Shadow AI Audit: How to Find Out What AI Tools Your Employees Are Using
A 5-step framework for auditing shadow AI in your organization. Network analysis, browser extension audits, employee surveys, OAuth reviews, and data flow mapping with practical instructions.
You suspect your employees are using AI tools you did not approve. You are right. 98% of organizations have some form of unsanctioned AI use, and 78% of employees use AI tools their employer never authorized.
The question is not whether it is happening. The question is how much data is leaving your organization through tools you cannot see.
A shadow AI audit answers that question. It gives you a clear picture of which AI tools your team is using, what data they are feeding into those tools, and where your biggest exposures are. From there, you can make informed decisions about what to allow, what to replace, and what to shut down.
I have run these audits for businesses across healthcare, legal, and financial services. Here is the framework I use.
Before you start: set the right tone
A shadow AI audit is not a witch hunt. If your employees think you are building a case to fire people, they will hide their AI usage and your audit will miss the worst exposures.
Frame it as a safety initiative, not a disciplinary one. The message to your team: “We know AI tools are useful. We want to make sure everyone has access to tools that are safe to use with our data. We need to understand what is happening now so we can set up something better.”
Mean it. If the first thing you do after the audit is punish the biggest ChatGPT user, the next time you try to get honest information from your team, you will get silence.
The 5-step shadow AI audit framework
Step 1: Network traffic analysis
Your network knows what your employees are not telling you. Every time someone opens ChatGPT, sends a prompt, or uploads a file to an AI tool, the connection shows up in your network logs.
What to check:
- Firewall logs and DNS queries for connections to known AI service domains
- Proxy server logs if your traffic routes through a web proxy
- Cloud access security broker (CASB) reports if you have one
Domains to look for:
| Domain | Service |
|---|---|
| chat.openai.com, api.openai.com | ChatGPT / OpenAI API |
| gemini.google.com | Google Gemini |
| claude.ai, api.anthropic.com | Anthropic Claude |
| copilot.microsoft.com | Microsoft Copilot (personal) |
| midjourney.com | Midjourney (image generation) |
| jasper.ai | Jasper (AI writing) |
| copy.ai | Copy.ai (AI writing) |
| writesonic.com | Writesonic (AI writing) |
| perplexity.ai | Perplexity (AI search) |
| gamma.app | Gamma (AI presentations) |
| notion.so/ai | Notion AI |
What the data tells you:
- Which AI services are being accessed (breadth of shadow AI)
- How often (volume of usage)
- Which network segments or departments (where the risk concentrates)
- What times of day (work hours vs. personal time)
Limitations: Network analysis catches browser-based usage on your corporate network. It will not catch employees using AI on personal phones, home networks during remote work, or cellular connections. That is why this is step one of five, not the whole audit.
If you do not have a firewall with logging: Most small businesses do not have enterprise-grade network monitoring. If that is your situation, skip to step 3 (employee survey) and step 4 (OAuth review) first. You can get a surprisingly clear picture without network-level visibility.
Step 2: Browser extension audit
This is the one most people miss. AI browser extensions are everywhere and most of them are invisible to basic network monitoring.
Extensions like AI summarizers, writing assistants, grammar tools with AI features, email composers, and meeting note-takers can:
- Read every web page the employee visits
- Access form data on every site
- Read email content in webmail clients
- See internal documents viewed in the browser
- Send all of this to external servers for AI processing
An employee might not think of their grammar-checking extension as “using AI.” But if that extension runs every email through a cloud-based AI model, it is processing client communications on servers you do not control.
How to audit:
- On company-managed devices, pull extension lists remotely through your device management platform (Intune, Jamf, Google Workspace admin)
- For Chrome: check
chrome://extensionson each device - For Edge: check
edge://extensions - For Firefox: check
about:addons
What to flag:
- Any extension with AI, GPT, or assistant in the name
- Grammar tools (Grammarly, LanguageTool, etc.) as they increasingly include AI features
- Any extension requesting “read and change all your data on all websites” permission
- Meeting note-taking extensions (Otter.ai, Fireflies, etc.)
What to do with findings: Build a list of every AI-powered extension installed across company devices. For each one, determine: does it send data to external servers? What data does it access? Is there a business need for it? Can the approved AI tool replace its function?
Step 3: Anonymous employee survey
This is often the most useful step. Technical scans tell you what tools are in use. Surveys tell you why, and that context shapes your response.
Sample survey questions:
- Which AI tools do you currently use for work tasks? (list options + “other”)
- How often do you use AI tools for work? (daily, weekly, occasionally, never)
- What tasks do you use AI for? (email drafting, research, document summarization, data analysis, etc.)
- What types of company or client information have you entered into AI tools? (names, financials, health data, contracts, none)
- Do you use personal AI accounts or company-provided accounts for work tasks?
- If the company provided an approved AI tool that worked with your existing systems, would you switch from your current tools?
- What features would an approved AI tool need to be useful for your work?
Keys to getting honest answers:
- Make it truly anonymous (use a tool like Google Forms or SurveyMonkey, not email)
- State explicitly that responses will not be used for discipline
- Keep it under 10 questions (response rates drop with length)
- Share aggregate results with the team afterward (builds trust for future audits)
The answers to questions 4 and 5 are the ones that matter most for risk assessment. If employees are entering client data into personal AI accounts, that is your highest-priority finding.
Step 4: SSO and OAuth log review
When employees sign up for AI services using their work email, or use “Sign in with Google” or “Sign in with Microsoft” to access AI tools, those connections leave traces in your identity provider.
