Shadow AI: Detection and Action
In many companies, Shadow AI has long since become a reality. Studies show that a large proportion of employees use unauthorized AI tools and input sensitive data. This article offers a step-by-step guide to making Shadow AI visible and managing it without hindering innovation.
Fundamentals of Shadow AI
Shadow AI refers to the use of AI systems within a company that takes place outside official IT and governance structures. Swisscom describes this as the use of unapproved or private AI tools with company data that are neither controlled nor documented ( swisscom.ch). ). This leads to “blind spots” in security, data protection, and compliance, as it is unclear which data flows where and which models influence decisions ( swisscom.ch).
The Cloud Security Alliance summarizes the main problems: uncontrolled data leaks, increased compliance risks, and automated workflows that bypass established controls ( cloudsecurityalliance.org). ). Examples include employees using private chatbots to formulate emails, teams integrating open-source models without consultation, or browser plugins with AI functions that extract content from emails or CRM data.
Source: YouTube
Step 1: Define the scope and playing field
Before Shadow AI can be detected, it must be clearly defined what constitutes Shadow AI in your context. Three guiding questions help with this:
- Which AI usage is officially allowed? Are there approved tools, such as an internal chatbot or sanctioned GenAI tools, that fall under IT governance ( swisscom.ch)?
- Which data is considered particularly worthy of protection? This includes health data, customer data, financial data, production secrets, or personal employee data. AI processing must follow the same data protection rules, especially the GDPR for personal data ( ambersearch.de).
- What is the goal in the first step? Is it about identifying AI usage, recognizing critical data flows, or minimizing the greatest risks?
A written definition, such as “Shadow AI is any use of AI tools, models, or AI functions with corporate data that has not been explicitly approved by IT, information security, and data protection,” establishes a clear line for all subsequent steps.
Detection Methods

Source: walkme.com
Shadow AI poses significant risks to companies, including misinformation and the exposure of sensitive data.
Step 2: Ask employees openly instead of just controlling them
Employees often use AI out of a desire for higher productivity. IBM shows that they see AI as a help but switch to private tools due to a lack of official offerings ( ibm.com). ). Transparency is more effective than surveillance. A short, honest survey can provide insights:
- “Which AI tools are you currently using for your work?”
- “What kind of data do you typically enter there?”
- “Which of these tools would you like to use officially?”
- “Where are you concerned about data protection or security?”
Workshops with key areas (e.g., Sales, HR, Development) can reveal specific use cases. It is important to emphasize that this is not about control, but about jointly finding secure solutions. Employees sometimes use Shadow AI with the silent approval of their superiors because official alternatives are missing ( techradar.com). ). The result is an initial map of reality and the identification of valuable shadow solutions.
Step 3: Analyze network and browser trails
Objective measurements through network access and browser usage are crucial. In smaller environments, proxy or firewall logs can be used; in larger ones, Secure Web Gateways or Cloud Access Security Brokers. The goal is to find out which AI-related services are accessed from the network and by whom.
Typical indicators are:
- Domains of known chatbots and AI platforms.
- Heavy use of AI functions in collaboration tools.
- Conspicuous access from sensitive areas (HR, Finance) to external AI tools.
A report by Cyera shows that generative AI tools like ChatGPT are a major cause of data leaks, as employees copy and paste sensitive content into personal accounts ( tomsguide.com). ). Classical DLP tools often do not recognize this. The goal is to recognize patterns: Which AI services appear regularly, which were not mentioned in surveys, and which areas are particularly noticeable?
Step 4: Check SaaS and identity integrations
Shadow AI is also hidden in linked apps and plugins. Important checks include:
- Microsoft 365 / Google Workspace: Check in the admin consoles which third-party apps have access to mailboxes, Drive/OneDrive, or calendars. Many AI helpers register with rights like “read emails” without Security or Data Protection having approved ( cloudsecurityalliance.org).
- Central SaaS applications (CRM, ticketing system): Check marketplaces and plugins for AI add-ons that analyze content or export data. Swisscom points out that easily installable GenAI integrations often touch critical data and create risks ( swisscom.ch).
- Permissions and data access: Create a list of which AI plugin has access to which data types and where highly sensitive data overlaps with external, unchecked tools.
This is where the "quiet" shadows become visible: AI functions quietly integrated into systems but with deep-reaching access.
Step 5: Check development, pipelines, and models
In software development, Shadow AI is often present in the code ecosystem. Practical approaches are:
- Search repositories: Look for typical AI libraries, API clients, or model files. Unverified models and libraries in CI/CD pipelines can pose security risks ( cloudsecurityalliance.org).
- Analyze CI/CD pipelines: Check build and deployment scripts for automatic loading of models, importing of external training data, or AI-based scans without documentation.
- Secrets and API Keys: Use secret scanners to track API keys of AI providers in the code. A significant part of Shadow AI usage occurs via “self-built” API calls to external services ( ibm.com).
This step uncovers technical shadow projects: internal models, scripts, or automations that run productively but have never gone through a governance process.
Strategies and Management

