With AI making it’s way into virtually every SaaS application, shadow AI discovery extends far beyond chat prompts and purpose-built AI tools.
Shadow AI discovery is the process of identifying every AI tool your workforce uses, sanctioned or not. That includes purpose-built apps like ChatGPT and Perplexity, OAuth and API integrations that grant AI tools access to business data, MCP server connections, AI features embedded in your existing SaaS stack, and AI present in your vendors' supply chains. Nudge Security has discovered more than 1,000 new AI tools entering the market in the past two years, which is why static tool lists fall short. With AI making its way into virtually every SaaS application, the surface area for shadow AI discovery is far larger than most teams expect.
‍
The generative AI landscape is changing fast. In just the last year, Nudge Security has discovered over 1,000 unique new AI tools hitting the market, not to mention the MCPs and AI capabilities being added to virtually every other SaaS tool used by your workforce. Given how pervasive AI has become, it's critical to think about the full SaaS ecosystem when evaluating solutions to help you discover workforce AI use and mitigate risks.
‍
With a growing AI security market and a maze of vendor claims, how do you separate real AI visibility and control from empty promises? Let's break down the most common AI discovery methods so you can find the right fit for your organization.
‍
Shadow AI discovery is the process of identifying and cataloging all AI apps, accounts, integrations, user activities, and other dependencies that could expose your corporate data to third-party AI providers and beyond. An AI asset inventory includes AI apps that are procured and sanctioned by IT as well as shadow AI, the long tail of apps and embedded AI features that your employees experiment with and adopt without going through a formal approval process. Effective shadow AI detection requires looking beyond a static list of known tools to surface apps that IT never approved and may never have heard of.
‍
Like the asset discovery systems built for enterprise networks, shadow AI discovery creates a comprehensive system of record. Instead of servers and workstations, your inventory captures AI apps, user accounts, authentication data, app-to-app integrations, MCP connections, and supply chain dependencies.
‍
Effective shadow AI discovery can help you answer questions like:
Step one of defining your shadow AI discovery approach is to define the scope of what you need to discover. A common mistake is to focus only on discovering AI prompt activity in chatbots like ChatGPT, which is merely the tip of the iceberg given that AI is now making its way into virtually every other SaaS tool used by your workforce. This guide aims to provide a more comprehensive view of how AI tools and providers could gain access to your corporate data, so you can prioritize your efforts accordingly.
‍
Note: In the interest of staying focused, this guide covers workforce AI use specifically: the AI tools and embedded AI that can gain access to your sensitive data based on how your employees use them. AI model security and agentic AI security are related topics that warrant their own deep dives.
‍
When it comes to workforce AI use, here are the essential categories of AI assets to consider for your discovery efforts:
‍
These are apps like ChatGPT, Perplexity, Claude, and others that offer a user interface for your workforce to interact with an LLM: answering questions, analyzing data, getting writing help, conducting research, generating images, and more.
‍
Ideally, you want to discover all user accounts for all apps in this category. That's no small feat given that the number of purpose-built AI tools is growing exponentially.
Tip: Look for solutions that can pattern-match to recognize AI tools regardless of whether you've heard of them. Any static or vendor-managed list of AI tools will quickly become outdated.
‍
Many workforce AI tools offer easy connections to other platforms via OAuth grants or native marketplace apps. The ease of approving an OAuth grant or API key can lead users to hand over more access than they realize. A well-meaning employee can inadvertently give an AI tool access to their entire corporate Google Drive, calendar, or email without understanding the implications.
‍
A recent example: AI notetaker apps that prompt users to grant access to calendars and contacts, while defaulting to "join every meeting." Suddenly, unapproved AI notetakers are showing up in meetings where sensitive topics are discussed, or where attendees haven't consented to being recorded.
Tip: Look for solutions that give you a detailed inventory of app-to-app integrations through OAuth grants, APIs, and other methods, including details on scopes and potential risks, ideally with the ability to directly revoke risky access.
‍
AnthropicĘĽs release of the open-source model context protocol (MCP) has fundamentally changed how corporate data is accessed by AI tools. Major SaaS providers like GitHub, Atlassian, Zapier, and HubSpot have followed suit, announcing their own MCP servers and native AI integrations through their own marketplaces.
‍
Instead of relying on one-off prompts and individual file uploads, MCP servers radically expand data access by allowing LLMs to directly query SaaS apps through backend APIs. While this expanded data set improves the quality and value of AI outputs, it introduces significant new data security risks.
