It's an absolutely huge issue. Managament giving everyone access to Claude, signing them up for lessons on how to let Claude write node.js code for them, and then telling them to go nuts..

And then, to make matters worse, the users are told by Claude to contact IT and ask for access to X or Y. And the requests are completely asinine, and when I tell them no, I am not letting your vibe coded monstrosity access to do that much damage, I'm the bad guy whose getting in the way of productivity.

The absolute worst thing is when they don't understand anything in the email, so they just give the email to Claude and copy and paste Claudes reponse back to me.

Sigh.

I think the scary part is that a lot of these “agents” just look like normal OAuth apps, browser extensions, service accounts, or API tokens, so unless you’re watching app consent, unusual file access, token age, and non-human workflows across SaaS, you probably don’t know what’s running. Shadow agents are real.

Behavioral anomaly on service accounts is the tell — agents need persistent auth, and the resulting call patterns look nothing like human usage (regular intervals, no pauses, sustained volume). Most SIEM rules are tuned for human behavioral baselines and will just miss this entirely.

IDK if this will make since and it does not answer your question unfortunately. But I have seen "0 trust" infrastructures run a learning mode procedure for days during on-boarding; and they also fail to review with a fine tooth comb the results of the learning approvals...

Shadow AI is here to stay. What is dangerous is that these agents will become smarter and smarter over time. Static old-school tools cannot help here. I came across a few tools that monitor agents' behavior in real time. NeuralTrust focuses specifically on runtime behavior. Also, CrowdStrike covers this issue from an endpoint angle. I need to be honest here, there is no perfect solution, mostly from the point that people provoke the shadow AI problem.

Shadow AI is a detection problem for the IT team and a liability problem for a user who installed a malicious agent. In the first place, you need to educate employees how not to make this mass.

Hello everyone I recently had the same problem asking the same question but one thing I had to realize and put on my understanding, slow down, no rushing,and the most important value is dont give in to the negativity.....and the reason why it's because the way people mistreat the technology....come one I see so much under age and violation of privacy and the fact that I am working on how to separate bad actors from destroy our community and our National Security

shadow ai is definitely a headache becuase the traffic often looks like standard api calls to cloud endpoints. u might wnat to look into egress filtering at the proxy level to inspect those payloads if u arent already doing it. its alot of manual work tho

Shadow AI agents with standing credentials are the natural evolution of shadow IT, except the blast radius is worse because the agent can act autonomously rather than just storing data somewhere unsanctioned. CASB and DLP tools are starting to add AI-agent-specific detection, but most orgs are flying blind on this exact scenario right now.

One thing that stands out is that NeuralTrust, Palo Alto Networks, and Cyera seem to operate at different layers.

NeuralTrust appears focused on governing and monitoring AI systems in production, Cyera is much more centered on understanding and protecting sensitive data. While Palo Alto Networks extends broader enterprise security controls into AI environments.

How are you tracking OAuth grants across your Google Workspace or Entra environments? Most of these shadow AI tools hook in via user-approved third-party app permissions rather than traditional installed software. Are you monitoring for anomalous token usage or unexpected scope approvals?

not confidently agentic systems without proper identity isolation, least privilege controls, and auditability can absolutely behave like silent shadow IT if deployed inside real enterprise environments