Find shadow AI before your regulator does.
Most enterprises have five hundred AI systems and a spreadsheet for forty of them. ShadowIQ lights up the other four hundred and sixty — continuously, quietly, and across every layer.
Five discovery signals, one AI Bill of Materials.
Three moves, fully automated.
No long onboarding, no hand-rolled detection rules. ShadowIQ ships with defaults tuned to the regulatory floor — customize only where your risk appetite demands.
Connect without an agent.
Read-only hooks into identity, cloud, SaaS OAuth, egress logs, and code repositories. Most environments surface first signal in under an hour.
Correlate into an AI BOM.
Every model, agent, MCP server, and third-party assistant is deduped, owned, and lineage-linked. A generated asset inherits the risk of its generator.
Keep it current.
Daily scans detect drift — new vendor, new prompt template, new fine-tune. Your AI BOM is a live ledger, not an annual exercise.
Every control a regulator or auditor will ask about.
Egress traffic inspection
Fingerprint LLM endpoints (OpenAI, Anthropic, Bedrock, Vertex, self-hosted) from DNS/TLS/flow logs. No TLS break-and-inspect required.
Third-party AI assistants
Detect ChatGPT, Claude, Copilot, Gemini, and 200+ productivity assistants connected to corporate tenants via OAuth grants.
Device-side AI inventory
Light agent (or CrowdStrike/EDR telemetry) identifies browser sessions, local LLMs, IDE copilots, and desktop agents.
Model references in repos
Scan GitHub/GitLab/Bitbucket for model SDK calls, system prompts, and hardcoded API keys — flagged in PR review.
Okta, Azure AD, Google
App catalog import, SCIM-driven ownership, and SSO metadata attribution. Every AI asset gets a human accountable name.
Custom signals
Push any MDM, CASB, or SIEM feed through the Discovery API. CloudEvents 1.0 envelope; bring your own source.
Model & agent registry
Version, lineage, DPIAs, model cards, and associated datasets — one schema, OSCAL-compatible.
Accountable by default
Every asset gets a primary owner (engineer) and a business owner (risk/compliance). Assignments roll up to teams automatically.
Risk enrichment
Joins asset metadata with data classifications from Snowflake, Databricks, and BigQuery to score blast radius.
Answered by the architecture, not the sales deck.
No. Discovery works on traffic metadata, OAuth scopes, endpoint telemetry, and code — never on decrypted payloads. Deep inspection is optional and opt-in.
Typical environments surface initial signal within the first hour after connecting identity and an egress feed. A complete AI BOM usually takes 5–10 days as third-party assistants are classified.
Code scanning and egress flow analysis find unannounced model deployments — the ones your data science interns spun up on a GPU and forgot. We flag these for ownership assignment before they show up in an incident.
It complements it. CASBs classify SaaS; ShadowIQ classifies the AI behavior inside them. We integrate cleanly with Netskope, Zscaler, and Palo Alto in bidirectional mode.