Artificial intelligence is no longer an experimental novelty: it has become a daily tool in almost all areas of the company. This is a clear change for IT and security teams: the discussion ceased to be whether to allow or not the IA and became how to manage and protect it without stopping productivity. The real challenge today is to detect and control a risk surface that grows silently with new applications and integrations appearing without explicit permission from the security officials.
What was previously known as "shadow IT" now has a specific version linked to IA: employees who test conversational assistants, integrate plugins, enable Google Workspace plugins, or connect MCP servers to automate tasks. This ecosystem can expose sensitive data, credentials and corporate information flows. To understand the magnitude of the problem, it should be recalled that organizations cannot protect what they are not seeing; that is why solutions are emerging that seek to invent and control this unauthorized use of IA from the first day. For IA risk management frameworks and recommendations, institutions such as the NIST offer useful guides to structure policies and controls.
A practical strategy begins by regaining full visibility. Tools designed to detect "Shadow AI" combine light integrations with corporate identity providers (e.g. Microsoft 365 or Google Workspace) and analyze existing signals in the organization - such as the emails that SaaS providers generate when an account is created or credentials are changed - to map which IA applications and what accounts exist. This allows you to get an initial photo of the application park from the very first moment, without depending on internal surveys or that employees voluntarily report what they are using..
A sensitive part of the problem is conversations and file charges to IA assistants. Research and news have shown that employees sometimes stick code fragments, personal data or even confidential information on chatbots and attendees, without anticipating the risk. To reduce this exposure, some browser extensions and security tools monitor interactions with APIs and IA pages, detecting when classified information is shared - personal data, secrets or financial information - and recording context about who uploaded it, when and from where. This approach not only alerts incidents, but facilitates understanding of data flow patterns between corporate applications and IA services.
In addition to monitoring and alerting, the next component is active governance. The mere existence of an acceptable use policy does not guarantee compliance; therefore, mechanisms emerge that disseminate policy, request recognition and apply reminders in the context of daily work. By using integrated "nudges" in the browser or notifications in Slack and Teams, it is possible to redrive a user to approved tools, warn about unsafe behaviors or request more information when an unknown tool appears. The aim is not to punish every action, but to create intelligent friction that avoids data leakage and promotes safe habits.
Another critical aspect is mapping the integrations and permissions. IA applications are not only chats; many request OAuth permissions, integrate with Google or Microsoft, or maintain server-to-server connections (e.g. MCP). To know which applications have gained access to which data and with which scope (scope) is essential for assessing risks and prioritizing remediations. In this sense, understanding how authorisation protocols work and periodically reviewing access is a practice that complements any automated inventory. In order to deepen the risks associated with integration and authentication flows, it is appropriate to review the official documentation of identity providers and protocols, such as the Google about OAuth or the security resources of Microsoft 365.
The continuous detection and mapping also allow to generate adoption metrics: which departments use the most IA, which unapproved tools appear again and where training and controls should be concentrated. This information provides objective arguments for deciding whether to block, allow with restrictions or incorporate certain tools into the official catalogue. In parallel, configurable alerts act as an early warning system for activities that require urgent intervention, such as the sharing of sensitive data or the emergence of unauthorized access.
In practice, an operational solution that combines continuous discovery, real-time monitoring and proactive governance reduces the load on security equipment without creating a group dedicated only to tracking new applications. At the same time, it provides enforcement officials with the traceability necessary to audit decisions and demonstrate that reasonable controls were applied to protect information.
While there are multiple tools in the market with different approaches, any effective approach must respect two principles: first, to minimize friction for equipment to remain productive; second, to prioritize privacy and data protection when analysing operational signals. Institutions such as Cisco have dealt with the phenomenon of Shadow IT for years, and now that conversation explicitly includes the use of IA in the workplace.
Finally, governing the IA is not a timely project but an organizational change that combines technology, processes and culture. It requires clear policies, continuous training, technical controls including detection of sensitive data intake and a living inventory of integration. These elements can take advantage of the potential of the IA without paying the price of a data leak or uncontrolled permits. For those who want to compare solutions or explore specific implementation options, many suppliers publish practical guides and concept tests; and for regulatory frameworks and technical recommendations, the work of the NIST It's a good starting point.
If your organization already detects unmanaged IA tools or you have doubts about which controls to prioritize, start by recovering visibility and mapping access is usually the most effective step: without that basis, any governance will, at best, be partial.
18-year-old Ukrainian youth leads a network of infostealers that violated 28,000 accounts and left $250,000 in losses
The Ukrainian authorities, in coordination with US agents. They have focused on an operation of infostealer which, according to the Ukrainian Cyber Police, was allegedly adminis...
RAMPART and Clarity redefine the safety of IA agents with reproducible testing and governance from the start
Microsoft has presented two open source tools, RAMPART and Clarity, aimed at changing the way the safety of IA agents is tested: one that automates and standardizes technical te...
The digital signature is in check: Microsoft dismands a service that turned malware into apparently legitimate software
Microsoft announced the disarticulation of a "malware-signing-as-a-service" operation that exploited its device signature system to convert malicious code into seemingly legitim...
A single GitHub workflow token opened the door to the software supply chain
A single GitHub workflow token failed in the rotation and opened the door. This is the central conclusion of the incident in Grafana Labs following the recent wave of malicious ...
WebWorm 2025: the malware that is hidden in Discord and Microsoft Graphh to evade detection
The latest observations by cyber security researchers point to a change in worrying tactics of an actor linked to China known as WebWorm: in 2025 it has incorporated back doors ...
Identity is no longer enough: continuous verification of the device for real-time security
Identity remains the backbone of many security architectures, but today that column is cracking under new pressures: advanced phishing, real-time proxyan authentication kits and...
The dark matter of identity is changing the rules of corporate security
The Identity Gap: Snapshot 2026 report published by Orchid Security puts numbers to a dangerous trend: the "dark matter" of identity - accounts and credentials that are neither ...