Notifications

Clear all

Shadow AI governance: what IAM teams need to fix now

Last Post

RSS

NHI Mgmt Group

(@nhi-mgmt-group)

Member Moderator

Joined: 1 year ago

Posts: 4368

Topic starter 10/06/2026 11:45 pm

TL;DR: Shadow AI is now a workforce-scale identity problem, with 81% of the global workforce using an unapproved AI tool for work tasks, according to JumpCloud. The security issue is not just unsanctioned usage but data being ingested into model training, which makes traditional block-and-delete controls insufficient.

NHIMG editorial — based on content published by JumpCloud: Shadow AI governance and the Discover, Govern, Enable framework

By the numbers:

81% of the global workforce has used an unapproved AI tool to complete a work task.

Questions worth separating out

Q: How should security teams handle shadow AI without blocking all AI use?

A: Security teams should govern shadow AI as an access and data problem, not just a policy violation.

Q: Why does shadow AI create more risk than classic shadow IT?

A: Shadow AI creates more risk because the data may not simply sit in an unauthorised app.

Q: How do you know if AI tool governance is actually working?

A: Governance is working when you can see which AI tools, browser extensions, and OAuth consents have access to corporate data, and when those permissions are limited to a business need.

Practitioner guidance

Inventory AI-connected access paths Map browser extensions, OAuth consents, and federated app connections that can reach corporate data.
Classify AI tools by data ingestion risk Separate approved tools that process only low-risk content from public or consumer AI services that may retain prompts, files, or transcripts.
Add AI-related grants to access reviews Include AI services, browser extensions, and third-party app permissions in recurring access reviews.

What's in the full article

JumpCloud's full article covers the operational detail this post intentionally leaves for the source:

Browser extension audit guidance for finding hidden AI tools across the fleet
Practical steps for scanning OAuth tokens and third-party app access in Google and Microsoft environments
A structured Discover, Govern, Enable framework for policy and rollout
Examples of vetted enterprise AI alternatives to reduce shadow tool usage

👉 Read JumpCloud's analysis of shadow AI governance and AI tool discovery →

Shadow AI governance: what IAM teams need to fix now?

Explore further

View Full Forum → | NHI Foundation Course →

Quote

Topic Tags

Forum Statistics

9 Forums

5,601 Topics

8,418 Posts

14 Online

135 Members

Latest Post: KYB in 2026: what compliance teams need to change now Our newest member: Alex Recent Posts Unread Posts Tags

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed

#1 Authority in NHI Education, Research and Advisory, empowering organizations to tackle the critical risks posed by Non-Human Identities (NHIs), including AI Agents.

Get in Touch

Quick Links

FAQ

NHI 101 Articles

Legal & Policies