A 6-step playbook IT and security teams can run in an afternoon. No new tooling required for the first 4 steps.
By the time procurement finishes evaluating ChatGPT Enterprise, half your team is already on the free tier. That's not a hypothetical — it's the default state at every company we audit. The question isn't whether you have shadow AI. It's how much, where, and what's being pasted into it.
The single highest-signal source. Pull every OAuth grant from Google Workspace and Microsoft 365 admin consoles. Any third-party app a user has authorized — including AI tools — shows up here with the scopes it requested. Sort by 'recently added' and any app with names like 'ChatGPT,' 'Claude,' 'Perplexity,' 'Notion AI,' or generic-sounding names with read-access scopes is a shadow AI candidate.
In Google Workspace: Admin → Security → API controls → App access control → Manage Third-Party App Access. In Microsoft 365: Entra ID → Enterprise applications → All applications.
Finance has the receipts IT doesn't. Export 12 months of corporate card and expense report data, then filter for known AI vendor names: OpenAI, Anthropic, Google AI, Perplexity, Cursor, Replit, ElevenLabs, Midjourney, Runway, Suno, Synthesia. Each individual subscription is a shadow AI tool that bypassed procurement.
Most spend management platforms (Brex, Ramp, Mercury) can export by merchant. Many AI tools also bill through Stripe — searching transactions for 'stripe.com' surfaces obscure vendors.
Browser extensions are the stealthiest shadow AI vector. Tools like Compose AI, Monica, Merlin, Sider, and ChatGPT for Google inject AI into every page the user visits — and most read page content. If your team uses managed Chrome or Edge, pull the extension inventory from your MDM. Otherwise, an endpoint scan or a quick survey works.
Extensions with broad permissions ('Read and change all your data on websites you visit') are the highest-risk category. Treat any AI-related extension with that scope as a data-egress channel.
If you have a network proxy, NGFW, or DNS-layer security (Cloudflare Gateway, Cisco Umbrella, Zscaler), query traffic to known AI domains: chatgpt.com, claude.ai, gemini.google.com, perplexity.ai, copilot.microsoft.com, cursor.sh. Volume + unique users tells you exactly how much shadow AI usage you have and which teams it's concentrated in.
Even without enterprise tooling, a one-time export from your DHCP logs cross-referenced against public AI domain lists gives a usable snapshot.
After steps 1–4 you'll know what's there; a short, anonymous survey tells you why people are using it. Ask three questions: What AI tool did you use this month? What were you trying to do? Did you paste any work content into it? Anonymous responses surface intent without triggering defensive behavior. The 'why' is what shapes your policy.
Skip the survey if your culture won't tolerate anonymity. The OAuth + finance + DNS data alone is usually enough for a first policy.
A one-time audit goes stale within a quarter. Shadow AI explodes — new tools launch weekly and users adopt them within days. Wire the four signals above into a recurring report: new OAuth grants this week, new AI vendor charges this month, new extension installs, new domain traffic. Anything new gets reviewed within 7 days, not at the next quarterly audit.
SeatMap.AI surfaces new OAuth grants from connected workspaces automatically, including AI-tool grants, with a Green / Yellow / Red verdict per app.
Most consumer AI tools train on user inputs unless explicitly disabled. Pasting a sales pipeline, customer list, or source code into the free tier is a one-way trip into someone else's training corpus.
SOC 2, HIPAA, and GDPR all require knowing where regulated data lives. 'I don't know which AI tools my team uses' fails every modern audit question on third-party data processing.
When IT eventually rolls out an enterprise AI plan, you discover 40% of users already pay $20/mo personally — and keep using their personal account out of habit. You pay twice and lose the governance.
Shadow AI accounts are personal accounts. When the user leaves, their access — and your data they pasted in — leaves with them.
Shadow AI is the use of AI tools — ChatGPT, Claude, Copilot, Gemini, Perplexity, AI browser extensions — inside a company without IT or security approval. It's the AI-era version of shadow IT: employees adopt productivity tools faster than procurement can vet them, often using personal accounts and pasting work data into models that train on user inputs.
Three concrete risks. (1) Data exfiltration — consumer AI tools default to training on user inputs, so pasted content can resurface in other users' outputs. (2) Compliance gaps — SOC 2, HIPAA, and GDPR all require knowing every third-party processor of regulated data. (3) Account drift — when employees leave, their personal AI accounts (and the data they pasted in) leave with them.
Same problem, faster-moving target. Shadow IT typically meant SaaS apps employees signed up for individually — Notion, Trello, Calendly. Discovery cycles were quarterly and a missed app cost you a subscription. Shadow AI moves weekly: new models, new wrappers, new browser extensions. And the cost of a missed AI tool isn't a duplicate subscription — it's training data leakage.
Run the OAuth audit in step 1. It takes under an hour, requires no new tooling, and surfaces 70–80% of shadow AI usage because most AI tools authenticate via Google or Microsoft OAuth to read user content. Finance card data (step 2) catches another 15%. Together they'll give you a defensible inventory by end of day.
Usually no. Blocking drives usage further underground (personal devices, personal accounts) and you lose the signal. Better playbook: surface what's being used, offer a sanctioned alternative (enterprise ChatGPT, Microsoft Copilot, Claude for Work) for the top 2–3 use cases, then block only the long tail that has a sanctioned equivalent.
Yes — every OAuth grant from your connected Google Workspace or Microsoft 365 surfaces in the inventory, including AI tool grants, with the scopes each app requested and which user authorized it. New AI grants trigger the same Green / Yellow / Red verdict as any other app. Combined with finance data you wire in, that's the full picture.
Connect Google Workspace or Microsoft 365 and SeatMap.AI surfaces every OAuth-authorized AI tool — and alerts you when new ones appear.