As SaaS providers race to integrate AI into their product offerings to stay competitive and relevant, a new challenge has emerged in the world of AI: shadow AI.
Shadow AI refers to the unauthorized use of AI tools and copilots at organizations. For example, a developer using ChatGPT to assist with writing code, a salesperson downloading an AI-powered meeting transcription tool, or a customer support person using Agentic AI to automate tasks – without going through the proper channels. When these tools are used without IT or the Security team’s knowledge, they often lack sufficient security controls, putting company data at risk.
Because shadow AI tools often embed themselves in approved business applications via AI assistants, copilots, and agents they are even more tricky to discover than traditional shadow IT. While traditional shadow apps can be identified through network monitoring methodologies that scan for unauthorized connections based on IP addresses and domain names, these AI assistants can fly under the radar because they share an IP address or domain with approved applications.
Additionally, some employees utilize standalone AI tools tied to personal accounts, like personal ChatGPT instances, to assist with work-related tasks. While these AI apps aren’t connected to corporate infrastructure, there’s still the risk that employees will input sensitive data into them, increasing the chance of data leaks.
Like any shadow apps, shadow AI apps expand the attack surface through unmonitored integrations and APIs. They’re often set up with weak configurations like excessive permissions, duplicative passwords, and no multi-factor identification (MFA), increasing the risk of exploitation and lateral movement within the network.
However, shadow AI tools are even more dangerous than traditional shadow apps because of their ability to ingest and share information. One study found that as many as 15% of employees post company data in AI tools. Since GenAI models learn from every interaction, there’s a risk they will expose sensitive information to unauthorized users or spread misinformation.
Reco, a SaaS security solution, uses AI-based graph technology to discover and catalog shadow shadow AI. Here’s how Reco works:
After Reco produces the list of shadow AI tools and apps, Reco can answer questions like:
Reco inventories all applications running in your environment that are associated with your business email. It creates a list of who is using what, how they’re authenticating, and produces activity logs in order to understand their behavior. That way, it can alert to suspicious activity, like excessive downloads, external file sharing, or permission changes. It also provides a Vendor Risk Score so security teams can prioritize riskier apps.
SaaS applications don’t operate as islands. You need to understand how they’re interacting with other applications to effectively manage risk. Reco shows you all the app-to-app integrations discovered within your environment. For example, you can see if an AI tool has been connected to a business-critical application like Gmail or Snowflake, and what permissions each AI application has.
One of the main challenges in SaaS security is the lack of centralization – identity management is spread out across multiple apps. Reco consolidates identities across all SaaS applications so you can manage them from a single console. You can dig into what permissions each identity has, how they’re authenticating, and whether or not they have Admin privileges. Who does not have MFA enabled? Who has excessive permissions? You can create roles and enforce policies that span multiple apps.
Reco’s AI-based knowledge graph technology maps all discovered SaaS applications–including sanctioned and shadow applications–associated identities from both humans and machines, their permission levels, and actions. The knowledge graph then looks for changes in these vectors over time. If the graph indicates a dramatic change, then Reco alerts on an anomaly. For example, if there is a decrease in user engagement, Reco can predict the employee is planning on leaving the organization.
Find out which AI applications are accessing sensitive data and who is using them. Then, implement governance and access management policies via the Reco platform.
Since Reco operates in an agentless, read-only capacity, there are certain limitations to its shadow AI security capabilities. Here’s what Reco can’t do:
Ultimately, Reco is a visibility and detection tool. It can’t take action itself, but it can empower Security teams with the knowledge needed to take appropriate action at the right time to reduce risks.
After Reco discovers all your shadow applications and AI tools, takes inventory, and ranks them, Reco provides continuous security for the full SaaS lifecycle. Reco delivers:
To learn more about Reco, you can watch the pre-recorded demo here. Or visit reco.ai to schedule a live demo.
