Govern

How to run a 30-day shadow AI inventory

May 2026 · Jason Lee

Surveys consistently put unsanctioned AI use at a majority of employees. In a regulated business that means sensitive data — PHI, client files, policyholder records — is probably reaching consumer AI tools today, through accounts you cannot see, under terms you have never read.

You cannot write a policy for tools you cannot name. The inventory comes first, it takes 30 days, and most of it is work your existing systems can do for you.

The method

Four weeks, four verbs: discover, ask, classify, sanction.

METHOD The 30-day shadow AI inventory WEEK 1 Discover what the systems already know — SSO / identity provider logs — network + DNS destinations — browser extension audit — expense report search — connected-app review Output: the raw tool list — 2–3x longer than predicted WEEK 2 Ask the amnesty survey — 5 questions, anonymous — nobody is in trouble — which tasks, hours saved — heaviest-use departments — 20-minute follow-ups Output: the why — and a demand-ranked automation list WEEK 3 Classify tool × data sensitivity — green: approve as-is — yellow: fix the tier / terms — red: contain, then replace — agreement status per tool — owner named per tool Output: draft AI register — the document auditors request WEEK 4 Sanction list, alternative, policy — publish the approved list — stand up the sanctioned alternative — one-page policy, tied to list — block red, contract yellow Then: quarterly refresh — the landscape won’t hold still A ban without a sanctioned alternative doesn’t end usage — it ends visibility.

Week 1 — Discover: pull what the systems already know

No interviews yet. Start with the evidence that doesn’t depend on anyone’s honesty:

  • Identity provider logs. If you run SSO, your identity provider already lists every app your people authenticated into with a work account. Export it. The AI tools jump off the page.
  • Network and DNS logs. Your firewall or secure web gateway can report traffic to the major AI domains. You are not reading anyone’s prompts — you are counting destinations.
  • Browser extension audit. Managed browsers can enumerate installed extensions. AI writing assistants and “summarize this page” extensions are the leakiest category on this list, because they read whatever is on screen.
  • Expense reports and card statements. Search twelve months for AI vendor names. A $20/month personal-tier subscription on a corporate card is shadow AI with a receipt.
  • The app connections nobody remembers. Review third-party apps authorized against your email, calendar, and file-storage tenants. AI meeting-notetakers live here, and they record everything.

Output: a raw list of tools, users, and frequency. Expect it to be two to three times longer than anyone predicted.

Week 2 — Ask: the amnesty survey

The logs show tools; they don’t show why. A short, genuinely anonymous survey — five questions, five minutes — with an explicit amnesty framing: nobody is in trouble; we are building the approved list and we want it to include what actually helps you.

Ask what tools they use, for what tasks, how many hours per week it saves, and what they would lose if it vanished tomorrow. Follow with 20-minute conversations with the two or three heaviest-use departments.

The amnesty framing is not soft-heartedness; it is data quality. Punish the first honest answer and every subsequent inventory returns zero. And the “hours saved” answers are a gift: they are your automation roadmap, pre-ranked by demand.

Week 3 — Classify: tool × data sensitivity

Put every discovered tool in a two-axis grid: what data can it plausibly reach, and what terms govern it (agreement in place, retention, training on inputs). Three buckets fall out:

  • Green: no sensitive data exposure, acceptable terms. Approve as-is.
  • Yellow: useful, but wrong tier or wrong terms. The fix is usually an enterprise contract, not a ban — same tool, different legal reality.
  • Red: sensitive data reaching a vendor with no agreement, retention by default, or training on inputs. Contain first, replace second.

This grid — every tool, the data it can reach, its owner, its agreement status — is the first draft of your AI register, the document an auditor will eventually request.

Week 4 — Sanction: the list, the alternative, the policy

Publish three things at once:

  1. The approved list, with the sanctioned tier of each tool and what it may be used for.
  2. The sanctioned alternative for the red-bucket workflows — because a ban without an alternative doesn’t end usage, it ends visibility. Staff adopted these tools for a reason; the reason survives the memo.
  3. The one-page policy, in plain language, tied to the list. Enforcement follows in the weeks after: network blocks for red tools, enterprise contracts for yellow ones, and a quarterly refresh of the whole inventory, because the tool landscape will not hold still.

What this costs, honestly

Weeks 1 and 3 are a few hours each of IT and leadership time. Week 2 is a survey tool and some conversations. The only genuinely hard part is week 4 — choosing and standing up the sanctioned alternative — and that is the part where most inventories stall, because it requires someone who can evaluate vendors, negotiate the terms, and configure the controls.

That stall is precisely what the AI Readiness Assessment exists to prevent: the inventory, the register, the policy, and a working sanctioned alternative, delivered in one 2–3 week engagement.

This article describes a method, not legal or compliance advice. Your counsel and compliance officer own the final call — this is the material to bring them.

Rather have this done than do it?

The shadow AI inventory is week one of the AI Readiness Assessment — and the assessment ends with one live automation already running.