Shadow AI Discovery: Which Tools Actually Find Unsanctioned AI in Your Organisation

Many organisations have unsanctioned AI tools in active use that existing security tooling cannot see.

CASB platforms catalogue sanctioned SaaS and DLP solutions watch the perimeter. Neither was designed for the reality of staff pasting client data into ChatGPT from a personal device, or developers wiring Claude into a workflow through an unmanaged browser extension. The result is a governance blind spot that bypasses every control your organisation has built.

This matters because discovery is the prerequisite to any Shadow AI governance programme - the reasoning is laid out in full in our shadow AI discovery guide. This post is the practical companion: which tools and techniques actually surface the AI activity your other controls have missed.

Before any policy, training programme or technical control is meaningful, you need an accurate picture of which AI tools are actually being used, by whom and with what data. This article walks through what tools help discover shadow AI in a UK enterprise context, what each approach surfaces and where each falls short.

Why traditional discovery tooling misses AI

Shadow IT discovery is a mature category. CASB vendors have been cataloguing SaaS usage for over a decade and most mid-sized organisations have some form of visibility into sanctioned cloud applications. The problem is that AI tools break the assumptions those platforms were built on.

A CASB sees traffic to a known set of cloud services. Generative AI usage frequently flows through browser sessions to general-purpose domains, through API calls embedded in other applications, or through extensions and plugins that never appear in a SaaS inventory.

DLP rules built around regulated data patterns will catch a card number being pasted into a chat window, but they might not flag the strategic document, draft contract or patient note that an employee uses to prompt a model. Endpoint agents typically see processes, not prompts.

In our experience, existing tooling typically surfaces only a portion of the AI usage present in the environment. The remainder operates beneath the visibility floor.

What a shadow AI discovery engine actually does

A shadow AI discovery engine is a system, or combination of systems, that surfaces unsanctioned AI tool usage across an organisation by correlating signals from multiple data sources. The defining characteristic is breadth: no single telemetry stream captures the full picture, so an effective discovery engine pulls from several at once and reconciles the findings into a single view.

The categories of signal that matter are network traffic analysis, browser telemetry, SaaS and identity provider integrations, endpoint observation, and direct employee reporting. Each surfaces a different slice of usage, and each has known blind spots.

Understanding what each tool contributes is a necessary foundation for designing a discovery approach that fits your environment.

Network traffic analysis

Network-based discovery tools inspect outbound traffic for connections to known AI service endpoints. For instance, secure web gateways, next-generation firewalls and dedicated AI traffic analysis platforms can identify connections to frontier models such as OpenAI, Anthropic, Google Gemini and Mistral, as well as the growing list of consumer and enterprise AI services. Several vendors maintain curated catalogues of AI service domains and update them as new tools emerge.

However, the strength of network analysis is the coverage of managed devices on the corporate network. The limitation is that it sees domains and volumes, not content. It may tell you that 40 staff connected to claude.ai last week, but it will not tell you what they sent.

It also misses traffic from personal devices, home networks and any usage routed through VPNs that bypass corporate inspection.

Browser telemetry and extensions

In our observation, browser-based discovery is among the fastest-growing categories for a reason: most generative AI usage happens in a browser tab. Enterprise browser platforms and managed extensions can capture the actual interactions, surfacing not just which AI tools are used but which prompts contain sensitive content and which outputs are being copied back into corporate systems.

This is the only category that gives meaningful visibility into prompt content without invasive endpoint instrumentation. The trade-off is deployment friction: rolling out a managed browser or extension touches every employee, requires change management and only covers the browsers you control. AI usage in unmanaged browsers, mobile apps and embedded application contexts remains invisible.

SaaS and identity provider integrations

Many AI tools are reached through SSO authentication, and many previously-sanctioned SaaS platforms now embed AI features (what we term ‘Stealth AI’). Pulling logs from Okta, Azure AD, Google Workspace and individual SaaS admin consoles may surface both directly authenticated AI services and AI features being activated inside tools the organisation already owns.

