SAIL

/

Code/ No Code - AI Asset Discovery

/

Shadow AI Deployment

2.2

.

Shadow AI Deployment

sail
2.2
Risk

Shadow AI Deployment

Description

AI systems or components are developed and/or deployed informally without official oversight, sanction, or adherence to governance policies.

Example

A marketing team uses a no-code AI platform to build a customer sentiment analyzer with company data, bypassing IT and security review.

Assets Affected

Notebook

Coding agent (config)

Agentic platform (no code)

AI platform

Mitigation
  • Enforce clear AI governance policies and approval processes for any AI experimentation or deployment
  • Promote awareness of AI policies
  • Use discovery tools to identify unauthorized AI activities
Standards Mapping
  • ISO 42001: A.3.2, A.2.2
  • NIST AI RMF: GOVERN 1.3, GOVERN 4.3