TL;DR
- Shadow AI and shadow SaaS are the tools your workforce uses without IT or security approval — 44% of employees are already using AI tools in ways that violate company policy, and most organisations don't discover this until after an incident.
- SSO integration reveals the apps employees are authenticating to, including OAuth-connected tools that were never formally sanctioned.
- A browser extension catches everything SSO misses: personal accounts, free-tier tools, and AI assistants that employees access directly in the browser.
- Ethira combines both signals, assigns a named owner to every discovered tool, and flags anything that doesn't match your approved catalogue — automatically.
What is shadow AI — and why is it different from shadow SaaS?
Shadow SaaS is any software-as-a-service application used by employees without formal IT or security approval. Shadow AI is a more specific and higher-risk subset: AI tools, AI-powered SaaS, AI agents, and AI models that employees use outside the organisation's sanctioned catalogue.
The distinction matters because shadow AI carries a risk that ordinary shadow SaaS does not. When an employee uses an unsanctioned project management tool, data stays inside the application. When they use an unsanctioned AI tool, they are often sending data — contracts, customer records, source code, personnel information — directly to a third-party model for processing. The data leaves the organisation's control with every prompt.
A 2025 Menlo Security report found that 57% of employees who use free-tier AI tools via personal accounts input sensitive company data into those tools.
As of 2026, DORA, the EU AI Act, and ISO 42001 all require organisations to know which AI systems are in use. Shadow AI makes that requirement impossible to satisfy without active discovery.
Why the usual approaches miss most of it
Most IT and security teams believe they have reasonable visibility over their software estate. They do not — at least not over the tools that carry the most risk.
| Discovery method | What it catches | What it misses |
|---|---|---|
| Annual software audit | Licenced, IT-procured tools | Personal accounts, API keys, browser extensions |
| Spend and procurement data | Tools with a purchase order | Free-tier tools, personal card payments |
| IT ticketing | Software installed via IT request | Everything deployed without a ticket |
| SSO logs alone | Apps connected to your identity provider | Apps that bypass SSO entirely |
| Network traffic analysis | Outbound HTTP to known domains | Encrypted traffic, mobile devices, home networks |
The tools most likely to cause a data incident — personal ChatGPT accounts, AI writing assistants, code generation tools with API access — fall into the "misses" column of every row.
How SSO integration surfaces the sanctioned-app gap
Your SSO provider (Okta, Azure AD, Google Workspace, or equivalent) is the closest thing most organisations have to an authoritative application registry. But the registry has two problems.
First, it only shows apps that have been connected to SSO. Employees constantly authorise new OAuth applications using their work email address — granting those apps access to calendars, email, and documents — without IT ever seeing the connection request.
Second, being in SSO does not mean being sanctioned. An app that your procurement team approved three years ago may have changed ownership, updated its data processing terms, or added AI features that send content to a third-party model. SSO tells you the app exists. It does not tell you whether it is still appropriate.
Ethira ingests your SSO provider's data and cross-references it against your approved tool catalogue. Every app an employee has authenticated to via OAuth is surfaced — including apps that were never reviewed. A 2025 analysis by Reco.ai found that organisations manage an average of 490 SaaS applications, of which only 47% are formally authorised — meaning the average enterprise runs more than 260 applications that IT never approved.
The SSO integration also provides the identity layer that makes ownership assignment possible. Because every authentication event is tied to a user, and every user is mapped to a team, function, and legal entity via your HRIS, Ethira can assign a named owner to every discovered tool without manual tagging.
How the browser extension catches everything SSO misses
SSO-based discovery has a structural blind spot: it only sees tools that employees access via their corporate identity. A significant portion of shadow AI lives entirely outside that perimeter. Menlo Security's 2025 report found that 80% of GenAI access happens directly via browsers — not through corporate apps, API keys, or SSO-managed connections.
- Personal AI accounts. An employee who uses their personal Gmail address to access ChatGPT, Claude, or Gemini does not appear in your SSO logs at all.
- Free-tier tools. Many AI tools require no account — or are free to use in ways that leave no authentication trail.
- Browser-native AI assistants. Tools like built-in browser AI features, AI writing assistants, and AI-powered search engines are accessed directly in the browser, without any separate login.
- API keys in personal projects. Developers who embed model API keys in side projects or local scripts generate no browser-level event, but the data they send is still organisational data.
The Ethira browser extension addresses this by passively monitoring AI and SaaS tool usage directly at the browser level. It deploys via a single browser policy push — the same mechanism used to enforce safe browsing policies — and requires no individual device enrolment. Every AI tool accessed through the browser is logged the moment it is first used, regardless of whether the employee used a corporate or personal account.
The extension does not read content or capture prompts. It records the tool name, the access timestamp, the frequency of use, and the employee's identity from the active browser session. That is enough to build a complete tool inventory.
What Ethira does with the discovery data
Discovery is only valuable if it results in action. Ethira combines the SSO and browser extension signals into a single tool inventory and then does three things automatically.
