Five Steps to Stop Shadow AI From Spreading

shadow AI – As employees quietly add AI writing assistants, coding copilots, and browser tools to their daily workflows, security teams often lose visibility. New guidance lays out a five-step program to inventory AI usage, set workable governance, speed approvals, monito

The moment an employee installs an AI writing assistant, hooks a coding copilot to their IDE, or starts summarizing meetings with a browser tool, it looks like progress. Faster drafts. Less busywork. More momentum.

Across many organizations. though. employees are doing it with a safety blind spot: it’s estimated they run three to five AI tools a day. and most of those tools were never reviewed by IT.. A “shadow AI gap” is forming—one where many apps connect to corporate data through OAuth tokens or browser sessions. potentially reaching shared drives. emails. and internal documents employees didn’t explicitly mean to expose.

Security teams are often left with a mismatch in what they can see.. Many tools were built to watch email and network traffic flowing through the corporate network.. But a browser-based AI tool that gets company data after a quick login approval can bypass those controls entirely because it never passes through the corporate network at all.

Adaptive Security research puts numbers to the widening divide: 80% of employees currently use unapproved generative AI applications at work, while only 12% of companies have a formal AI governance policy in place.

The pitch from Adaptive Security is simple: channel AI adoption into a safe, visible, approved path. It describes five steps—starting with visibility and ending with behavior change—that aim to keep employees moving quickly while giving security teams the oversight they’re missing.

The first step is building a full picture of what’s running. A security program can only manage what it can see, and the initial inventory is often surprising. The guidance points to three areas driving most shadow AI activity.

First are OAuth connections.. Most AI tools request access to Google Workspace or Microsoft 365 through OAuth. which can grant read or write permissions to corporate data.. A quarterly audit of connected third-party apps, sorted by permission scope, typically surfaces dozens of tools security teams never reviewed.

Second are browser extensions.. Many AI tools operate as browser extensions and never touch the operating system. so traditional endpoint management tools miss them entirely.. The recommended fix is a browser management solution or a lightweight agent installed on employee devices to scan for and identify which extensions are active across the organization.

Third are AI features bundled inside already-approved tools. Microsoft Copilot, Google Gemini, and Salesforce Einstein are cited as examples where AI capabilities may be added after an original vendor review—sometimes without a separate security evaluation.

A simple employee survey is also positioned as a necessary backstop. Framing questions around helping employees work more safely tends to produce candid responses, surfacing shadow tools that automated discovery misses.

The goal, in the guidance’s words, is an accurate inventory: every AI tool in use, who is using it, and what data it has access to.

From there, the program moves to policy—specifically a policy that works with employees instead of stalling them. The problem with many AI acceptable use policies, it argues, is that they list prohibited tools without explaining what the approved path looks like.

An effective AI governance policy is described as covering five things.

It starts with clear data classification rules specifying which categories of data, including customer records, source code, and financial information, should never be entered into any AI tool.

It then calls for a verified data training opt-out status for each approved tool. Many AI tools can use company inputs to improve models by default unless enterprise settings explicitly configure otherwise. Approval should require confirmed opt-out for any tool handling sensitive data.

Next is a defined process for requesting new tools, including a target turnaround time.

Finally, the policy needs a plain-language explanation of why the guidelines exist.. The guidance emphasizes that when employees understand the reasoning behind OAuth connections carrying data exposure risk. they are more likely to apply that logic to tool decisions across the board.. In that view, policy becomes a form of education when the reasoning is included.

Even a good policy doesn’t help if employees can’t get approvals quickly enough. That’s where the third step comes in: create a fast lane for new tool requests.

Shadow AI grows fastest, the guidance warns, where the official approval process can’t keep pace with how quickly AI products release. If an employee needs a tool today and faces a six-week security review, the workaround temptation becomes immediate.

The recommended approach is to remove that friction by using structured intake for most tools. Most AI tool requests do not warrant a full procurement review, so a structured intake form with defined evaluation criteria is positioned as enough for the majority of lower-risk tools.

For tools with limited data access, many organizations can move faster once evaluation criteria are documented and consistently applied.

The evaluation criteria should cover data access scope, vendor security practices, data training opt-out status, compliance certifications, and whether the tool already has a functional equivalent on the approved list.

Publishing an approved tool list openly—and keeping it current—is also described as a lever that reduces shadow AI usage. When employees know where to find the right tools, they use them.

But approvals alone don’t solve the problem if risky use still slips through. The fourth step adds monitoring as a shared safety layer.

Continuous visibility into AI tool usage is framed as helping two groups at once.. Security teams get the real-time picture they need to identify and address exposure before it becomes an incident.. Employees get protection they often don’t have on their own: signals when a tool they’re using may put their credentials or company data at risk.

The guidance calls for a browser-native monitoring approach that provides visibility into AI activity without rerouting employee web traffic or adding friction to daily work.. The signals collected are described as feeding into each employee’s broader risk profile—alongside phishing simulation results and training completion data—in one place.

That combined view matters because risky behaviors compound.. The guidance states that an employee who clicks phishing links. skips training. and runs unapproved AI tools with access to sensitive data presents a higher risk than any single behavior would indicate.. Seeing the full picture in one place helps security teams focus attention on the employees most likely to need intervention.

The final step is making good security behavior easy. The guidance argues that security programs employees actually follow are the ones that reduce effort and uncertainty when the secure choice appears.

In the AI governance context, two drivers are highlighted: just-in-time coaching and training that explains the reasoning behind the rules.

Just-in-time coaching is described as a brief, contextual prompt at the moment an employee attempts to use an unsanctioned tool.. It’s presented as more effective than quarterly training modules because the intervention happens at the point of decision.. A well-designed prompt should tell the employee what the concern is. direct them to an approved alternative. and take less than thirty seconds to read.

The training component focuses on reasoning, not just rules. The guidance says judgment built on explanation scales better than rigid memorization—especially because the AI tool landscape changes too fast for any training program to anticipate every specific case.

It uses an example to connect the dots: if an employee understands that OAuth connections to corporate Google Workspace can expose the entire shared drive to a third-party vendor, that understanding can apply to tools that didn’t exist six months earlier.

The broader frame is that AI adoption is itself a signal—of productive teams doing their jobs well.. Companies that treat that momentum as something to build practical governance around are described as handling the shift better: clear paths to approved tools. real-time visibility for security teams. and just-in-time coaching.

According to the guidance. when security teams close the gap between employee workflows and security visibility. shadow AI usage declines organically over time—driven by browser-native visibility. clear paths to approved tools. and just-in-time coaching at the moment of risk.. When employees have access to effective approved tools and a fast. transparent path to get new ones reviewed. the incentive to work around the system “largely disappears.”

Adaptive Security’s AI Governance product is presented as providing real-time visibility into every AI tool and shadow app running across an organization, with automated policies and just-in-time employee coaching built in. The company directs readers to adaptivesecurity.com for more information.

shadow AI AI governance generative AI security OAuth browser extensions cybersecurity policy employee productivity third-party risk just-in-time coaching