AEGIS · Diagnostic
Artifact D.2
Shadow AI Scan Methodology
Eight-vector scanning protocol to produce a defensible inventory of sanctioned, discretionary, and unsanctioned AI usage across the enterprise in five business days.
- Client
- [CLIENT NAME]
- Engagement
- [ENGAGEMENT ID]
- Version
- v1.0
- Issued
- 2026-05-18
Delivered by TechFides under the AEGIS Governance Operating Services engagement. This document is proprietary to the client named above. Redistribution beyond the engagement steering committee requires written consent.
Purpose and Scope
Intent — Set expectations. Shadow AI is not a tools list — it is the gap between what leadership believes is in use and what is actually running.
The Shadow AI Scan produces three overlapping views of AI activity inside the client environment: what the company pays for, what employees are using (paid by anyone), and what is being done with company data across either channel. The scan runs in parallel with Stakeholder Interviews and feeds the AI Inventory Dashboard, the Value & Spend Tracker, and the risk posture sections of the Gap Assessment.
In scope
- Enterprise-licensed AI platforms and features.
- Department- and individual-paid AI subscriptions (including personal accounts reimbursed via expense).
- Free-tier AI tools used on corporate devices or networks.
- AI capabilities embedded in non-AI-primary SaaS (e.g., CRM copilots, design-tool AI, code assistants).
- Browser-resident AI (extensions, bookmarklets, pasted prompts to personal accounts).
Out of scope
- AI activity on personally-owned devices on personal networks (covered in policy, not in scan).
- Deep technical penetration testing (belongs to a security engagement, not a governance Diagnostic).
- Employee performance evaluation — the scan is a systems audit, not an employee audit.
Ethical and Legal Posture
Intent — The scan is not surveillance. Brief the client, brief employees, and stay inside the boundary.
- The scan operates on systems data the employer already has lawful access to — identity logs, network telemetry, expense records, endpoint inventory. No new monitoring is installed.
- The voluntary survey must be anonymous and voluntary. If it cannot be, omit it; do not make it mandatory and call it voluntary.
- Findings are reported at the aggregate level. Individual identification is used only for remediation (e.g., rotating an exposed credential) and only with HR/legal involvement.
- Works-council, union, and jurisdictional obligations (EU employee monitoring, California CCPA, etc.) are confirmed with client legal before the scan starts, not after.
Scan Vectors
Intent — Eight overlapping vectors. Each is imperfect alone; together they triangulate the shadow surface.
| Vector | Method | Output | Consultant Effort |
|---|---|---|---|
| Identity provider audit | Enumerate OAuth and SSO grants for AI vendors across Okta, Microsoft Entra, Google Workspace. Export by user. | Sanctioned-AI grant map | 2h |
| Corporate card and expense review | Query expense system for last 12 months of charges matching AI vendor merchant list. Filter by department and amount. | Discretionary AI spend log | 3h |
| DNS and egress telemetry | Pull 30–90 days of DNS resolution and egress firewall logs for known AI vendor domains. Aggregate by user and volume. | Unsanctioned AI traffic report | 4h |
| Browser extension survey | Endpoint management query for installed AI-related extensions (Copilot, Monica, Harpa, Claude for Chrome, etc.). | Extension inventory by workstation | 2h |
| SaaS discovery platform | If client runs Zylo / Torii / Productiv / similar, export AI category view. If not, reconstruct via finance feed. | Licensed SaaS AI list | 1h |
| Voluntary self-report survey | Ten-minute anonymous survey across knowledge-worker population: which AI tools do you use for work, how often, on what data class. | Ground-truth usage signal | 1h design + 3 days field |
| Stakeholder interview triangulation | Cross-reference tools mentioned in Diagnostic interviews (Artifact D.1) against grants, spend, and DNS. Flag every mismatch. | Shadow AI discrepancy register | 2h |
| Document metadata inspection | Sample 50 recent documents from shared drives. Inspect metadata for AI-generation signatures (tool, timestamp, model). | Document provenance sample | 2h |
Day-by-Day Execution
Intent — The scan runs across the first five business days of the Diagnostic. Slippage here delays every downstream artifact.
