AI Discovery Part 1: Shadow AI & AI Sprawl Explained

Hi, I’m Rahul Parwani and I’m Head of Product for Governance and Security at Airia.

So, most CIOs and CISOs that I talked to are primarily concerned about the amount of proliferation of AI within their ecosystems that they have no visibility.

AI sprawl is really a fancy term for the issue of most vendors out there incorporating some form of generative AI within their applications or the fact that there are so many productivity applications that employees and users are bringing into the workplace that may not have been sanctioned by IT. So security practitioners and CIOs are having heartburn over the requirement to be able to start getting visibility into those and apply some level of security and governance around that.

Shadow AI is essentially when unauthorized tools with embedded AI or generative AI capabilities are brought into an organization. This could manifest itself very simply as someone bringing a personal subscription of ChatGPT to and connecting it to a organization’s OneDrive, or perhaps even bringing a third party application that may be training on data that it ingests and connecting it to a corporate application.

This becomes a key factor in driving requirements for organizations to be able to do discovery around shadow AI usage or AI usage across their infrastructure. And that’s where we look at it from a lens of being able to do discovery of AI using a multi prong strategy.