Named owner assignment. Every discovered tool is matched to a named human using your HRIS and SSO directory. Ownership is assigned at the person, team, function, and legal entity level — no manual tagging required, and the assignment updates automatically as your org structure changes.
Unsanctioned tool flagging. Tools that do not appear in your approved catalogue are flagged immediately. The named owner receives a notification with full usage context — which tool, how often, by whom, from which team — and the tool is queued for either sanctioning review or managed off-boarding.
Continuous inventory. The inventory is not a point-in-time snapshot. New tools are added the moment they are first used, and tools that drop below a usage threshold are flagged for potential decommissioning. On average, Ethira discovers 212 tools per organisation, of which 47% are unsanctioned at the time of first discovery. Reco.ai's 2025 research found that unsanctioned AI tools persist in employee workflows for an average of 400 days before being discovered and reviewed — making continuous discovery, not point-in-time audits, the only reliable approach.
How do I know which tools are high-risk?
Not every unsanctioned tool carries the same risk. IBM's 2025 Cost of a Data Breach Report found that shadow AI — defined as the use of unapproved internet-based AI tools — adds an average of $670,000 to breach costs. Ethira surfaces a risk tier for each discovered tool based on three dimensions, so your security team can prioritise the tools most likely to contribute to that figure.
Data egress risk. Tools that receive free-text prompt input are rated higher than tools that only process structured data. A markdown editor used without AI features is lower risk than a coding assistant that sends your repository contents to an external model.
Regulatory exposure. Tools that process personal data without a signed Data Processing Agreement (DPA) on file create a GDPR compliance gap. Ethira cross-references each tool against your vendor register and flags tools where a DPA is required but missing.
AI Act and ISO 42001 scope. The EU AI Act classifies certain AI uses as high-risk. ISO 42001 requires a documented inventory of AI systems in scope of the management system. Tools that fall into either category are flagged for priority review — regardless of whether they are formally sanctioned.
The risk tier appears on the tool's inventory record alongside the named owner, usage volume, and any open review tasks. Your security team sees a prioritised list, not a flat dump of 200 tool names.
Frequently asked questions
What is the difference between shadow AI and shadow SaaS?
Shadow SaaS is any unapproved software-as-a-service application used by employees. Shadow AI is the higher-risk subset: AI tools, AI-powered SaaS, AI agents, and AI models in active use without IT or security approval. Shadow AI carries an additional risk because employees typically send organisational data — including sensitive content — to external AI models as part of normal usage.
How do I find out which AI tools my employees are using?
Two complementary signals give complete coverage. SSO integration surfaces every application employees have authenticated to using their corporate identity, including OAuth-connected tools that were never formally reviewed. A browser extension passively monitors browser-level AI tool access and catches tools that bypass SSO entirely, including personal accounts and free-tier tools with no corporate login. Ethira combines both signals into a single, continuously updated inventory.
Does shadow AI discovery require installing software on every device?
No. The Ethira browser extension deploys via a single browser policy push — the same mechanism used to enforce safe browsing policies across a managed device fleet. There is no per-device enrolment, no agent installation, and no individual employee action required. A single policy change covers the entire managed browser fleet.
How does SSO integration help discover unsanctioned SaaS?
Your SSO provider holds a record of every app employees have authenticated to using their corporate identity. Ethira ingests that data, cross-references it against your approved tool catalogue, and surfaces every app — including OAuth-connected applications and delegated-access grants — that was never formally reviewed. Because SSO events are tied to individual user identities, Ethira can also assign a named owner to every discovered tool automatically.
How many unsanctioned AI tools does the average organisation have?
Industry research from Reco.ai puts the average at 261 unauthorised applications per enterprise across all SaaS categories. Based on Ethira deployments, the average organisation has 212 tools in active use across its workforce, of which 47% are unsanctioned at the time of first discovery. The unsanctioned tools are not evenly distributed: engineering, sales, and product teams account for the majority, and the tools with the highest data exposure risk — AI coding assistants, AI writing tools, and general-purpose chat interfaces — are among the most frequently used.
Sources
- EU Artificial Intelligence Act, Regulation (EU) 2024/1689 — EUR-Lex
- EU Digital Operational Resilience Act (DORA), Regulation (EU) 2022/2554 — EUR-Lex
- ISO/IEC 42001:2023 — Information technology — Artificial intelligence — Management system — ISO
- GDPR Article 28 — Processor obligations and sub-processor requirements — EUR-Lex
- KPMG / University of Melbourne — Trust, Attitudes and Use of Artificial Intelligence: A Global Study 2025 (~50,000 respondents, 47 countries) — kpmg.com
- Reco.ai — 2025 State of Shadow AI Report — reco.ai
- Menlo Security — 2025 Shadow AI in the Modern Enterprise Report — menlosecurity.com
- IBM Security — 2025 Cost of a Data Breach Report (Ponemon Institute) — ibm.com