Shadow AI is spreading through businesses faster than most IT teams realize. And if you’re an managed service provider (MSP), reseller, or channel partner, there’s a good chance it’s already inside the organizations you support.
The question isn’t whether your customers are using unsanctioned artificial intelligence (AI) tools. The question is, do they know about it, and do you?
What Is Shadow AI?
Shadow AI refers to any AI tool, large language model (LLM), or AI-powered application that employees use without the knowledge or approval of their IT department. Think ChatGPT, Gemini, Claude, Copilot extensions, or any number of AI writing, coding, or data tools that have quietly become part of someone’s daily workflow.
It mirrors what we saw with shadow IT a decade ago. Employees found tools that helped them work faster, started using them without telling anyone, and created security and compliance headaches that nobody saw coming.
Shadow AI is the same story, but with far higher stakes. Employees are feeding sensitive business data directly into public LLMs that use that information to train their models.
Why Shadow AI Is A Challenge
Ikram Khaled, Group Head of Vendor Alliances at QBS Technology Group, put it plainly during
our recent episode of PodMagic:
“Shadow AI, it’s becoming a pandemic if you think about it. 90% of the IT teams don’t really know about what AI tools or LLMs are being used within their environment.”
Ikram Khaled, Group Head of Vendor Alliances, QBS Technology Group
That’s a compliance gap and a significant blind spot in your customers’ security posture. The issue here is about consistency, accountability, and what happens when an employee makes a business decision based on an AI output that nobody reviewed, validated, or sanctioned.
Khaled went further:
“A lot of users don’t realize the data that they are putting in these LLMs, these LLMs are usually using that data to train their agents. And a lot of people don’t understand the sensitivity of the data that they’re actually working with. It may just sound like a name or maybe a numerical number that comes up, but these may be sensitive, without their knowledge.”
Ikram Khaled, Group Head of Vendor Alliances, QBS Technology Group
Prefer to listen? Watch PodMagic “The Truth About Shadow AI & Tech Adoption With Ikram Khaled” here.
How to Detect Shadow AI in IT Environments
Here’s what to look for and where to start your discovery.
Audit Outbound Network Traffic
Most shadow AI usage shows up as repeated calls to well-known AI endpoints. Look for consistent traffic to domains like openai.com, anthropic.com, gemini.google.com, or any unfamiliar AI service URL. Firewall logs and DNS query data are your starting point.
Review Browser Extensions
AI writing assistants, grammar tools, and summarization plugins are among the most common vectors for shadow AI. A lot of employees install them without thinking twice. An extension audit across managed devices can reveal what’s actually running.
Survey Your End Users
Sometimes the simplest approach works. Ask employees directly which AI tools they use for their job, and you’ll often find that people aren’t trying to hide anything. They simply assumed it was fine, and often times there’s not too much harm or risk in using it for their day to day tasks, the risk happens with sensitive information.
Check SaaS Application Reports
If your customers use a cloud access security broker (CASB) or similar tooling, pull the application usage reports. AI-powered tools often appear as uncategorized or low-risk SaaS apps that don’t trigger alerts.
Talk to Heads of Departments
Not just your IT team. Finance, legal, and operations teams are often the heaviest AI users. If the IT team hasn’t had that conversation yet, start there. You’ll learn more in 30 minutes than you will in a week of log analysis.
What to Do Once You Detect Shadow AI
Detection is step one and step two is governance, and that’s where the real value for lies.
Organizations that identify shadow AI early and build it into their IT strategy, rather than treating it as a problem to eliminate, are the ones that come out ahead, and the goal isn’t to ban AI use. It’s to make sure the AI tools employees rely on are vetted, approved, and used safely.
That means helping your teams:
- Define a clear AI acceptable use policy
- Identify which AI tools are approved for which types of data
- Create a simple process for employees to request new AI tools through proper channels
- Put monitoring in place so new tools don’t slip through unnoticed
Khaled summed it up well on our StorMagic PodMagic episode:
“It is critical that organizations start building on their AI governance and policy now because it’s better late than never.”
Ikram Khaled, Group Head of Vendor Alliances, QBS Technology Group
The Opportunity for Detecting Shadow AI
The honest commercial reality is most that most businesses haven’t started this conversation yet. We all know that AI is everywhere. We don’t simply or suspect that our employees are using tools they haven’t approved, we KNOW they are. But most IT decision makers and leadership roles don’t know where to start.
IT leaders or decision makers, or even partner organizations, who lead with AI governance conversations right now, before regulators force the issue, are the ones building deeper customer relationships and stickier service contracts.
The EU AI Act is already in motion. UK government policy is moving in the same direction, and this is mirrored across multiple territories globally. This isn’t a future problem, it’s a current one. Although problem might not be the right word for it, because AI is a form of innovation. It’s just that AI comes with lots of inherent risks, many that are still unknown to even the most future-thinking cybersecurity expert.
Want to learn more? Watch or listen to PodMagic “The Truth About Shadow AI & Tech Adoption With Ikram Khaled” here. Scott Mann sits down with Ikram Khaled, Group Head of Vendor Alliances at QBS Technology Group, for a candid and practical conversation about the massive shifts redefining the global IT landscape.
