Enterprise employees are now running shadow AI tools faster than security programs can review them, making that gap the most important identity management issue this year. Adaptive Security research found that while 80% of employees use unapproved generative AI applications at work, only 12% of companies have formal AI governance policies in place. The 8:1 gap exposes corporate data through OAuth scopes and browser sessions that never touch the corporate network.
- Adaptive Security found that 80% of employees currently use unapproved generative AI applications at work, compared to 12% of companies that have formal AI governance policies.
- Most employees run three to five AI tools every day. A significant portion connect to corporate data through OAuth tokens or browser sessions that completely bypass network layer controls.
- Three discovery surfaces account for nearly all shadow AI tool activity: OAuth connections, browser extensions, and AI capabilities bundled within already approved suites such as Microsoft Copilot and Google Gemini.
Where does Shadow AI Tools Surface actually exist in your enterprise?
Shadow AI tools are not a matter of general perception. These are specific identity management issues that have three different aspects. OAuth connections give third-party AI tools read or write permissions to Google Workspace or Microsoft 365. Quarterly audits of connected third-party apps and categorized by scope of permissions regularly reveal a large number of tools that security teams have never reviewed. Because browser extensions perform AI functionality client-side and never touch the operating system, endpoint management tools miss it completely. AI capabilities bundled with already approved suites (Microsoft Copilot, Google Gemini, Salesforce Einstein) inherit the trusted status of those suites while introducing new data flows that were not included in the original approval.
Traditional network monitoring playbooks don’t address any of these three aspects. Browser-based AI tools that authenticate through quick OAuth authorization and retrieve shared drive content through the same channel won’t show up in firewall logs or DLP-monitored emails. Security team visibility ends at the network edge. Data breaches occur within the SaaS perimeter, where only employees, SaaS providers, and AI vendors are on the network.
Why BleepingComputer framing solves the OAuth scope problem
BleepingComputer’s Adaptive Security article looks at this problem as a trade-off between productivity and security and offers a five-step implementation program as an answer. This framework deemphasizes the more structural discoveries buried in OAuth data. In other words, the AI tools themselves are not a long-term governance issue, but the OAuth scopes that the AI tools maintain. Tools come and go. Accumulated access scopes for Workspace, Microsoft 365, GitHub, Salesforce, and Slack persist even after the tools are no longer popular. Few organizations have routines for revoking approvals of outdated third-party apps. The quarterly pace of revocation OAuth is the closest operational analog to the Patch Tuesday discipline that the Vulnerability Program runs through. Most ID programs haven’t done it yet.
An 80% adoption rate is not a data point worth bringing into a board discussion. This is the gap between your authorized tools inventory and your OAuth app inventory. The first number indicates what the security team thinks the AI surface will look like. The second is what it actually looks like. Delta is a range of Shadow AI tools programs.
How CISOs can build shadow AI visualization capabilities without slowing down employees
Detection is upstream of policy, which is upstream of approval workflow. Sequence determines how much organic momentum your program retains. Incident response posture towards AI exposure depends on knowing what is connected before something goes wrong.
Perform quarterly third-party OAuth audits for Workspace, Microsoft 365, and GitHub – Get a list of connected apps sorted by permission scope and retention period, flag any apps that your security team hasn’t reviewed, and revoke apps that have broader scope than their declared purpose. This is a single operation that gives security teams visibility into aspects of the OAuth surface of shadow AI tools.
Create an approved AI catalog with an expedited review path before applying broader policies – Approval workflows take weeks, so employees adopt unapproved tools. Catalogs provide a faster alternative with pre-negotiated OAuth scopes. A fast-track review path (48 hours for open source tools, 2 weeks for SaaS vendors) removes the productivity-loss reasons that drive shadow adoption in the first place.
Shadow AI tools are not a one-and-done problem. These are the attitudes we maintain quarter after quarter against an implementation landscape that grows faster than a single approval workflow can keep up with. The pace of visibility built this year will determine how much your organization is at risk when the next generation of agent AI tools emerge with broader OAuth scope than what’s in your current inventory.
Join the information security community on LinkedIn Groups.
