Ctrlk
Sprinto DashboardAPI Reference

Discover and Govern Shadow AI

Learn how to discover, review, and govern Shadow AI usage in Sprinto using AI discovery, user visibility, risk monitoring, and violation tracking.

The Shadow AI section in Sprinto helps organisations discover AI tools and services being used across the organisation outside formal governance workflows.

Shadow AI may include:

  • Unapproved AI tools

  • AI-enabled SaaS applications

  • Public AI platforms

  • Unreviewed AI vendors

  • AI systems bypassing governance reviews

The Shadow AI workflow helps organisations:

  • Detect AI usage across the organisation

  • Review associated users

  • Monitor governance risks

  • Detect AI-related violations

  • Bring discovered AI systems into governance workflows

This helps organisations maintain visibility into unmanaged AI usage.

Navigate to Shadow AI

To access Shadow AI:

  1. Log in to the Sprinto dashboard.

  2. Navigate to Data Library.

  3. Select AI Systems.

  4. Open the Shadow AI tab.

The Shadow AI tab displays automatically discovered AI systems and associated governance information.

How Shadow AI Discovery Works

Sprinto can automatically discover AI systems being accessed across the organisation.

The discovery workflow helps identify:

  • AI vendors in use

  • Employees using AI systems

  • Risk exposure

  • Potential policy violations

  • AI tools outside approved governance workflows

Discovery information is surfaced directly in the Shadow AI inventory.

Shadow AI Inventory

The Shadow AI table provides visibility into discovered AI systems.

The inventory may include:

  • AI system name

  • Users

  • Discovery source

  • Discovery date

  • Risk level

  • Governance actions

This helps organisations review unmanaged AI usage centrally.

Discovery Sources

Sprinto can surface the source used to identify AI activity.

Examples may include:

  • Browser extensions

  • Monitoring integrations

  • Discovery workflows

This helps organisations understand how AI activity was detected.

Review Shadow AI Risk Levels

Sprinto automatically assigns risk classifications to discovered AI systems.

Depending on your configuration, risk levels may include:

  • Low

  • Medium

  • High

  • Critical

These classifications help organisations prioritise governance reviews.

Review Shadow AI Users

The Shadow AI workflow includes user visibility for discovered AI systems.

View Associated Users

To review users:

  1. Open a discovered AI system.

  2. Navigate to the Users section.

The Users section displays:

  • User names

  • User email addresses

  • Detection source

  • Last activity information

This helps organisations identify which users are accessing AI systems.

Review Shadow AI Violations

Sprinto can surface AI-related governance violations associated with discovered AI systems.

View Violations

To review violations:

  1. Open a discovered AI system.

  2. Navigate to the Violations section.

The Violations section displays:

  • Violation title

  • Associated user

  • Detection date

  • Severity level

This helps organisations investigate governance concerns related to Shadow AI usage.

Example AI Violations

Depending on your configuration, Sprinto may detect violations involving:

  • Personally identifiable information (PII)

  • Protected health information (PHI)

  • Legal or contractual information

  • Sensitive organisational data

These detections help organisations monitor AI-related data exposure risks.

Add Shadow AI to the AI Inventory

Discovered AI systems can be onboarded into the governed AI inventory.

Add a Shadow AI System

To add a discovered AI system:

  1. Select the required AI system.

  2. Click Add.

The AI system is moved into the governed AI inventory.

After onboarding, organisations can:

  • Assign owners

  • Assess risk

  • Perform due diligence

  • Configure governance workflows

  • Monitor compliance posture

Relationship Between Shadow AI and Governance

The Shadow AI workflow helps organisations reduce unmanaged AI adoption risks.

By onboarding discovered systems into governance workflows, organisations can:

  • Establish accountability

  • Perform risk reviews

  • Maintain governance records

  • Track compliance posture

  • Reduce unsanctioned AI usage

This helps improve overall AI governance maturity.

Governance Monitoring Workflows

Shadow AI workflows support ongoing governance monitoring.

Sprinto helps organisations:

  • Track discovered AI usage

  • Review risk exposure

  • Monitor violations

  • Identify governance gaps

  • Review user activity

This helps organisations maintain continuous oversight of AI usage across teams.

AI Governance Best Practices

When governing Shadow AI:

  • Review discovered AI systems regularly

  • Prioritise high-risk AI systems

  • Investigate sensitive data violations promptly

  • Bring unmanaged systems into governance workflows

  • Assign ownership for approved AI systems

  • Periodically reassess AI usage patterns

  • Monitor organisational AI adoption trends

Related Information

PreviousManage Findings and TasksNextMonitor AI System Violations

Last updated