- Day 1
Access and consent
Obtain read access to IDP, expense system, endpoint management, and egress telemetry. Confirm HR/legal sign-off on the scan scope. Brief the employee population (engagement sponsor drafts, consultant reviews).
- Day 2
Sanctioned + discretionary pass
Run IDP grant extraction, expense query, SaaS discovery platform export. Produce the preliminary AI Inventory — every paid tool, every grant.
- Day 3
Telemetry and endpoint
Pull DNS and egress logs. Query endpoint management for AI-related extensions and local apps. Inspect document metadata sample.
- Day 4
Survey in field + triangulation
Launch anonymous self-report survey (24-hour window). Begin triangulating stakeholder interview claims against telemetry. Build the discrepancy register.
- Day 5
Synthesis and report
Close survey. Merge all vectors. Produce Shadow AI Scan Report with sanctioned inventory, discretionary inventory, unsanctioned usage findings, and prioritized risk flags.
Classification of Findings
Intent — Every finding is classified by both exposure type and data sensitivity. This drives prioritization in the 90-Day Roadmap.
| Class | Definition | Default Priority |
|---|---|---|
| P0 — Regulated data exposure | Unsanctioned AI processing PHI, PII, PCI, privileged material, or source code classified as confidential. | Remediate within 5 business days. |
| P1 — Contractual exposure | AI tool processing client-confidential material outside the permissions of a client data processing agreement. | Remediate within 15 business days. |
| P2 — Policy gap | Tool in use without an applicable policy, but no active data exposure today. | Close within 30 business days (policy issuance). |
| P3 — Consolidation opportunity | Duplicate or overlapping sanctioned tools; candidate for consolidation and spend reduction. | Address in Core Implementation phase. |
Output: Shadow AI Scan Report Structure
Intent — The scan feeds a standardized report. Structure does not vary by client — only content does.
- Executive summary (1 page). Headline count of tools discovered, P0/P1/P2/P3 distribution, total AI spend, top three findings.
- Sanctioned inventory. Every tool the organization pays for, with owner, data class, current controls.
- Discretionary inventory. Department and individual paid tools, with reimbursement trail and approval posture.
- Unsanctioned usage findings. Telemetry-sourced observations: which AI services are reached, by how many users, at what volume. No individual attribution in the report body.
- Discrepancy register. Mismatches between stakeholder claims and observed activity.
- Prioritized risk flags (P0–P3). With recommended remediation path and owner.
- Appendix A — Methodology and consent trail.
- Appendix B — Individual findings (restricted). Shared only with engagement sponsor + HR/legal; not distributed in the main report.
Common Failure Modes
Intent — Anticipate these. Each has defeated an otherwise-solid scan.
- IT refuses telemetry access mid-scan. Mitigation: obtain explicit written access scope on Day 1, signed by CIO or CISO. Do not start the scan on verbal assent.
- Survey return rate below 25%. Mitigation: have the CEO send the survey, not the consultant. Target 48-hour window with one reminder. Below 25% = report as directional, not representative.
- Egress logs retained under 30 days. Mitigation: start the telemetry pull on Day 1 of the overall engagement, even before formal scan kickoff, to capture maximum window.
- Stakeholder attempts to suppress a P0 finding. Mitigation: P0 findings route to the engagement sponsor and client legal simultaneously. Suppression is not a consultant decision.
Engagement Record
Intent — Keep the scan auditable.
| Field | Value |
|---|---|
| Scan window | [Start date] to [End date] |
| Access scope signed by | [CIO / CISO name, signature date] |
| HR/legal briefed | [Names, date] |
| Employee notice issued | [Date, channel, copy reference] |
| Vectors executed | [List of vectors, note omissions and rationale] |
| Report issued to | [Recipient list, date] |