‍
MCP and other direct connections occur app to app, directly from the backend of providers like OpenAI to data stores like Salesforce that have been integrated through OAuth grants or APIs. They typically grant the AI tool the same data permissions as the user who created the connection, which can result in far broader data access than the user intended, or than your data security policies allow.
‍
In addition to the OAuth inventory mentioned above, discovering and governing API connections to AI tools is critical in this new MCP-powered phase of AI use.
Tip: SaaS Security Posture Management (SSPM) tools can help here, as they typically inventory the integrations enabled within apps you've connected to the SSPM, so you don't have to manually review each app-to-app integration.
‍
SaaS vendors are racing to add AI-enabled features directly within their products. Enabling these features can expose your data to the underlying LLM without employees realizing it, and without IT ever approving an "AI tool" at all. Your discovery strategy needs to account for AI that arrives inside software you've already sanctioned.
Tip: Look for solutions that surface and summarize vendor data training policies, including whether your data is used for model training, opt-out options, and retention periods, so you're not manually reviewing legal documentation for every SaaS tool in your stack.
‍
Your SaaS vendors may themselves use third-party AI providers for customer support, analytics, or internal tooling. If your data passes through those interactions, it can become accessible to an LLM you never evaluated. This isn't theoretical: support cases, shared tokens, or API keys can all end up in an AI pipeline your vendor never disclosed.
Tip: Ask vendors directly: "Do you process customer data through a third-party AI provider? What controls are in place? What options do we have to limit that exposure?"
‍
Beyond app discovery, you may want visibility into what data employees are actively sharing with AI tools: API keys, credit card numbers, confidential documents. Detecting this requires a browser- or network-based control that can recognize sensitive data in prompts or file uploads and alert, notify, or intercept before it reaches the LLM.
Tip: Network-based controls only work if employees operate within a walled network. For distributed or remote teams, browser-based controls tend to be more reliable.
‍
In most cases, yes, but there are some aspects of AI discovery you can start with using tools you probably already own. Here's how you can detect AI activity manually:
‍
If someone is paying for an AI tool, it will likely show up in your expense tracking systems at some point. This data will surface paid tools, but it will obviously miss free trials or free-tier usage. It might show you who the billing contact is, but you'll still have a lot of digging to do to identify all users of those paid tools.
‍
Some teams set up rules within their network monitoring tools to look for signs of AI usage based on a specific list of known AI domains, or heuristics like domains ending in ".ai." This can provide better granularity on which users are accessing an AI tool and how often, but the downside is you'll need to either know what AI tools to look for, or be prepared to manually separate actual AI tools from false positives. And if your workforce is largely remote, this method provides even more limited value.
‍
If your employees commonly use "sign up with Google" or "sign up with Microsoft" when creating accounts for new apps, you can see these by reviewing the OAuth grants established via your IdP. This is helpful, but only works if the user signed up with their work email and chose that option rather than a username and password.
‍
This method will also show you where users may have connected AI apps to the suite of tools within the IdP, such as their calendar, email, contacts, or file shares.
‍
As with the network log problem, you'll still need a system for determining which tools are AI tools. And OAuth grant reviews can be time-consuming and tedious without some automated method to help you find grants for AI tools, understand the scopes granted, and assess the legitimacy of each grant.
‍
Your SSO platform can only show you accounts and activity for the AI apps that have actually been onboarded into SSO, but this is useful if you're trying to understand which AI tools are used most and by which users, and to track the progress of AI adoption efforts. When it comes to uncovering unsanctioned AI use, though, this method won't take you far.
‍
The DIY summary: The obvious benefit of using the methods above is avoiding the cost of adding another tool to your tech stack, but the data you can gather is limited, likely to become quickly outdated, and will require significant manual effort. Unless you operate in an environment with very strict controls over incoming and outgoing connections, you should consider a more complete and maintainable solution.
‍
Given the challenges outlined above, it's no surprise that the marketplace of security solutions is evolving rapidly to address the risks posed by workforce AI use. With a growing number of vendors and competing claims, it's important to understand the types of tools emerging to help with this challenge and the nuances of what they can and can't do.
‍
At a high level, there are two categories of tools to consider:
Let's start with SaaS security solutions, as there are meaningful differences in how these tools actually discover AI use. SaaS security solutions rely on one or more of the following methods:
Here's what you need to know about how each shadow AI detection method works.
