You cannot govern what you cannot see. And right now, you cannot see most of it.
OpenAI services account for 53% of all shadow AI activity in enterprise environments, processing data from more than 10,000 users per organisation on average. (Reco, 2025) Most of those users are on personal accounts outside corporate controls.

Shadow AI Scan
Shadow IT was a procurement problem. Shadow AI is a data problem.
When an employee uses an unapproved SaaS tool, the risk is duplicate spending. When an employee puts customer financial records into an unapproved AI tool, that data may be stored, used for model training, or processed on servers the organisation does not control. You cannot get it back.
additional cost on average for breaches linked to shadow AI. (IBM, 2025)
of employees using free AI tools put sensitive company data into them. (Menlo Security, 2025)
of IT leaders are concerned about shadow AI from a privacy and security standpoint. (Komprise, 2025)
Three detection methods. One review queue.
Most shadow AI detection relies on a single signal and misses tools that come through other channels. This platform uses three methods in parallel.
Browser extension
AI tools accessed through any browser on any managed device. Flags the tool, the user, and the timestamp on first use. No screen content is recorded. No keystrokes captured. Current support: Chrome and Firefox.
Network sensor
AI endpoints reached through the corporate network or DNS. Catches tools accessed on managed networks regardless of device, including mobile devices and direct API calls. Does not read connection content.
Endpoint agent (Windows)
AI tools installed or running locally on managed Windows devices. Catches tools that do not require a browser or network connection to operate, including local models and tools running in terminal or IDE environments.
Every detection becomes a decision, not just a log entry.
Register
Moves the tool into the formal registry with the risk score already filled in. It is no longer shadow AI.
Dismiss
Records the review decision and the reason. Logged in the audit trail.
Escalate
Flags the tool as high priority and notifies the Governance Lead.
200+ AI services. Pre-assessed. Kept current.
The platform maintains 200+ known AI services, each with a pre-assessed risk level and detection fingerprints for all three methods. Free and enterprise versions of the same product are listed separately because they carry different risk profiles.
Tools that handle personal data are flagged and shown first in the review queue.
The catalogue is updated with every content bundle release.