Source: demeterict.com
Dealing with Shadow AI requires a shared understanding of the risks and the development of appropriate solution strategies within the company.
Step 6: Layer data classification on top
Detection alone is not enough; risk assessment is crucial. A pragmatic way is to define simple data classes:
- Public
- Internal
- Confidential
- Highly Sensitive (e.g., patient data, financial data)
Subsequently, the found AI uses are classified: Which Shadow AI cases only concern internal, non-personal data? Where are customer, patient, or employee data given to external, unregulated services? Swisscom emphasizes that Shadow AI becomes dangerous when sensitive data ends up in tools that are neither contractually secured nor technically controlled ( swisscom.ch). ). Cyera warns that generative AI surpasses classical channels as the main source of data leaks, as employees copy confidential content into AI chats ( tomsguide.com). ). The combination of “highly sensitive data” and “uncontrolled external AI” is the first priority area for measures.
Step 7: Create a safe space for AI experiments and reporting channels
Bans alone do not eliminate Shadow AI; they encourage circumvention strategies. Many executives report that employees switch to private tools when official alternatives are missing ( upwork.com). ). Therefore, it is important:
- Clear message: “If you use AI for your work or start an internal AI experiment, we want to know – so we can make it safe together.”
- Low-threshold reporting channel: A form or a dedicated channel (e.g., Teams/Slack channel) through which employees can report new tools or use cases without fear of consequences.
- Positive selection: If a shadow project brings added value, it should be checked how it can be converted into an official, secure form, e.g., through a contractually regulated service or an internal counterpart ( ibm.com).
). This turns Shadow AI from a risk into an idea radar for sensible, official AI uses.
Source: YouTube
Step 8: Set up continuous monitoring and clear rules
Shadow AI is a continuous process that requires technical visibility and clear guardrails. Building blocks for this are:
- Regular technical checks: Every few months, evaluate network and proxy logs, check SaaS integrations, scan repositories. The Cloud Security Alliance recommends continuous, context-specific monitoring ( cloudsecurityalliance.org).
- An “AI Acceptable Use Policy”: A clear, understandable policy that specifies which AI tools are allowed, which data must never be entered, and which roles/departments require special approvals. This helps balance innovation and risk ( ibm.com).
- Think together about governance and data protection: Data protection guidelines for generative AI emphasize data minimization, purpose limitation, transparency, and a robust legal basis for processing ( ambersearch.de). ). Linking Shadow AI insights with these principles creates a resilient framework.
This shifts the balance from random shadow decisions to visible, controllable AI usage.
Conclusion and Outlook

Source: user-added
AI-generated shadows can be subtle and remain unnoticed at first glance – similar to Shadow AI in business processes.
Detecting Shadow AI in companies does not mean opening a witch hunt for employees. It means honestly analyzing where AI is already in use, what data is being moved, and which risks are critical. The figures show that unauthorized AI usage is the rule rather than the exception today, with all its opportunities and dangers ( cybernews.com) ibm.com).
By implementing the steps in this guide - definition, open questioning, technical visibility, data classification, creating a safe space, and continuous governance - companies can make Shadow AI visible, systematically evaluate it, and convert shadow projects into official, secure AI solutions. The real opportunity lies in collaborating with the people who are already creatively using AI, rather than acting against them.