Discover Every AI Tool in Use, Then Inventory It
Detection tells you something risky happened; discovery gives you the full picture - every AI tool, account, and extension across the org, organized into an inventory you can actually govern.
Illustrative product view
Discovery vs detection
Detection catches a risky moment - a sensitive paste, a personal account. Discovery builds the map: the complete set of AI tools, accounts, and extensions actually in use across the org, so you know your real AI footprint rather than the one your policy assumes. The same browser sensor that detects risky activity feeds discovery, and a scan can be run via POST /api/scan/run.
What discovery finds
| Category | What discovery maps |
|---|---|
| AI tools | Every consumer and enterprise AI app in use |
| Accounts | Corporate SSO vs personal accounts per tool |
| Extensions | Browser extensions that can read page content |
| Sanctioning | Which tools are approved vs unsanctioned |
| Usage spread | Who and how many across teams |
From footprint to inventory
- 1Run discovery to enumerate the AI tools, accounts, and extensions in use
- 2Separate sanctioned from unsanctioned use
- 3Move risky personal-account usage to governed alternatives
- 4Promote approved tools into the AI-BOM with provenance and approval state
- 5Keep discovery running so new tools surface as they are adopted
How it connects
- Feeds the AI-BOM, the durable inventory of approved AI assets
- Pairs with shadow AI detection for the risky-moment signals
- Uses data classification to label what data each tool touches
- Findings become evidence that AI usage is being governed
Frequently asked questions
What is shadow AI discovery?
Shadow AI discovery is the process of enumerating every AI tool, account, and extension in use across an organization, including the ungoverned ones. It turns an unknown AI footprint into a named inventory you can govern, and it is the step that precedes writing meaningful AI policy.
How is discovery different from detection?
Detection surfaces individual risky events - a sensitive paste, a personal-account login. Discovery builds the complete inventory of AI tools and accounts in use. Detection tells you something happened; discovery tells you the full landscape it happened in.
What does discovery do with the tools it finds?
It separates sanctioned from unsanctioned use, lets you move risky personal-account usage to governed alternatives, and promotes approved tools into the AI-BOM with provenance and approval state. New tools keep surfacing as they are adopted, so the inventory stays current.
Does discovery cover browser extensions?
Yes. Because the sensor runs in the browser, discovery includes extensions that can read page content - a common and often overlooked path for data to leave. Risky extensions are flagged alongside the AI tools and accounts.
Stay in the loop
One practical finance briefing a week - new guides, checklists, and benchmarks.
Map your real AI footprint
Discover every AI tool and account, then turn it into a governed inventory.
Talk to us