How to run a 30-day shadow AI inventory
May 2026 · Jason Lee
Surveys consistently put unsanctioned AI use at a majority of employees. In a regulated business that means sensitive data — PHI, client files, policyholder records — is probably reaching consumer AI tools today, through accounts you cannot see, under terms you have never read.
You cannot write a policy for tools you cannot name. The inventory comes first, it takes 30 days, and most of it is work your existing systems can do for you.
The method
Four weeks, four verbs: discover, ask, classify, sanction.
Week 1 — Discover: pull what the systems already know
No interviews yet. Start with the evidence that doesn’t depend on anyone’s honesty:
- Identity provider logs. If you run SSO, your identity provider already lists every app your people authenticated into with a work account. Export it. The AI tools jump off the page.
- Network and DNS logs. Your firewall or secure web gateway can report traffic to the major AI domains. You are not reading anyone’s prompts — you are counting destinations.
- Browser extension audit. Managed browsers can enumerate installed extensions. AI writing assistants and “summarize this page” extensions are the leakiest category on this list, because they read whatever is on screen.
- Expense reports and card statements. Search twelve months for AI vendor names. A $20/month personal-tier subscription on a corporate card is shadow AI with a receipt.
- The app connections nobody remembers. Review third-party apps authorized against your email, calendar, and file-storage tenants. AI meeting-notetakers live here, and they record everything.
Output: a raw list of tools, users, and frequency. Expect it to be two to three times longer than anyone predicted.
Week 2 — Ask: the amnesty survey
The logs show tools; they don’t show why. A short, genuinely anonymous survey — five questions, five minutes — with an explicit amnesty framing: nobody is in trouble; we are building the approved list and we want it to include what actually helps you.
Ask what tools they use, for what tasks, how many hours per week it saves, and what they would lose if it vanished tomorrow. Follow with 20-minute conversations with the two or three heaviest-use departments.
The amnesty framing is not soft-heartedness; it is data quality. Punish the first honest answer and every subsequent inventory returns zero. And the “hours saved” answers are a gift: they are your automation roadmap, pre-ranked by demand.
Week 3 — Classify: tool × data sensitivity
Put every discovered tool in a two-axis grid: what data can it plausibly reach, and what terms govern it (agreement in place, retention, training on inputs). Three buckets fall out:
- Green: no sensitive data exposure, acceptable terms. Approve as-is.
- Yellow: useful, but wrong tier or wrong terms. The fix is usually an enterprise contract, not a ban — same tool, different legal reality.
- Red: sensitive data reaching a vendor with no agreement, retention by default, or training on inputs. Contain first, replace second.
This grid — every tool, the data it can reach, its owner, its agreement status — is the first draft of your AI register, the document an auditor will eventually request.
Week 4 — Sanction: the list, the alternative, the policy
Publish three things at once:
- The approved list, with the sanctioned tier of each tool and what it may be used for.
- The sanctioned alternative for the red-bucket workflows — because a ban without an alternative doesn’t end usage, it ends visibility. Staff adopted these tools for a reason; the reason survives the memo.
- The one-page policy, in plain language, tied to the list. Enforcement follows in the weeks after: network blocks for red tools, enterprise contracts for yellow ones, and a quarterly refresh of the whole inventory, because the tool landscape will not hold still.
What this costs, honestly
Weeks 1 and 3 are a few hours each of IT and leadership time. Week 2 is a survey tool and some conversations. The only genuinely hard part is week 4 — choosing and standing up the sanctioned alternative — and that is the part where most inventories stall, because it requires someone who can evaluate vendors, negotiate the terms, and configure the controls.
That stall is precisely what the AI Readiness Assessment exists to prevent: the inventory, the register, the policy, and a working sanctioned alternative, delivered in one 2–3 week engagement.
This article describes a method, not legal or compliance advice. Your counsel and compliance officer own the final call — this is the material to bring them.