Enterprise shadow AI in 2026 is structurally different from enterprise shadow AI in 2024. The 2024 framing assumed unsanctioned tool adoption — workers pasting confidential data into consumer ChatGPT or installing browser extensions outside IT review. The 2026 reality is that the larger blast radius is agentic capability silently activating inside already-approved tools, often through configuration changes (Custom GPT actions, Copilot custom agents, MCP server connections from approved IDEs) that the original procurement approval did not anticipate. Discovery has to look at capability state, not vendor identity. Most enterprise shadow-AI inventories built against the 2024 framing miss 50 to 80% of the actual exposure surface.

Claim is scoped to enterprise environments, where the configuration-shift pattern is dominant. Smaller organisations and individual-contributor environments still see substantial unsanctioned-tool shadow AI of the 2024 shape. 60-day review cadence. Watches: (1) major vendors that lock down Custom GPT / Copilot custom agent / MCP configuration behind enterprise-admin approval (currently most do not), (2) regulatory enforcement actions where the in-scope deployment was a configuration shift on an approved tool rather than a new tool, (3) enterprise-IAM platforms that ship native non-human-identity discovery for AI agents.