This approach is particularly effective at catching the second category, which is often the larger risk. An organisation may have a clear position on ChatGPT while quietly accumulating AI features inside Microsoft 365, Notion, Slack, Salesforce and a dozen other platforms, each with its own data handling considerations. Identity and SaaS log review surfaces these systematically. Organisations should seek their own legal advice on the data processing obligations that follow.

Endpoint observation

Endpoint detection and response platforms can identify locally installed AI applications, browser extensions, command-line tools and developer integrations such as GitHub Copilot or Cursor. For organisations with a significant developer population, endpoint observation is often the most productive single source for AI tooling that never appears in network or SaaS logs.

The limitation is the usual one for endpoint approaches: coverage depends on agent deployment, and unmanaged (e.g. Linux workstations) or personal devices remain dark.

Employee-reported usage

The category most often overlooked is the simplest: ask. Structured surveys, amnesty programmes and team-level conversations consistently surface AI tools that no technical control can see. Employees using AI on personal devices, through mobile apps, or as part of informal workflows will frequently disclose this usage when the conversation is framed around enablement rather than enforcement.

In our experience, the gap between what technical discovery surfaces and what employees report when asked directly can be meaningful. Both are necessary; neither alone is sufficient.

How discovery feeds a governance programme

A discovery exercise produces a register: tools in use, user populations, data categories being processed and a preliminary risk rating. That register becomes the input for the governance work that follows, which is classification, policy decisions, technical controls and remediation. Without it, every subsequent activity is speculative.

The practical sequence we use with clients is short. Run a discovery sprint combining at least three of the signal categories above. Reconcile the findings into a single register. Triage by data sensitivity and user volume. Then make defensible policy decisions on each tool.

For organisations that have already deployed AI without a formal review, the retroactive AI tool security review is the structured follow-on. This is the foundation of an AI security gap analysis, and it is the work that produces measurable risk reduction.

Key questions clients ask us about Shadow AI discovery

What tools can discover Shadow AI being used in an organisation?

No single product can surface all Shadow AI usage. The practical approach combines network traffic analysis, browser telemetry, SaaS and identity provider log review, endpoint observation and direct employee reporting. Each category catches usage the others miss, and a credible discovery exercise uses at least three in combination.

How do you detect unsanctioned AI tools on a corporate network?

Network-level detection is achieved through secure web gateways, next-generation firewalls or dedicated AI traffic analysis platforms that identify connections to known AI service domains. This works well for managed devices on the corporate network but misses personal devices, home networks and content-level visibility into what data is being shared.

What is a Shadow AI discovery engine and how does it work?

A shadow AI discovery engine correlates signals from multiple telemetry sources (network traffic, browser activity, SaaS logs, identity provider data and endpoint observation) to produce a unified register of AI tools in use across an organisation. The defining feature is multi-source correlation, because no single data stream captures the full picture.

How can a CISO find out which AI tools employees are using without approval?

The fastest route is a structured discovery sprint combining technical telemetry with employee-reported usage. Technical sources surface tools running through corporate infrastructure; employee surveys and AI Amnesty programmes surface usage on personal devices and mobile apps. Running both in parallel typically produces a more complete picture than either alone.

How long does a Shadow AI discovery exercise take?

Depending on scope, a focused discovery sprint for a mid-sized organisation often runs in the region of four to six weeks from scoping to register delivery. The work is bounded by data source onboarding rather than analysis time, so organisations with existing CASB, SIEM and EDR deployments tend to move faster than those starting from a less instrumented baseline. Actual timelines vary with environment complexity and tooling readiness.

Make discovery the first step

If you do not yet have an accurate register of AI tools in use across your organisation, every policy and control built on top is operating on incomplete information. We run Shadow AI discovery as a defined engagement, scoped to your environment and existing tooling, with a register and prioritised remediation plan as the output.

Schedule a 30-minute shadow AI discovery scoping call to discuss what a discovery sprint would look like for your organisation.

This article is general information on AI security and governance practices and does not constitute legal, regulatory or compliance advice. Organisations should consult their own advisers on specific obligations.