Shadow AI—the use of AI-powered tools by company personnel without IT approval—can create SOC 2 audit gaps because it introduces unvetted third-party services into the system, may send confidential data outside governed channels, and bypasses the change management, access control, and vendor oversight processes that auditors examine.
This article explains what shadow AI is, how it differs from traditional shadow IT, which specific SOC 2 control failures it creates, what auditors look for during evidence reviews, and how organizations can detect and govern unauthorized AI before their next SOC 2 examination.
What Is Shadow AI
Shadow AI occurs when people within an organization adopt AI-powered tools, including large language models (LLMs) like ChatGPT or Claude, code completion tools, AI writing assistants, AI-powered meeting transcription services, AI image generators, or AI-enhanced browser extensions—without the knowledge, vetting, or approval from IT or other compliance functions within the organization. The concept is very similar to shadow IT, which refers to any hardware, software, or cloud service used within an organization outside of formal procurement and security review processes.
Organizations that have managed shadow IT for years will recognize many of the same governance challenges: a lack of visibility into what tools are being used, by whom, and with what data. The defense in depth strategies organizations build for SOC 2 rely on knowing what is in an organization’s environment. Shadow AI undermines this foundational assumption, and it does so at a pace and scale that traditional shadow IT never achieved.
Why Shadow AI Is More Dangerous Than Traditional Shadow IT
Shadow AI inherits every risk associated with shadow IT. This includes unauthorized software in the processing environment, gaps in asset inventories, and unvetted third-party access. It also introduces a category of risks that are qualitatively different from anything shadow IT has historically presented. These differences are what make shadow AI particularly problematic from a SOC 2 audit perspective.
Data Is Actively Consumed, Not Just Stored
When an employee installs an unauthorized project management tool, the risk is generally that data ends up stored in an uncontrolled location. With AI tools, data is actively ingested as input. Every prompt submitted to an LLM or other generative model is a data transmission to a third-party provider. Depending on the provider’s terms of service, that data may be used to train future models, stored indefinitely, logged for review by the provider’s employees, or made retrievable by other users in rare but documented cases. For organizations subject to SOC 2’s Confidentiality criteria, this creates an immediate compliance problem. Data classified as confidential has left the controlled environment through an external channel.
Outputs Are Non-Deterministic & Can Introduce Inaccuracies
Traditional shadow IT tools process data deterministically. For example, calculations in a spreadsheet or macro follow a determined path that creates reproducible results. AI tools are fundamentally different in that outputs are not generally deterministic. The same input may create a different output. This is especially true as LLM providers introduce new models with different weights that produce different outcomes.
Generative AI can also produce outputs that are plausible but factually incorrect—a phenomenon widely documented as “hallucination.” When employees incorporate AI-generated content into their work without adequate review, the organization faces processing integrity risks in addition to those created by traditional shadow IT.
As discussed in our article on black box testing AI systems in SOC audits, even sanctioned AI deployments require careful governance to demonstrate processing integrity. When AI tools are adopted without any governance at all, the integrity risk becomes substantially worse.
The Attack Surface Expands Invisibly
Many AI tools operate as browser extensions, plugins, or API integrations that embed themselves into existing workflows. An AI email assistant may read every message in an employee’s inbox. An AI browser extension may capture the contents of every page visited, including internal dashboards and customer portals. An AI code completion tool may transmit proprietary source code to external servers with every keystroke.
Unlike a standalone unauthorized application, these tools operate inside already-trusted applications. They are much harder for endpoint security tools and mobile device management solutions to detect because they do not appear as separate processes. They expand the attack surface in ways that are largely invisible to traditional monitoring.
Why Does Shadow AI Create SOC 2 Audit Gaps?
Shadow AI creates SOC 2 audit gaps because it inserts uncontrolled technology into the environment that SOC 2 controls were designed around. Unlike a policy violation that affects a single control, shadow AI tends to affect multiple Trust Services Criteria simultaneously. A few example scenarios are provided below:
- CC6 (Logical Access) addresses how organizations restrict logical access to systems and data. When employees authenticate AI tools using corporate credentials, SSO tokens, or OAuth connections, they grant external services access to internal systems—often with broad read permissions—without going through the user access review and provisioning processes your controls are built around.
