Shadow AI and Third-Party Widget Inventory and Classification
Detect and classify AI capabilities embedded in third-party SaaS tools, browser extensions, and client-side scripts operating within the organization's environment, and apply appropriate data processor and vendor risk controls to these shadow AI vectors.
Objective
Ensure the organization has visibility into AI capabilities that enter the environment through software already in use, including AI features embedded in productivity tools, browser extensions with AI functionality, and client-side AI scripts embedded in SaaS products, and that these capabilities are governed with the same rigor as explicitly procured AI systems.
Maturity Levels
Initial
Shadow AI is not tracked. AI features embedded in existing SaaS tools (e.g., AI writing assistance in productivity suites, AI-powered search in communication tools) are not inventoried or governed.
Developing
The organization is aware that SaaS tools have added AI features but has not conducted a systematic inventory. Some employees use browser extensions with AI functionality without IT awareness.
Defined
A shadow AI inventory process runs on a defined cadence to detect: AI features newly enabled in existing SaaS tools, browser extensions with AI functionality in use across the organization, and client-side AI scripts embedded in SaaS products the organization uses. Detected capabilities are classified for governance purposes.
Managed
Shadow AI findings are reviewed by the AI governance function. Capabilities that process regulated data are assessed as data processors and existing vendor agreements are reviewed for adequate data processing terms. An allowlist/blocklist for browser extensions with AI functionality is published and enforced.
Optimizing
Shadow AI detection is integrated into the IT asset management and vendor management lifecycle. When a new SaaS tool is evaluated, its AI feature roadmap is assessed as part of procurement. GDPR/CCPA data processor classification is conducted proactively when AI features are announced, not after they are deployed.
Evidence Requirements
What an auditor or assessor would expect to see for this control.
- —Shadow AI inventory conducted on at least an annual basis, covering SaaS AI features, browser extensions, and client-side scripts, with classification of each identified capability.
- —Evidence of data processor assessment for identified shadow AI capabilities that process regulated or personal data.
- —Allowlist/blocklist for browser extensions with AI functionality, with enforcement evidence.
- —Vendor agreement review records for SaaS tools where AI features were added post-procurement.
Implementation Notes
The shadow AI surface
Shadow AI enters the enterprise through channels that are not governed by the AI procurement process because they were not AI at the time of procurement. The three main vectors:
AI features in existing SaaS tools: Nearly every major productivity suite, CRM, ERP, and communication platform has added AI capabilities in the past 24 months. Microsoft 365 Copilot, Salesforce Einstein, Google Workspace AI, Slack AI, Notion AI, and dozens of others now embed generative AI that processes the data users share with those tools. The organization may have existing vendor agreements with these providers that predate their AI features and may not include adequate data processing terms for AI-specific data use.
Browser extensions with AI functionality: AI writing assistants, grammar checkers, summarizers, and reading tools distributed as browser extensions can access page content, email, and form inputs as users navigate internal and external web applications. These extensions often process data through the extension developer's servers without the organization's awareness. Unlike SaaS tools, browser extensions are typically installed by individual employees and not subject to IT procurement controls.
Client-side AI scripts: SaaS vendors increasingly embed client-side AI scripts (for chatbots, recommendation engines, and content generation) that run in the user's browser and can access page context, user behavior, and in some cases form data. These scripts run inside the vendor's web application, so they are not visible to the organization's network monitoring.
Inventory methodology
SaaS AI feature scan:
- Review release notes and feature announcements from all vendors in the software inventory for AI capability additions.
- For vendors in the enterprise productivity, communication, and CRM categories, assume AI features have been added unless confirmed otherwise.
- Request vendor AI feature disclosure as part of the annual vendor review.
Browser extension audit:
- Use endpoint management tools (e.g., Jamf, Intune) to inventory extensions installed across managed devices.
- Flag extensions with permissions that include access to all site data, form data, or clipboard.
- Review extension privacy policies for those flagged to identify AI functionality and data transmission.
Client-side script inventory:
- Use content security policy (CSP) monitoring or a web application firewall to log third-party scripts loading on internal web applications.
- Review logs for scripts from AI-associated domains (e.g., OpenAI, Anthropic, Cohere CDNs).
Data processor classification under GDPR and CCPA
When an AI feature in a third-party tool processes personal data, the tool's AI subsystem is functioning as a data processor. This requires:
- A Data Processing Agreement (DPA) with the vendor that covers AI data processing.
- Confirmation that the vendor's AI model training does not use customer data (or explicit consent if it does).
- Records of processing activities updated to reflect AI-specific processing.
- Confirmation that data residency and transfer requirements are met for AI processing.
Example Implementation
Shadow AI Inventory (excerpt)
Inventory date: 2026-05-01 | Method: SaaS feature scan + endpoint extension audit + CSP log review
SaaS AI Features Detected:
| Tool | AI feature | Date feature added | Processes PII? | DPA covers AI? | Action |
|---|---|---|---|---|---|
| Microsoft 365 | Copilot (writing, summarization, meeting notes) | 2024-Q4 | Yes — email, document content | Partially — MS Online Services DPA updated 2024; AI addendum required | Request AI addendum; confirm no training on customer data |
| Salesforce | Einstein Copilot (CRM AI assistant) | 2025-Q2 | Yes — customer records | Yes — Data Processing Addendum updated for Einstein | No action — DPA reviewed and adequate |
| Slack | Slack AI (message summarization, search) | 2025-Q1 | Yes — message content | Under review | Escalate to legal for DPA review; interim guidance: employees instructed not to summarize regulated data |
| Notion | Notion AI (writing assistant) | 2024-Q2 | Low — primarily used for internal documentation | Not assessed | Add to next annual vendor review cycle |
Browser Extensions Flagged:
| Extension | Publisher | AI functionality | Data access | Users affected | Action |
|---|---|---|---|---|---|
| Grammarly | Grammarly Inc | AI writing suggestions | All page text, form data | 340 users | Review Grammarly DPA; confirm no training on enterprise data; add to allowlist with advisory |
| ChatGPT sidebar | OpenAI | LLM access in browser | Page content (user-initiated) | 87 users | Blocklist — data leaves to OpenAI without organizational DPA; redirect to approved internal LLM tool |
| Scribe (workflow capture) | Scribe AI | AI step documentation | Screen content during capture | 22 users | Allowlist — limited scope; user-controlled activation; DPA adequate |