The dominant 2026 shadow-AI gap is not unsanctioned vendors but sanctioned vendors that have shipped agentic capabilities inside already-approved tenants without triggering a re-evaluation in the customer's SaaS approval process. The canonical examples are Microsoft 365 Copilot Studio inside approved M365 tenants, Slack AI and Slack agent platform inside approved Slack workspaces, Notion AI agents hub inside approved Notion workspaces, ServiceNow Now Assist inside approved ServiceNow tenants, Atlassian Rovo inside approved Atlassian estates, and Salesforce Agentforce inside approved Salesforce contracts. Existing 2024-era shadow-AI discovery playbooks (oriented to vendor-discovery and DLP egress detection) do not surface this class because the vendor is in-policy and no egress boundary is traversed. The structural fix is procurement-side: a re-evaluation trigger inside the SaaS approval policy that runs the original data-class and risk-assessment workflow against any new agentic capability inside an existing tenant within 30 days of activation.
Claim is scoped to the intra-vendor unapproved-capability class of shadow AI as the dominant 2026 enterprise gap. Does not assert the 2024 unsanctioned-tool problem has disappeared — it remains real, but is no longer the dominant exposure for enterprises that have run the 2024 playbooks. 60-day review cadence calibrated to vendor capability-release cycles and audit calendars. Trigger conditions: (1) any named SaaS vendor publishes a customer-facing re-evaluation API or capability-change notification feed by default — would move toward Partial because the discovery gap is closing structurally; (2) a published 2026 enterprise breach or compliance finding traceable to an intra-vendor unapproved-capability shadow-AI deployment — would either confirm or scope the structural argument; (3) updated DLP product capability covering intra-vendor agentic surfaces from Microsoft Purview, Symantec, Netskope, or Zscaler — would change the technical defensive layer materially and reduce the procurement-side urgency; (4) ISO 27001 surveillance audit findings or SOC 2 deficiency reports in 2026-2027 citing the gap as a control weakness — would empirically anchor the audit-consequence argument.
/holding/AM-168/Embed this claimiframe + oEmbed
The card auto-updates when the claim's status, last-reviewed date, or correction log changes. Embedders never need to refresh — the card is rendered live from the canonical record.
Email-me when AM-168's status, next review date, or correction log changes. One email per change. No newsletter subscription, no other mail.
The claim: The dominant 2026 shadow-AI gap is not unsanctioned vendors but sanctioned vendors that have shipped agentic capabilities inside already-approved tenants without triggering a re-evaluation in the customer's SaaS approval process. The canonical examples are Microsoft 365 Copilot Studio inside approved M365 tenants, Slack AI and Slack agent platform inside approved Slack workspaces, Notion AI agents hub inside approved Notion workspaces, ServiceNow Now Assist inside approved ServiceNow tenants, Atlassian Rovo inside approved Atlassian estates, and Salesforce Agentforce inside approved Salesforce contracts. Existing 2024-era shadow-AI discovery playbooks (oriented to vendor-discovery and DLP egress detection) do not surface this class because the vendor is in-policy and no egress boundary is traversed. The structural fix is procurement-side: a re-evaluation trigger inside the SaaS approval policy that runs the original data-class and risk-assessment workflow against any new agentic capability inside an existing tenant within 30 days of activation.
About this register
The Reporting register tracks claims published from articles addressed to senior enterprise IT leaders — CIOs, IT directors, heads of platform. Claims are reviewed on a 30–90 day cadence; each review either reaffirms the claim, marks one substantive part as Partial, or marks it Not holding once the underlying evidence has been overtaken.
Recent corrections in Reporting
- AM-002 · Not holding · 06 May 2026
URL state changed. The /the-agentic-ai-revolution-real-world-success-stories-and-strategic-insights-from-2024-2025/ slug now serves a deliberately rewritten retrospective (claimId AM-130, "Agentic AI 2024-2025 retrospective", published 04 May 2026) against audited primary sources. The 28 Apr 2026 redirect to /retractions/ has been lifted to allow that. AM-002 the claim remains Not holding — the original $3.50/dollar + 70% failure-rate framing was withdrawn and is not restored. AM-130 is a separate claim with its own evidence chain. Readers arriving at /holding/AM-002 see the withdrawal here; the article link surfaces the new piece at the URL the original lived at, with this entry as the audit trail.
- AM-121 · Holding · 2 May 2026
Klarna walk-back primary-source upgrade — added Siemiatkowski verbatim quotes via Bloomberg-cited-by-Fortune (9 May 2025) and the Uber-style freelance hiring detail via Entrepreneur. Closes the highest-priority evidence gap from the source dossier.
- AM-115 · Holding · 29 Apr 2026
Initial publication 29 Apr 2026 — the first Quarterly Claim Review Bulletin. The claim itself is recursive: it asserts that the bulletin will ship quarterly, and the next review (30 Jul 2026) tests whether the Q3 bulletin actually appeared. Status starts as 'up' because the claim is currently true (the Q2 bulletin shipped). The verdict at end of July 2026 will move to Holding, Partial (bulletin shipped but on a delayed cadence), or Not holding (no bulletin shipped).
Reviews coming up in Reporting
- AM-003 · Holding · next -6d (19 May 2026)
GPT-5 Pro's tiered-subscription model forces enterprises to classify problems by computational difficulty — $200/month…
- AM-136 · Holding · next +10d (4 Jun 2026)
Across the 24-month window May 2024 to April 2026, every major foundation-model provider (Anthropic, OpenAI, Google, AW…
- AM-020 · Holding · next +24d (18 Jun 2026)
The 40-60% TCO underestimate on enterprise agentic-AI deployments is not a cost-visibility failure — it is a cross-depa…