Somewhere in your organization right now, someone is pasting customer data into an AI tool you’ve never approved.
Not long ago, the challenge was employees spinning up cloud services, personal Dropbox accounts, and unauthorized SaaS tools without telling IT. That was a headache. What’s happening now is a different problem at a different scale.
Today, an employee can open a browser tab, paste in sensitive customer data, and have a conversation with an AI model the company has never heard of—in about 30 seconds, with no installation, no approval process, and no visibility into what just happened.
And the instinct a lot of organizations had early on—just block the tools—isn’t a real answer to that.
I had an opportunity to chat with Mark St. John and Cody Pierce, co-founders of browser security company Neon Cyber, about how organizations are—or aren’t—dealing with the explosion of AI tools in the workplace. Mark put it plainly: “Not that users are nefarious, but they’re going to find a way to use the tools that they want. And so having a way to find them is critical.”
Most employees using unauthorized AI tools aren’t trying to cause a breach. They’re trying to do their jobs faster. They found a tool that helps, and they’re using it. The problem is that IT and security teams often have no idea it’s happening.
The Whack-a-Mole Problem
Early on, a lot of organizations responded to ChatGPT by simply blocking it. That made sense as a first instinct. But it was never a real strategy.
For every tool a security team blocks, there are ten others they haven’t heard of yet. The AI tool landscape expands weekly. New models, new interfaces, new browser extensions, new workflows—all showing up faster than any policy team can track.
What makes this harder is who’s actually driving the adoption. Most average employees are content to stick to the sanctioned tools provided. But the curious, technically savvy employees—the ones actively exploring new capabilities—know just enough to find these tools but may not fully understand the data exposure risks they’re creating.
Cody addressed this directly: “You really want something that adapts quickly. You have to have something that kind of understands that, and then will give options to allow it or disallow.” The idea isn’t to stop employees from experimenting—it’s to maintain some visibility and control while that experimentation happens.
The Inventory Problem Underneath It All
Part of what makes shadow AI hard to get ahead of is that it shows up where organizations already have a gap: most don’t have a reliable inventory of what tools their employees are actually using.
Mark framed it clearly: “I have a background in incident response, and inventory is crucial for defense. It’s crucial for you to be able to match your policies to your assets—there’s no point in having great policies written up if you don’t know the assets.”
Without that inventory, you can’t write meaningful policy around AI tools. You can’t assess the risk. You can’t have a conversation with a vendor about data handling. You’re flying blind.
The browser is where most of this is happening—not in apps installed on managed devices, but in browser tabs. And the browser has historically been one of the least-managed surfaces in enterprise security. That’s starting to change, but for most organizations, the gap between what policies say and what’s actually happening in browser sessions is significant.
How Some Companies Are Tackling It
A number of vendors are starting to address shadow AI from the browser layer—which is where the behavior actually lives.
Neon Cyber, for example, has built an application catalog covering more than 800 SaaS and AI applications. As users browse, the platform auto-discovers what tools are in use—including AI apps—and surfaces them for review and policy enforcement. The intent isn’t surveillance; it’s giving security teams a starting point for visibility before they even begin writing governance policy.
Cody put it simply: “Within minutes, you can see that it’s approved or not approved, and then you can develop a policy.” You have to know what people are doing before you can make any intelligent decisions about what to allow, what to restrict, and what to monitor.
The broader principle—and this applies regardless of what tools an organization uses—is that discovery has to come before enforcement. Jumping straight to blocking without understanding usage patterns just pushes behavior underground.
Visibility Isn’t Enough on Its Own
The cybersecurity industry spent years telling organizations they needed “comprehensive visibility.” That became a kind of mantra. But visibility without context just creates alert fatigue.
Cody made this point directly: “Data by itself is not useful. It’s the actions you take from data based off the context and the risk of your business that are necessary to understand in security.”
Raw data volume was never really the problem. You want to know what AI tools employees are using, sure—but more useful is the context around it. Who’s using what, with what credentials, for what workflows, and what data is actually involved. Without that, a security team is just reacting to logs.
Where to Start
If you’re a CISO who hasn’t started thinking about this yet, Mark’s framing is as good a starting point as any: get an inventory first. Not a perfect one—just start somewhere. Know what AI tools are actually in use before you try to write policy around them. From there, authentication hygiene matters—are people accessing these tools with corporate credentials or personal ones? That shapes both the risk picture and any governance conversation you want to have with vendors.
The culture piece matters too, maybe more than the technical controls. Blanket blocking doesn’t make AI tools disappear—it just makes employees less likely to tell anyone what they’re using. A security team that employees feel they can come to with “Hey, I found this tool, can we use it?” is going to have a better handle on shadow AI than one that’s purely in enforcement mode.
Shadow AI isn’t a trend that’s going to reverse. The tools are too easy to access, the productivity argument is real, and most employees have already made them part of how they work. Security teams that are still in the blocking-and-hoping phase are going to keep losing ground until they start with visibility first.
- The AI Risk Blind Spot Most Organizations Don’t Know They Have - May 13, 2026
- The Attack Surface Changed but the Fundamentals Didn’t - May 7, 2026
- What the Breach Reveals That the Budget Never Did - April 30, 2026
