88% of orgs report AI agent security incidents. Shadow AI agents are the new shadow IT. Here's how to find and govern them.
Article text
Two weeks ago we were doing a process audit for a 55-person insurance agency. Standard engagement: map the workflows, find the bottlenecks, figure out where automation makes sense. Halfway through, we discovered something the ops manager didn't know about. Three different team members had connected AI tools to the company's CRM. Two were using Zapier-powered AI workflows to auto-draft follow-up emails. One had given an AI assistant direct read access to the client database to generate reports.
None of these were approved. None were documented. Nobody in leadership knew they existed.
Welcome to the era of shadow AI agents.
The New Shadow IT Is Already Inside Your Business
A decade ago, the problem was shadow IT: employees signing up for Dropbox or Slack without telling the IT department. It was manageable because those tools mostly stored or moved information. They didn't
act
on it.
Shadow AI agents are different. They don't just store your data. They read it, process it, make decisions based on it, and take actions. They send emails. They update records. They move money. And 88% of organizations report suspected or confirmed AI agent security incidents , according to a 2026 State of AI Agent Security study. Meanwhile, only 22% of organizations treat AI agents as independent identity-bearing entities.
That gap between "agents are acting" and "we're governing agents" is where the risk lives.
If your business has more than 15 employees and uses any cloud-based tools, the odds are high that someone on your team has already connected an AI agent to something. If you're wondering whether AI agent security governance matters for your business, we can help you find out in a 30-minute discovery call .
Why This Is Harder Than Regular Shadow IT
When someone signed up for an unauthorized Dropbox account five years ago, the worst case was data in an unsanctioned location. You could find it and migrate it. The data just sat there.
AI agents are active. They hold credentials. They can:
Read customer data
across connected systems, often more than they need
Send communications
on behalf of your company (emails, messages, responses)
Modify records
in your CRM, accounting software, or project management tools
Chain actions together
, where one automated step triggers the next without human review
And because most AI tools use the employee's own credentials, there's no audit trail distinguishing what the person did from what the AI did. If an AI agent sends the wrong email to a client at 2am, it shows up as sent by "Sarah" in your email system. Sarah was asleep.
The insurance agency we audited had a specific version of this problem. One of the AI-powered email drafters had been sending follow-up messages to prospects that were
almost
right but included pricing language that didn't match the company's current rate sheets. The messages had gone out under the agent's name for six weeks before anyone noticed.
If you're concerned about shadow AI agents in your business, we've written a detailed case study on how a 35‑person insurance agency cut call handle time by 45% with AI automation . Or book a free workflow call to audit your own AI agent exposure.
How to Run an AI Agent Inventory
You don't need enterprise software to start governing this. You need a systematic sweep and a set of rules. Here's the process we use.
Step 1: Catalog every AI-connected integration
Go through every major system your business uses (CRM, email, accounting, project management, customer support) and check the integrations or connected apps settings. Look for:
Any integration with "AI," "GPT," "Claude," "Copilot," or "automation" in the name
Zapier, Make, or n8n workflows that involve AI steps
API keys issued to third-party tools you don't recognize
Browser extensions with AI capabilities that have access to business data
Most cloud platforms have an admin panel showing connected applications. Start there.
Step 2: Map what each agent can access
For every AI tool or agent you find, document three things:
What data can it read?
(Customer records? Financial data? Internal communications?)
What actions can it take?
(Send emails? Update records? Create entries? Delete things?)
Whose credentials is it using?
(Does it have its own service account, or is it piggy-backing on an employee's login?)
This creates your AI agent inventory. Most businesses we work with are genuinely surprised by what they find. A 38-person staffing agency discovered 7 AI-connected tools that nobody in management had approved, including one that had read access to candidate social security numbers.
Step 3: Apply the principle of least privilege
For each agent, ask: does it need all the access it currently has? Almost always, the answer is no.
An AI agent drafting customer follow-up emails needs access to customer names, last interaction dates, and maybe the product they purchased. It does not need access to payment history, internal notes, or the customer's full address. Strip the permissions down to only what the agent needs for its specific task.
Step 4: Create three operational rules
Every business deploying AI agents needs at minimum:
A scope rule:
Every agent gets a defined scope. "This agent can read customer names and interaction dates from the CRM and draft follow-up emails for review." Written down. Reviewed quarterly.
A boundary rule:
Every scope has boundaries. "This agent cannot send emails without human approval. This agent cannot access financial data. This agent cannot modify or delete records." Explicit limits.
A checkpoint rule:
Every boundary has a human checkpoint. "A team member reviews AI-drafted emails before they send. The ops manager audits AI-generated reports weekly. Any new AI integration requires manager sign-off before connecting."
Step 5: Decide who owns AI governance
Someone in your organization needs to own this. In a 20-person company, it's probably the owner or ops manager. In a 100-person company, it might be the IT lead or a designated operations role. The point is: someone's name is on it.
This person doesn't need to be technical. They need to know what AI tools are running, what those tools can access, and who approved them. That's it.
What the Industry Is Building
The fact that Okta, the largest identity management company in the world, just announced a product specifically for governing AI agents tells you how real this problem is becoming. Their product, launching April 30, 2026, includes agent discovery (finding AI agents you didn't know existed), a monitoring dashboard, and what they call "Universal Logout," which is essentially a kill switch that instantly revokes all of an AI agent's access tokens.
Okta's tool is built for enterprises. But the principles behind it apply to a 30-person company just as much as a 3,000-person one:
Discovery:
Know what AI agents are operating in your environment
Monitoring:
Track what those agents are actually doing
Revocation:
Be able to shut any agent down instantly if something goes wrong
You probably won't buy Okta's product. But you can implement these three principles manually right now, using the inventory process above.
The Conversation to Have This Week
If you manage a team, here's a practical step: in your next all-hands or team meeting, ask this question: "Is anyone on this team using an AI tool that connects to any of our business systems?"
No judgment. No consequences. Just ask.
In our experience, at least one person will raise their hand, and they'll often say something like "I set up this thing that saves me two hours a week." Great. Now you know about it. You can evaluate it, scope it, and decide whether it stays, gets modified, or gets replaced with something better governed.
The businesses that will handle AI well aren't the ones that ban it. They're the ones that know what's running, what it can access, and who's watching. That's not paranoia. That's just good operations.
If you want help running an AI agent audit for your business, or if you're planning to deploy AI agents and want to get the governance right from the start, reach out to us . We'll map what's running, flag the risks, and help you build a governance framework that actually fits your team size.