furthest ahead and will tell you where the real exposure is if they trust the intent.
Step 4: Rank the exposure by data sensitivity
Not all shadow AI carries the same risk. For each tool you found, record what data class it touches: public, internal, confidential, or regulated and personal. A chatbot used to rewrite a public blog post is low risk. The same chatbot handling customer records, source code, or health data is a serious one. Sort the inventory by data sensitivity and volume so you act on the highest-risk usage first, rather than trying to address everything at once.
Step 5: Route discovered usage through a control point
Discovery is only useful if it leads to control. For the high-risk usage, provide a sanctioned path that runs through a runtime gateway: a place where prompts are intercepted, sensitive data is redacted before it reaches any model, access is enforced by role, and every interaction is logged. Give people a governed tool that is genuinely usable, and the incentive to reach for an unsanctioned one drops. Then keep monitoring, because shadow AI is not a one-time cleanup. New tools appear constantly, so make discovery a standing process and bring each new source under the same control layer.
Frequently asked questions
What is shadow AI?
Any use of AI tools or services that has not been reviewed or approved by security and governance, such as public chatbots, AI browser extensions, AI features inside SaaS apps, or code assistants connected to internal systems.
How do you detect shadow AI?
Combine network and proxy logs, identity provider grants, SaaS admin settings, and procurement records to find AI services in use, then confirm and fill gaps with a blameless staff survey and interviews.
How do you stop shadow AI without banning AI?
Provide a sanctioned, genuinely usable path that runs through a runtime control layer where data is redacted, access is enforced, and usage is logged, so people no longer need to reach for unsanctioned tools.