Shadow AI

AI tools or systems in use inside an organization that have not been logged, approved, or governed. They break AI inventories and create hidden regulatory risk.

Shadow AI is the use of artificial intelligence tools within an organization that have not been inventoried, approved, or brought under the AI governance program. They often appear as browser extensions, generative AI productivity tools, embedded features in SaaS platforms, or business-unit workarounds that bypass procurement.

Shadow AI is an Exhibit A problem first. The NAIC AI Systems Evaluation Tool starts by asking insurers to list every AI system in use. A tool no one logged cannot be counted, documented, or tested. If the inventory is wrong, downstream risk tiering, testing, and monitoring all describe systems that do not match reality.

The fix is usually a short, directed campaign: map known systems, survey business units directly, cross-check SaaS and spend data, and disclose the gaps instead of presenting an implausibly clean list. See our guide to shadow AI in insurance.