‍
These approaches rely on capturing user traffic, either via desktop agents installed on individual devices or network-level monitoring through firewalls, VPNs, or cloud access security brokers (CASBs). Similar to the network log monitoring option in the DIY section, this method detects and logs access to domains, providing visibility into what apps employees are using based on their web traffic.
‍
Network-based monitoring and CASB solutions can theoretically provide broad visibility into AI tool usage, but in practice they face significant challenges in modern work environments. These methods struggle with decentralized workforces, BYOD policies, and the technical limitations of detecting modern AI applications with dynamic domains and encrypted traffic. While they may have their place in specific environments with tight network controls, for organizations with remote workers, they're often not the right fit.
‍
How it works: Traffic inspection via network-level monitoring or desktop agents that flags traffic to the domains of known AI providers. Forward-looking only.
Pros: Monitors cloud service access; applies security policies.
Cons: Limited to corporate networks; challenging for remote work; resource-intensive; requires endpoint agents; no historical discovery.
Questions to ask vendors:
‍
Browser-based discovery monitors app usage directly through a lightweight browser extension deployed to corporate devices. Extensions installed in corporate browsers can detect AI web visits, account signups, login activity, authentication methods, password strength, app usage patterns, file sharing, prompt content, and other behavioral and risk insights.
‍
While browser extensions can offer meaningful visibility into AI activity after installation, their window into historical AI activity is limited to browser history data, a low-fidelity source for shadow AI discovery. Additionally, some browser extensions identify AI activity based on domain visits rather than actual login data, offering very limited security-relevant information, while others only support a specific set of AI domains, limiting their utility for AI discovery and other use cases.
‍
How it works: Monitors browser activity happening between users and the domains of AI tools.
Pros: Detailed user activity data; real-time interventions; usage pattern insights.
Cons: Misses mobile and personal device usage; limited historical data; depends on installation; may have limited domain support.
Questions to ask vendors:
This approach analyzes corporate email communications from SaaS and AI providers for evidence of AI activities: welcome emails, password resets, billing notifications, MFA prompts, and security alerts. This discovery method works via read-only API connections to your IdP provider (like Google Workspace or Microsoft 365) to scan for emails related to AI app usage, identifying both the sanctioned and unsanctioned tools users have signed up for. Advanced algorithms pattern-match to recognize AI tools versus other types of SaaS apps.
‍
The clear advantage of email-based shadow AI discovery is the ability to discover AI apps without needing to tell the discovery engine what to look for. Even better, this method can uncover past AI use based on the email history of your users. So instead of having to wait for new activity to occur before you can take action, solutions using this discovery method can provide a full inventory of AI apps and accounts within minutes to hours of enabling the email integration.
‍
The biggest limitation? Email discovery can't detect AI activity tied to personal email accounts. If someone uses their Gmail or iCloud address to sign up for a tool, or doesn't sign up at all, that won't appear in a corporate inbox and won't be detected unless paired with another method like a browser extension.
‍
Even so, email-based discovery is one of the fastest and most practical ways to uncover the long tail of shadow AI across your organization.
‍
How it works: Connects to your email provider and analyzes historical and ongoing email activity for signs of AI use, capturing rich context related to that activity.
Pros: Broad discovery coverage; finds unknown applications; historical insight; detects various account types, including username/password.
Cons: Limited visibility into personal accounts; actual capabilities vary by vendor.
Questions to ask vendors:
SaaS Security Posture Management (SSPM) solutions typically work via direct API connections with specific SaaS apps and can provide detailed visibility into app-to-app integrations and app configurations. For example, if you connect Salesforce to your SSPM provider, you could potentially see all app-to-app connections (via OAuth or API) that have been granted between Salesforce and any other SaaS tool, including AI tools.
‍
However, these tools don't offer true shadow AI discovery, because you have to establish integrations between the SSPM tool and the apps you want to monitor. While this method can't discover "shadow" AI use, it is helpful for gaining visibility into integrations between your critical SaaS apps and AI tools so you can audit and revoke data sharing entitlements.
‍
How it works: API connection between the SSPM solution and supported SaaS apps within your environment.
Pros: Visibility into API and OAuth connections between AI tools and critical apps; enables review of data sharing entitlements for AI tools; continuous security monitoring for misconfigurations and risks.