Where to check:
- Google Workspace Admin Console: Security > Third-party apps
- Microsoft Entra (Azure AD): Enterprise Applications > All applications
- Okta/OneLogin admin panel: Applications connected via SSO
What you are looking for:
- OAuth grants to AI service providers (OpenAI, Anthropic, Google AI, etc.)
- Employee accounts created on AI platforms using work email addresses
- API permissions granted to AI applications (some request broad access to email, calendar, or file storage)
This step also reveals employees who have given AI tools access to their work email or file storage through OAuth permissions. An employee who authorized an AI meeting assistant to access their Google Calendar and email just gave a third-party AI service access to every meeting invitation and email thread.
Step 5: Data flow mapping
Steps 1 through 4 tell you what tools are in use. Step 5 tells you what data is at risk.
For each AI tool you discovered, map:
| Question | Why it matters |
|---|---|
| Which departments use it? | Identifies where the risk concentrates |
| What types of data go in? | Determines the severity of exposure |
| Is any of that data regulated? (HIPAA, FINRA, CCPA) | Identifies compliance violations |
| Is any of that data under NDA or privilege? | Identifies contractual violations |
| Where does the AI provider store the data? | Jurisdiction and sovereignty questions |
| Is the data used for model training? | Determines whether exposure is temporary or permanent |
| Is there a data processing agreement? | Determines your legal standing if something goes wrong |
The output of this step is a risk matrix. Each tool gets rated by: how widely it is used, what data it processes, what regulatory exposure it creates, and how severe a breach would be. That matrix drives your remediation priorities.
What you will typically find
After running this audit across multiple businesses, the findings tend to follow a pattern:
ChatGPT (personal accounts) is everywhere. The single most common shadow AI tool. Used for everything from email drafting to data analysis. Usually on free or Plus tier with no business data protection.
AI browser extensions nobody remembers installing. Grammar checkers, summarizers, email assistants. Employees installed them months ago and forgot. The extensions are still reading everything.
Three to five AI tools per employee on average. Not one tool. Multiple. Productiv research puts the average at 3.2 different AI tools per week per employee.
At least one team is using AI with regulated data. In every audit I have run, at least one department was entering client PII, health data, or financial information into an unapproved AI tool. Usually the team doing the most client-facing work, because they have the most to gain from AI assistance.
Nobody thinks they are doing anything wrong. The employees using shadow AI are not reckless. They are productive people solving real problems. They just do not have the security context to understand the risk.
What to do with the results
The audit gives you data. Now you need action.
Immediate (this week):
- If regulated data is going into unapproved tools, stop that specific data flow now. This is not “add it to the project plan.” This is “fix it today.”
- Revoke OAuth permissions for AI services that have broad access to company systems
Short-term (next 30 days):
- Deploy an approved AI alternative that gives employees a tool they can actually use
- Write and distribute an AI acceptable use policy
- Hold a 30-minute training session
Ongoing:
- Re-run the audit quarterly
- Monitor approved tool adoption rates (you want to see shadow AI usage decline as approved tool usage increases)
- Update the policy as new tools emerge
The ISACA shadow AI audit framework recommends a similar cadence: initial assessment, immediate remediation of critical findings, managed rollout of approved tools, and periodic reassessment.
Do you need outside help?
For businesses with fewer than 10 employees and no regulatory requirements, you can probably run this audit yourself using the steps above. The technical pieces (network analysis, OAuth review) might need your IT person, but the survey and data flow mapping are straightforward.
For businesses in regulated industries (healthcare, legal, financial services) or with more than 10 employees, bringing in someone with security expertise is worth the investment. The audit itself is not the hard part. Interpreting the findings, prioritizing the risks, and designing the remediation is where security experience matters.
I include a shadow AI assessment as the first phase of every secure AI deployment. It usually changes the scope of what the client thought they needed, because the reality of their AI exposure is almost always worse than they assumed.
Frequently asked questions
How long does a shadow AI audit take?
For a business with 10 to 50 employees, expect one to two weeks. Network analysis and OAuth review can run in parallel (2-3 days). The employee survey needs 3-5 business days for responses. Data flow mapping takes 2-3 days. The full report with recommendations takes another 2-3 days.
Will my employees cooperate with a shadow AI audit?
If you frame it right, yes. Emphasize that the goal is providing better tools, not punishing current usage. Anonymous surveys get honest answers. The businesses where audits fail are the ones that treat it as an investigation rather than an improvement initiative.
What tools do I need to run a shadow AI audit?
Basic: anonymous survey tool (Google Forms, SurveyMonkey), access to your firewall/proxy logs, access to your identity provider admin console. Advanced: CASB (cloud access security broker), endpoint management platform, network traffic analyzer. Most small businesses can get useful results with just the basic tools.
How often should I repeat the audit?
Quarterly for the first year, then semi-annually once you have approved tools deployed and adoption is stable. AI tools change fast. New tools emerge monthly. Your employees will find new ones.
Can I automate shadow AI detection?
Partially. CASB tools can continuously monitor for new SaaS applications including AI tools. Endpoint management can flag new browser extensions. But the employee survey component and data flow mapping require human effort. Full automation of shadow AI detection is still emerging.
Jose Lugo is a CISSP-certified security engineer with 12 years of U.S. Army intelligence experience. He builds secure AI work environments for businesses at josecustom.ai. See his portfolio of 13 live client systems at portfolio.josecustom.ai.