- CC7.1 (System Operations) requires the organization to detect and act on security events. If AI tools are transmitting data outside the organization and those transmissions are not captured by your security operations monitoring, the effectiveness of detection controls is undermined. Shadow AI makes this particularly challenging because many AI services use standard HTTPS connections that are difficult to distinguish from normal web traffic without application-layer inspection.
- CC9.1 (Risk Mitigation) addresses the identification and assessment of risk mitigation activities, including those related to vendors and business partners. When employees adopt AI tools independently, they are onboarding vendors outside the vendor management process. The organization has no data processing agreement, no security assessment, and no contractual protections for the data being shared. Our article on vendor vs. subservice organizations explains the distinction between vendors and subservice organizations, and shadow AI tools—depending on how they are used—may qualify as either. In both cases, the relationship must be documented and assessed.
How Can Organizations Detect Shadow AI?
Organizations that address shadow AI proactively—rather than waiting for an auditor to find it—have significantly better outcomes. Practical approaches include:
- Deploy CASB (Cloud Access Security Broker) or SWG (Secure Web Gateway) solutions configured to identify and classify traffic to AI service endpoints.
- Audit OAuth application grants periodically. Review third-party applications authorized through your identity provider and revoke those that have not been approved.
- Restrict browser extension installation to an approved whitelist on managed devices through your MDM or endpoint management platform.
- Implement DLP rules that detect sensitive data patterns being transmitted to known AI service domains.
- Conduct anonymous employee surveys. The gap between what IT knows about and what employees report using is itself a risk metric worth tracking.
Building a Shadow AI Governance Program
Detection and controls that satisfy auditors are important, but the organizations that fare best are those that approach shadow AI as a governance challenge rather than purely a compliance exercise. The goal is not to prohibit AI usage—that approach is both impractical and counterproductive. The answer is to channel that enthusiasm through governed pathways.
A practical governance program includes:
- Approve a curated set of AI tools: Evaluate AI tools through your existing vendor management process, negotiate enterprise agreements with data protection terms, and deploy them with corporate SSO integration.
- Update the risk assessment: Add AI-specific risk scenarios, including unauthorized data disclosure through AI prompts, processing integrity risks from AI-generated outputs, and vendor management gaps from unsanctioned AI providers.
- Implement layered technical controls: CASB/SWG for traffic visibility, DLP for data exfiltration detection, OAuth grant management, browser extension whitelisting, and endpoint-level controls through your MDM.
- Train the workforce: Try to make it specific, as general “don’t use unauthorized tools” guidance is insufficient. Employees need to understand the mechanics: why pasting customer data into a prompt is a disclosure event, why AI outputs need verification, and what the approved alternatives are.
- Monitor and iterate: Shadow AI is not a one-time problem to solve. New AI tools launch constantly. The governance program needs to include ongoing discovery, periodic access reviews, and regular policy updates—the same continuous improvement approach that underpins effective SOC 2 programs.
Shadow AI Is a SOC 2 Problem Today, Not Tomorrow
It is tempting to treat shadow AI as a future concern—something to address once the AI landscape matures and best practices become established. The problem with that approach is that your employees are using AI tools now, and auditors are asking about them now.
The fact that there is no SOC 2 compliance checklist means organizations cannot wait for a prescriptive rule that says “you must govern AI tools.” The criteria-based nature of SOC 2 means that if AI is introducing risk to your environment, you are expected to address it—whether it appears on a checklist or not.
Shadow AI is shadow IT’s faster, smarter, and more data-hungry successor. The governance playbook for shadow IT gives you a starting point, but you will need to go further. Data is not just stored somewhere unauthorized—it is actively consumed and processed by third-party models. Outputs are not just unvetted—they are non-deterministic and potentially fabricated. The attack surface does not just grow by one more application—it embeds itself invisibly inside the tools employees already trust. These differences are not academic. They produce real findings in real audits.
If you have questions about how shadow AI may affect your upcoming SOC 2 engagement, or if you need help assessing your current AI governance posture, please feel free to contact us. Our team of experienced auditors can help you identify gaps and build controls that hold up under examination.
Tim Nackos joined Linford & Company, LLP in 2022. The first 5 years of his career were spent at the “Big Four” firms EY and KPMG providing IT assurance and advisory services. He also spent 10 years at two large financial institutions primarily in internal audit performing data analytics. Tim is a certified public accountant (CPA) in the state of Utah and is a certified information systems auditor (CISA). He holds both a Master of Accountancy and a Bachelor of Science degree in Accounting from Brigham Young University.