To discover shadow AI in your organisation, deploy discovery at the endpoint: a browser extension and a native desktop agent record which AI tools employees actually use, and every tool is matched against a catalogue of 5,600+ AI tools with risk scores. Aona turns that into a complete, audit-ready AI inventory within 48 hours, no network appliance required. One customer's 12-month baseline surfaced 7+ unapproved AI platforms, 446 shadow AI prompts, and 8,904 visits to unapproved AI sites.
Shadow AI discovery is the process of building a complete inventory of every AI tool in use across an organisation, approved or not, including AI features embedded in SaaS apps. The output is a catalogue of tools, users, and usage, with a risk score for each tool, that becomes the baseline for AI policy, governance, and audit.
Aona discovers AI usage where it actually happens: on the endpoint. A browser extension for Chrome, Edge, and Firefox and a native desktop agent for Windows and macOS capture AI activity as it occurs, so the inventory covers employees on and off the corporate network. AI agent inspection, currently in limited rollout, extends the same visibility to autonomous AI agents. Aona is SOC 2 Type II certified.
Want your own baseline? Start your free trial and see your complete AI tool inventory within 48 hours.
Four steps from a standing start to a complete, risk-scored AI inventory. No network proxy, no VPN, no traffic re-architecture.
Roll out the browser extension for Chrome, Edge, and Firefox through MDM or group policy in minutes, and install the native desktop agent on Windows and macOS through the same channels. No network proxy and no VPN to stand up.
From the moment coverage is live, Aona records real AI usage: which tools employees open, how often they return, and how many prompts flow into each one. Because capture happens on the device, usage is visible whether employees are in the office or remote.
Every discovery is matched against Aona's continuously updated catalogue of 5,600+ AI tools, each with a risk score and compliance and data-handling signals. That includes standalone tools like ChatGPT and AI features embedded in approved SaaS apps.
Within 48 hours you have a complete AI tool inventory: every tool, who uses it, and how much. Export it as a discovery report you can hand to the board or an auditor, and use it as the baseline your AI policy is written against.
Discovery is not a log file. It is a decision-ready inventory your security, IT, and governance teams can act on.
Every AI tool in use across your workforce, approved or not, including AI features embedded in SaaS apps, with the users and usage volume behind each one.
Each discovered tool carries a risk score plus compliance and data-handling signals from Aona's catalogue of 5,600+ AI tools, so you can rank what to approve, contain, or review first.
An audit-ready summary of your AI baseline: the platforms discovered, usage trends, and top risks, in a format you can take straight to the board, an auditor, or a regulator.
Shadow AI discovery is the audit: it builds the complete inventory of what is already in use and gives you a risk-ranked baseline. Shadow AI detection is the ongoing control: it flags risky AI usage in real time and applies guardrails as employees work. Start with discovery to know what you are governing, then use shadow AI detection to act on it continuously.
Published results from an Australian healthcare college that had approved Microsoft Copilot and assumed that was the whole picture.
unapproved AI platforms in use, none previously recorded
shadow AI prompts captured across the 12-month baseline
visits to unapproved AI sites surfaced by discovery
That discovery baseline became the foundation for real-time guardrails that cut shadow AI prompts by 92.9% in three months, while approved AI adoption kept growing. Read the case study
Start a free trial and get a complete, audit-ready inventory of every AI tool your employees use. Prefer a walkthrough first? Book a demo.