Skip to content
Topic pillar · 3 tracked pieces

Topic · Shadow AI discovery

Detecting unauthorised agentic-AI deployments inside the enterprise — telemetry patterns, inventory methods, policy response.

Detection patterns for the agents your governance team doesn't know exist yet.

Every enterprise we audit has more agents in production than its governance team has on the inventory. The gap isn't a process failure — it's that the discovery primitives haven't kept up with the deployment primitives. Microsoft Copilot Custom Agents, OpenAI custom GPTs, Anthropic Claude for Business, ServiceNow Now Assist agents, dozens of in-house workflows wired through n8n / Zapier / Make: each ships an agent without the governance team being asked.

This pillar exists because shadow AI is now the dominant flavour of shadow IT. The detection problem is concrete: most agents don't show up as traffic to a model endpoint (they go through the cloud provider's gateway), don't show up as a new SaaS subscription (they're add-ons to existing ones), and don't show up in CASB inventories built for SaaS-app discovery.

What this pillar will publish: telemetry patterns for shadow-AI discovery in production tenants — Splunk, Datadog, and Elastic queries that catch unauthorised agent execution by behaviour, not by named endpoint. Microsoft 365, Google Workspace, and Salesforce shadow-agent inventories — what the admin console can and can't tell you, what the audit log actually contains, what's missing.

Quarterly shadow-AI inventory templates for governance teams — a 4-step reproducible process that scales without buying a new tool. Policy responses for when discovery surfaces an unauthorised agent — the difference between "shut it down" and "track and govern" decisions. Vendor-side shadow-AI — what agents your existing SaaS vendors are now running on your data without renegotiating the DPA.

Pillar is currently thin (2 published spokes); expect rapid growth as detection tooling matures over the next 6 months.

Pillar last refreshed 2026-05-01

What survives review

What has broken

Nothing has moved to Partial or been retired in this topic yet.

Spoke articles

  • Approved tool, unapproved capability: the 2026 shadow-AI gap your discovery playbook does not see

    The 2024 shadow-AI playbook assumed unsanctioned tools. The 2026 reality is sanctioned tools shipping agentic capabilities that the procurement team did not authorise. Microsoft 365 Copilot Studio inside an already-approved M365 tenant, Slack AI inside an already-approved Slack workspace, Notion AI agents inside an already-approved Notion workspace, ServiceNow Now Assist inside an already-approved ITSM contract: every one of these is an intra-vendor expansion that the enterprise's SaaS approval process did not trigger a re-evaluation on. Discovery has to move from 'which vendors' to 'which capabilities inside the approved vendors'.

  • The Samsung lesson for shadow AI: detection lag is structural, not procedural

    Samsung Electronics restricted ChatGPT and other generative AI on company devices in May 2023, after three separate internal incidents in April where employees pasted confidential source code, meeting transcripts, and yield-test code into the public ChatGPT interface. The detail in the public reporting is the load-bearing point. Samsung found the leaks after the fact, by audit, not by detection at the moment the paste happened. The detection lag was not a Samsung-specific operational failure. It was the predictable output of running enterprise data-loss prevention against a category of egress channel the controls were not built for. Three years on, most enterprise shadow-AI programmes still have the same gap.

  • The shadow-AI discovery playbook: finding the agents your org already has

    The 2024 framing of shadow AI assumed unsanctioned tool adoption. The 2026 reality is agentic capability silently activating inside already-approved tools. A 12-question discovery playbook for enterprise IT, oriented to capability state rather than vendor identity, with the EU AI Act August 2026 deadline as the forcing function.

What we're watching next

  • CASB / SSPM vendors shipping agent-discovery primitives distinct from SaaS-app discovery.Existing CASB tools (Netskope, Microsoft Defender for Cloud Apps, Palo Alto Prisma) detect SaaS-app sprawl but largely miss embedded agents inside approved apps. The first vendor to ship agent-specific telemetry and behavioural detection (rather than retrofit SaaS detection) creates the procurement pattern.
  • Microsoft 365 + Google Workspace shipping admin-console inventories of custom agents.Both vendors host agent-creation surfaces (Copilot Studio custom agents, Workspace Add-on agents) but the admin-console visibility into who-built-what-when is incomplete in 2026. When this lands, shadow-AI inventory shifts from quarterly process to dashboard query.
  • Major incident attributable to a shadow agent in a Fortune 500 / FTSE 100 enterprise.The pillar argues shadow AI is now the dominant flavour of shadow IT. A canonical incident — comparable to the early shadow-IT-driven data exfiltrations of 2014-2017 — would calibrate the urgency and force the policy-response side of this pillar from speculative to concrete.
  • Standards-body agent-inventory templates from CISA, NIST, or ENISA.Most current shadow-AI inventory templates are home-grown. A standards-body publication would consolidate what counts as a complete inventory, what fields it requires, and what audit cadence it enforces. The pillar's 4-step process would either align or need to declare its differences.

Primary sources we trust for this topic

A curated list of primary research, regulator guidance, and vendor documentation for shadow ai discovery. Populated on the quarterly refresh — not a link dump, not competitors.

This pillar page is refreshed quarterly. Last refresh: 19 Apr 2026. Next refresh: 18 Jul 2026.

Vigil · 44 reviewed