Key Takeaways
- Approximately 80 % of employees regularly use unapproved generative‑AI tools at work, while only 12 % of organizations have a formal AI‑governance policy.
- Most workers run three to five AI applications each day, often granting them OAuth scopes or running them as browser extensions that bypass traditional network controls.
- Shadow‑AI activity concentrates on three surfaces: OAuth connections to SaaS suites, client‑side browser extensions, and AI features embedded in already‑approved products such as Microsoft Copilot or Google Gemini.
- Conventional security monitoring (firewalls, DLP, endpoint tools) cannot see data flows that stay inside the SaaS perimeter, leaving a blind spot where the employee, SaaS provider, and AI vendor are the only parties involved.
- Media coverage tends to frame the issue as a productivity‑versus‑security trade‑off and overlooks the persistence of OAuth scopes long after the tools themselves are abandoned.
- The most informative metric for executive boards is the gap between the inventory of approved AI tools and the inventory of OAuth‑authorized applications—the true scope of shadow‑AI risk.
- Effective visibility begins with a quarterly OAuth audit that lists connected apps by permission scope and tenure, flagging unreviewed or over‑privileged entries for revocation.
- Complementing the audit with an approved‑AI catalog that offers a fast‑track review (48 hours for open‑source tools, two weeks for SaaS vendors) reduces the friction that drives employees to seek unapproved alternatives.
- Shadow‑AI management is not a one‑time project; it requires a recurring posture—quarterly reviews, continuous catalog updates, and readiness for future agentic AI tools that may request even broader OAuth privileges.
Overview of Shadow AI Adoption
Enterprise surveys reveal a striking disconnect between employee behavior and corporate policy: roughly four‑in‑five staff members now rely on unapproved generative‑AI applications during their workday, whereas barely more than one‑in‑ten companies have instituted a formal AI‑governance framework. This 8‑to‑1 gap creates a sizable attack surface that traditional security programs struggle to monitor because the tools often authenticate directly with SaaS platforms and never traverse the corporate network perimeter. The prevalence of shadow AI is therefore less a matter of occasional policy violations and more a systemic identity‑management challenge, where employees independently provision access to corporate data through third‑party services that the security team has never vetted.
Usage Patterns and Access Mechanics
On any given day, the typical employee runs between three and five different AI tools, ranging from text‑generation assistants to image‑creation models. Many of these applications gain entry to corporate resources by leveraging OAuth tokens issued by Google Workspace, Microsoft 365, GitHub, Salesforce, or Slack. Because the authorization occurs through a browser‑based consent screen, the resulting session lives entirely inside the SaaS provider’s environment, invisible to network‑layer controls such as firewalls or intrusion‑detection systems. Additionally, a significant share of shadow AI runs as client‑side browser extensions that execute locally, further eluding endpoint‑management tools that focus on installed executables or system‑level processes.
Discovery Surfaces: OAuth, Extensions, Bundled AI
Adaptive Security’s research identifies three distinct surfaces that capture virtually all shadow‑AI activity. First, OAuth connections grant third‑party AI apps read or write permissions to corporate SaaS suites; a routine audit of connected apps sorted by permission scope frequently uncovers dozens of unreviewed tools. Second, browser extensions embed AI functionality directly in the user’s web session, operating without touching the underlying OS and thus escaping detection by conventional endpoint security. Third, many already‑approved productivity suites now ship integrated AI features—examples include Microsoft Copilot, Google Gemini, and Salesforce Einstein—whose trusted status allows them to inherit broad access rights while introducing new data flows that were never part of the original approval. Each of these surfaces creates a pathway for data exfiltration or misuse that lies outside the visibility of legacy security tooling.
Network‑Centric Controls Miss the Risk
Because shadow‑AI tools authenticate via OAuth and execute within the SaaS perimeter, they generate little to no traffic that crosses the corporate network boundary. Firewall logs, VPN monitors, and DLP systems that inspect email or web‑gateway traffic therefore fail to capture the moment an AI assistant reads a confidential document from SharePoint or writes a summary to a shared drive. The security team’s visibility effectively ends at the network edge, while the actual data exposure occurs inside the trusted SaaS environment where only the employee, the SaaS provider, and the AI vendor are parties to the transaction. This fundamental mismatch explains why traditional monitoring playbooks are ineffective against the OAuth‑scope problem that underlies shadow AI.
How Media Coverage Misses the Core Issue
Reporting outlets such as BleepingComputer have tended to frame the shadow‑AI phenomenon as a simple productivity‑versus‑security trade‑off, proposing a five‑step adoption program as the remedy. While well‑intentioned, this narrative under‑emphasizes the more structural finding buried in the OAuth data: the AI tools themselves are transient, but the permission scopes they acquire can persist long after the tools fall out of use. Few organizations maintain a routine for revoking stale third‑party app authorizations, allowing legacy OAuth grants to accumulate and become a latent risk. The real governance problem, therefore, is not the fleeting popularity of any particular AI application but the enduring access rights that those applications leave behind.
What Boards Really Need to Know
For executive leadership and boards, the most telling metric is not the headline 80 % adoption figure but the delta between the inventory of approved AI tools and the inventory of OAuth‑authorized applications. The former reflects what the security team believes the AI surface looks like; the latter reveals what the surface actually looks like. This gap quantifies the true scope of shadow‑AI risk and provides a concrete, measurable basis for discussions about resource allocation, policy refinement, and risk appetite. Presenting this delta in board materials shifts the conversation from anecdotal concerns about employee productivity to a quantifiable identity‑management exposure that can be tracked over time.
Practical Steps to Gain Visibility
To close the visibility gap, organizations should institute a quarterly OAuth audit that pulls the connected‑apps list from Workspace, Microsoft 365, and GitHub, sorts entries by permission scope and tenure, and flags any app the security team has not reviewed. Applications whose scopes exceed their declared business purpose should be revoked promptly, mirroring the discipline of patch‑Tuesday for vulnerabilities. Parallel to the audit, companies should stand up an approved‑AI catalog that offers a fast‑track review pathway—48 hours for open‑source tools and two weeks for SaaS vendors—providing employees with a sanctioned alternative that eliminates the productivity friction driving shadow adoption. By pre‑negotiating OAuth scopes for catalog entries, the security team can ensure that approved tools operate within known, limited permission boundaries.
Sustaining the Shadow‑AI Posture
Managing shadow AI is not a one‑off project; it requires an ongoing posture that evolves alongside the rapidly expanding AI ecosystem. The visibility cadence established this year—regular OAuth audits, continual catalog updates, and rapid review loops—will determine how exposed the organization remains when the next generation of agentic AI tools arrives, likely requesting even broader OAuth privileges than those in today’s inventory. Embedding these practices into the identity‑management lifecycle ensures that security can keep pace with organic AI adoption without stifling innovation, ultimately transforming a reactive scramble into a proactive, measurable control framework.