The conversation in most security teams has shifted from "should we allow AI?" to "AI is already everywhere, so how do we govern it?"
That shift reflects reality. Employees are adopting AI tools, ChatGPT, Claude, DeepSeek, Perplexity, and dozens of domain-specific AI assistants, at a pace that outstrips any formal procurement or security review process. They are doing it from corporate devices, on corporate networks, often with corporate data. And most organizations have no systematic way to see it happening.
This is the shadow AI problem, and it is a specific instance of the broader shadow IT challenge, complicated by the fact that AI tools are often embedded inside other SaaS products, accessible through browser interfaces that traditional network monitoring was not designed to track, and capable of ingesting sensitive data in ways that are hard to observe from the outside.
The market for governance tooling in this space is still developing. This guide covers what is actually possible today, where the current tools fall short, and what a practical governance approach looks like given the current state of technology.
What Shadow AI Governance Actually Requires
Before evaluating tools, it helps to be specific about what you are trying to accomplish. The security and governance questions around AI tool usage generally fall into three categories:
Discovery: Which AI tools are in use in your organization, and by whom? This includes tools that went through formal approval and tools that did not.
Risk assessment: Of the AI tools in use, which ones pose the highest risk based on their data handling practices, security posture, or regulatory exposure?
Control and enforcement: What can you actually do about AI tools you have flagged as risky, and how do you enforce policy consistently?
A fourth question is technically desirable but currently difficult:
Content visibility: What data is actually being sent to these AI tools? This is where most organizations hit the hardest limitations with current tooling.
Where the Data Lives (and Why It Is Fragmented)
The challenge with AI governance is that no single system holds the complete picture. The data you need is distributed across several layers:
Network traffic: Firewall and CASB logs can capture traffic to known AI endpoints. Tools like Palo Alto and Zscaler can identify connections to AI services, and some can SSL inspect traffic to get deeper visibility. The limitation is that much AI usage happens through HTTPS connections that look like generic web traffic, and the meaningful content (what is in the prompt, what data was shared) is usually encrypted.
Endpoint and browser activity: For devices that are off-network or using browser-based AI tools, network monitoring misses a significant portion of activity. Browser agents and desktop agents deployed on endpoints can capture URL-level activity and application usage directly, covering gaps that network monitoring leaves.
Financial and directory signals: Many AI subscriptions are purchased on personal or corporate cards outside of IT procurement. Finance system integrations and expense tool monitoring can surface AI tools being paid for outside formal channels. SSO logs show which applications employees are authenticating into, though standalone AI tools accessed directly through the browser often bypass SSO entirely.
The AI tools themselves: The most granular data about what is being sent to AI tools lives in the AI providers' own logs. Access to this requires either direct API integration with the provider (available for enterprise deployments of tools like Microsoft Copilot) or network-level inspection, which has significant technical and legal complexity.
No single tool currently pulls all of these signals together into a complete picture. Effective AI governance today requires accepting that you will have partial visibility and building a strategy around what you can actually see.
What Governance Tooling Can Do Today
The market for AI governance tools is developing along three tracks, as practitioners in this space have noted:
SaaS security and discovery platforms approach AI governance as an extension of shadow IT management. They use multi-source discovery (SSO, network, browser agents, financial systems) to surface AI tools in use, categorize them by risk, and provide a governance interface for classifying and responding to what they find. The advantage is breadth: these platforms can see AI tools as part of the broader SaaS landscape rather than treating AI as a separate category.
Dedicated AI governance platforms focus on the models organizations deploy internally, providing oversight of which models are live, monitoring performance and drift, and aligning with frameworks like the EU AI Act and ISO 42001. These are more relevant for organizations building AI products than for governing employee AI tool usage.
Network and endpoint monitoring (existing security stack tools like CASB, DLP, and firewall solutions) can flag traffic to AI services and in some cases apply policy controls. Microsoft's approach with Copilot, using header injection to distinguish corporate from personal use and applying conditional access policies, is an example of what is possible when you have deep integration with both the network layer and the AI provider.
The honest assessment: mature, comprehensive AI governance tooling that combines traffic-level control, model governance, and employee usage tracking in a single platform does not fully exist yet. Most organizations need a combination of tools. The market is moving quickly, but it has not yet converged on a clear "good" solution for the complete problem.
How Zluri Approaches Shadow AI Discovery
Zluri's Discovery Engine includes a dedicated GenAI App Visibility capability that addresses the discovery and governance layers of the shadow AI problem.
Multi-source discovery. Zluri ingests signals from SSO providers, CASB integrations (including Zscaler), corporate finance and expense systems, and direct API integrations with SaaS applications. For endpoint coverage, Zluri deploys browser agents (Chrome and Edge extensions) and desktop agents that capture URL-level activity and application usage from devices regardless of network location.
AI tool categorization. Once discovered, AI tools are automatically identified and categorized across more than 37 sub-categories based on their function. The platform surfaces which tools are in active use, who is using them, and the spend associated with them, giving IT and security teams a working inventory of the AI landscape rather than relying on point-in-time surveys.
Risk-based classification and governance. Administrators can classify discovered AI tools based on security review status: approved, under review, or restricted. Classification can trigger automated policy responses: if a user accesses a tool classified as restricted, Zluri can alert the security team, push an event to the SIEM, or execute a workflow to revoke or flag the access.
Where Zluri stops. Zluri provides visibility into which users are using which AI tools, how frequently, and at what cost. It does not capture prompt content, keystrokes, or the specific data payloads being sent to AI models. That layer of content inspection is a different technical problem that requires either provider-level API access (available for enterprise AI deployments) or deep packet inspection through network infrastructure, neither of which is part of Zluri's current scope.
Practical AI Governance Given Current Limitations
Given where the tooling is today, a practical AI governance approach has three phases:
Get visibility first. You cannot govern what you cannot see. The starting point is discovery: surfacing which AI tools are in active use across your environment using multi-source signals. Most organizations are surprised by how many AI tools are in use that IT did not know about.
Classify and prioritize. Not all shadow AI is equally risky. A team using an AI writing assistant for marketing copy presents different risk from a team using an AI tool that requires uploading customer data. Risk classification based on the tool's data handling practices, security posture, and the type of data it is likely to encounter helps you prioritize where to focus governance effort.
Set policy and enforce it. For tools that have been reviewed and approved, document the approval and communicate acceptable use policies. For tools that are restricted, use your existing security controls (CASB, endpoint agents, network policy) to limit access and configure your discovery platform to alert on attempts to access them. For the gap between what you can control technically and what you want to control in policy, communication and training fill part of the difference.
The content visibility question (what data is actually going to these tools) is the hardest part of this problem and the area where the market has the least mature tooling. For enterprise AI deployments where the organization has a relationship with the provider (Microsoft Copilot, Google Gemini for Workspace), provider-level logging and DLP controls are the most effective approach. For standalone AI tools accessed through the browser, network-level inspection provides partial visibility but has limits. For now, this remains the area where governance programs have to accept the most uncertainty.
.svg)
