Shadow AI: You Can't Secure the AI Systems You Can't See
Enterprise AI adoption is outpacing visibility. A look at shadow AI risks and how an AI Bill of Materials helps discover, own, and govern hidden AI systems.
The piece argues that while most organizations can inventory their web services accurately, they lack equivalent visibility into the AI systems they run—models, fine-tunes, retrieval pipelines, agents, and third-party AI APIs. These don't fit conventional asset management because they lack hostnames or CMDB entries, and with enterprise AI adoption reportedly growing around 83% year over year, this creates a largely unmapped attack surface.
The proposed fix is an AI Bill of Materials (AI-BOM), modeled on software's SBOM concept: a structured, machine-generated manifest per AI system capturing model provenance, datasets, dependencies, capabilities (tools and actions it can invoke), and an accountable owner and purpose. Rather than a quarterly survey, this should be a living inventory continuously fed by network/egress monitoring, code and IaC scanning, cloud billing signals, SaaS admin audits, and identity enumeration.
The key takeaway is that the hard part isn't discovery tooling but accountability—every AI system needs a named owner, purpose, and risk tier. This single artifact doubles as a security control, a compliance record, and a governance tool. For engineers, the practical implication is that this AI-BOM becomes the foundation for later work on supply-chain verification, data governance, and compliance evidence covered elsewhere in the series.