4-min read
Triage shadow AI findings
Shadow AI is every AI tool used inside your company that IT doesn't yet know about. GreyScape.ai surfaces them via three intakes: card-feed CSV upload, the browser extension, and forwarded email receipts. Triage means deciding 'sanction, block, or review' on each finding.
Steps
- 1Make sure at least one intake is connected: /shadow-ai/upload for card-feed CSVs, /connectors/browser-extension for the Chrome/Edge extension, /connectors/receipts for the email forwarding address.
- 2Wait for findings to land. The card-feed intake produces findings within minutes of a CSV upload; the browser extension within an hour of deployment.
- 3Open /shadow-ai (or /shadow-ai/discoveries) — every finding lists Tool, Detected by, First seen, Users, Estimated monthly, Risk, Status.
- 4For each unsanctioned tool, decide: SANCTION (move to a corporate seat), BLOCK (add to deny-list — the Approved-models policy refuses to recommend it), or REVIEW (assign to a colleague).
- 5High-risk findings get a callout at the top of the page with one-line explanations. These are typically 'OpenAI SDK with hardcoded key in committed code', 'Ollama installed on production laptops', 'unapproved AI library imported in customer-facing service'.
Watch-outs
- Personal-tier subscriptions on corporate cards are the highest-volume finding for most mid-market companies. Sanctioning them onto company plans typically saves 18-25% on AI spend.
- The browser extension only reports HOSTNAME + tab-focus duration. It does NOT read prompts or page content. If your privacy review pushes back, point them to /legal/security.
- Findings can have false positives — a card-feed line for 'OPENAI' might be a CRM API integration, not a personal chat subscription. The triage UI lets you mark these correctly so the catalogue learns.
Next
Understand the dashboardStuck? Email [email protected] and we'll respond within one business day.