Complete AI Inventory
Every AI system, agent, API call, and model usage discovered during the engagement, categorized by sanction status and risk.
Inventory document + spreadsheetSERVICES · OFFENSIVE← BACK TO SERVICES
Shadow-AI Recon
Find the AI agents, API calls, and model usage running inside your org that nobody approved.
Shadow-AI Recon is a discovery engagement, not a testing engagement. We map every AI system, agent, and model API call active in your environment — including the ones nobody has documented. The output is a complete inventory of your real AI footprint, often substantially larger than what's officially in the architecture diagrams.
// THE PROBLEM
What we're solving when you hire us for thisEvery organization with more than 50 engineers has unsanctioned AI usage. Developers integrate ChatGPT into internal tools. Marketing teams deploy AI chatbots through SaaS vendors. Customer support pilots a new agent without security review. None of it shows up in the architecture diagram. All of it expands your attack surface, data exfiltration risk, and compliance exposure.
Shadow-AI Recon finds these systems before an auditor, attacker, or breach does. We use network telemetry analysis, code repository scanning, SaaS billing reconciliation, and direct interviews to surface the full AI footprint — including production deployments, internal tools, vendor-embedded AI, and developer-level usage.
// HOW WE RUN IT
The five phases of a Shadow-AI Recon engagement01
Telemetry Survey
We analyze outbound network traffic over a defined window to identify calls to major AI API providers (OpenAI, Anthropic, Cohere, and others) and lesser-known endpoints. Pattern analysis reveals which systems are calling, how often, and at what data volume.
Duration 3–5 days · Output: telemetry inventory02
Code & Config Discovery
We scan code repositories, CI/CD pipelines, and deployment configurations for AI integrations — including model API calls, vector database connections, LLM library imports, and agent framework dependencies.
Duration 2–3 days · Output: code inventory03
SaaS & Vendor Audit
Cross-reference SaaS billing, vendor agreements, and tool inventories to identify AI features bundled into existing tools. Many vendors added AI capabilities in 2024–2026 that customers didn't actively enable.
Duration 2–3 days · Output: vendor inventory04
Interview & Reconciliation
Structured interviews with engineering team leads to surface AI usage that isn't visible in telemetry or code — local model deployments, developer-level tool usage, experimental prototypes.
Duration 3–5 days · Output: complete reconciled inventory05
Risk Mapping & Reporting
Each discovered AI system is rated by data sensitivity, authorization status, and risk class. Final deliverable is a complete shadow-AI inventory with prioritized recommendations for sanctioning, restricting, or decommissioning each system.
Duration 3 days · Output: report + walkthrough// WHAT YOU RECEIVE
Deliverables, named and specificRisk-Ranked Findings
Discovered systems ordered by data sensitivity, authorization gaps, and breach risk.
Risk register + remediation roadmapExecutive Summary
Sanitized one-page summary for board, executive team, or compliance stakeholders. Quantifies shadow-AI exposure without exposing technical details.
1–2 pages · Markdown + PDFSanctioning Roadmap
For each discovered system, a recommendation: sanction (formalize), restrict (limit usage), or decommission — with rationale and next steps.
Per-system recommendation documentDetection Playbook
Documentation of how we found each category of shadow-AI so your security team can detect future instances without a re-engagement.
Detection playbook + queriesStakeholder Walkthrough
Working session with security, engineering, and compliance leadership to walk through findings and prioritize next steps.
90-minute session + recording// ENGAGEMENT SHAPE
Specific numbers, not approximations3–4 weeks
Total engagement window2 practitioners
Minimum, both seniorWeekly findings reports
Plus daily async updates< 24 hours
Material data exposure findingsNetwork / org boundary
Written in SOW$18,500
Mid-size org engagement< 5 business days
After engagement close30 days default
Telemetry deleted at close// WHEN THIS IS RIGHT
Honest fit criteria// THE RIGHT FIT
—
Your organization has grown past the point where any single person knows every AI system in use.
—
Regulatory pressure (EU AI Act, sector-specific requirements) means you need an authoritative AI inventory soon.
—
You've had a data exposure scare and need to know which systems can reach sensitive data.
—
You're preparing for an audit or due diligence event and need defensible documentation of your AI footprint.
// THE WRONG FIT
—
You already have a current, accurate AI inventory — this engagement won't find what's already known.
—
You need penetration testing of specific systems — Adversarial Probing or Injection Vector Mapping fit that need.
—
Your organization has fewer than ~50 people — discovery costs more than just asking everyone directly.
—
You need real-time monitoring — this is a point-in-time discovery engagement, not ongoing detection.
// RELATED ENGAGEMENTS
Where this connects to the rest of our workAI Risk Assessment
If you need formal compliance documentation against NIST or EU AI Act, this is the natural next engagement after the shadow-AI inventory is established.
DETAILS →
Evidence Collection
Builds on the inventory by establishing audit-ready logging for the systems you decide to sanction.
DETAILS →
Adversarial Probing
Once the inventory is complete, this is the engagement that tests the highest-risk systems for actual exploitability.
DETAILS →
Shadow-AI Recon engagements start from $18,500. Reply within 24h. NDA before scope.
BOOK THIS ENGAGEMENT →