Cons: Limited to known apps; API availability varies by SaaS provider; higher effort to deploy relative to other options; finite app coverage.
Questions to ask vendors:
No single approach for shadow AI discovery can give you the full picture of AI use, which is why most SaaS security solution providers offer a layered approach comprising more than one discovery method.
‍
Nudge Security, for example, combines email discovery, a browser extension, API connections, and SSO integration to address most shadow AI discovery needs:
Together, these complementary methods provide both breadth (discovering the full landscape of AI usage) and depth (understanding specific usage patterns and data flows), giving security teams what they need to implement appropriate controls while supporting legitimate business needs for AI adoption.
‍
A growing category of AI security point solutions has emerged specifically for governing workforce AI use. Most rely on browser extensions or endpoint agents to monitor AI tool interactions, giving deep prompt-level visibility into a specific set of known AI apps. Some add governance options like sensitive data masking before prompts reach the LLM.
‍
The key limitation: these tools are scoped to AI tools specifically, not the broader SaaS estate. The line between "AI tool" and "SaaS tool" is dissolving fast, and the risks introduced by OAuth grants, MCP connections, and embedded AI features extend well beyond what browser-based monitoring can see. For organizations that need a complete picture, AI point solutions work best as a complement to a broader SaaS security platform, not a replacement for one.
‍
There's no magic bullet when it comes to finding all the AI tools and integrations floating around your organization. Each discovery approach has its strengths and blind spots. Understanding what works best will help you pick the right solution, or mix of solutions, to stay on top of your AI landscape.
‍
*This is the method typically used by AI-specific point solutions.
‍
Shadow AI discovery isn't a one-time exercise. It requires continuous monitoring as new tools emerge and AI capabilities get embedded into the products you already use. Nudge Security takes a comprehensive approach to shadow AI discovery that overcomes the limitations of traditional methods. Our patented technology combines multiple discovery methods, with email-based discovery at its core, to provide unmatched visibility into AI and SaaS use. Here's what sets this approach apart:
Most importantly, Nudge Security's discovery capabilities serve as the foundation for a complete SaaS and AI security solution that helps organizations manage their entire SaaS attack surface, from discovery through governance, with automated guardrails that guide your workforce to use SaaS and AI in safe, compliant ways.
"Having Nudge has significantly brought peace of mind because I don't have to go looking for a needle in a haystack anymore. This has been my dream that I've been looking for for a long time, for years." —Leo C., IT team member at GLAAD
‍
Shadow AI discovery is the process of identifying every AI tool an organization's workforce uses, including apps adopted without IT approval. It goes beyond chatbots and purpose-built AI apps to cover OAuth integrations, MCP server connections, AI features embedded in existing SaaS tools, and AI in vendor supply chains. Effective shadow AI discovery requires a layered approach because no single detection method provides complete visibility.
‍
Shadow IT refers to any technology an employee uses without IT approval, from apps to devices to cloud services. Shadow AI is a subset of shadow IT that specifically covers AI tools, AI-enabled features in SaaS products, and AI integrations that could expose corporate data to third-party language models. Shadow AI introduces unique risks that traditional shadow IT discovery methods weren't designed to detect, particularly around data exposure through OAuth grants, API connections, and MCP servers.
‍
The four primary shadow AI detection methods are: email-based discovery (analyzes corporate email for signs of AI app signups and activity), browser-based discovery (monitors AI tool use through browser extensions), network-based monitoring (inspects traffic to known AI domains via CASB or network tools), and API connections with SaaS apps (used by SSPM solutions to audit app-to-app integrations). Each has meaningful blind spots, which is why most comprehensive solutions combine multiple methods.
‍
Employees adopt AI tools quickly, often using personal email addresses or free tiers that don't appear in financial systems, and AI capabilities are increasingly embedded in SaaS tools your organization already uses. Forward-looking detection methods miss historical AI adoption, and static lists of known AI tools go out of date as the market grows. Discovery engines that can dynamically identify new AI tools without prior knowledge of their existence close this gap most effectively.
‍
A complete shadow AI discovery solution should identify: purpose-built AI apps and user accounts, OAuth and API integrations between AI tools and business apps, MCP server connections, AI features embedded in existing SaaS products, and AI used in the supply chains of your other SaaS vendors. It should also capture historical AI adoption, not just forward-looking activity, and provide enough context about each discovery to help your team prioritize governance actions.
