Every regulated mid-market firm we audit has Shadow AI: personal ChatGPT accounts, browser extensions, embedded features in SaaS the firm already pays for, and contractor-built workflows nobody owns. Most clock between 15 and 50 tools the leadership team did not know existed. The Shadow AI Audit produces the inventory, classifies the data exposure, and installs the governance line.
The Audit produces a structured inventory. It is not a long list of unrelated tools; it is four predictable classes, each with its own governance fix. Every Audit names where the firm sits on each class.
The output the same week as the readout: a one-document inventory, a kill/fix/keep verdict per tool, a sequenced remediation plan, and a governance line the firm can stand behind.
Free-tier ChatGPT, Claude, Gemini, Perplexity, and browser-side AI extensions used by staff against confidential firm material. Logged in the personal account, not the firm. Found via expense-report keyword search and structured employee survey.
Microsoft 365 Copilot, iManage AI, Salesforce Einstein, HubSpot AI, Zoom AI, Otter, Fireflies. Enabled by default in the SaaS contract the firm already pays for. The data-handling clause for the AI feature is rarely the same as the base SaaS contract.
Custom integrations that call an external LLM API: form-handler workflows, customer-support automations, document-classification jobs. Developer left the firm; the workflow is still running on the same API key. The vendor has a contract with someone who no longer works at the firm.
Grammarly, Wispr, Cluely, Notion AI, Microsoft Edge’s built-in copilot, Arc’s Max features, Pocket AI summaries. Each touches firm content. None are in the IT inventory. Detected via DNS-level traffic analysis and endpoint browser-extension survey.
Every tool, account, embedded feature, and contractor-built workflow detected via expense, survey, endpoint, and traffic signals. Classified by data-class touch and ownership.
For each tool, a written verdict against the firm’s governance line and regulatory perimeter. Reasoning documented so the decision survives the next leadership rotation.
A sequenced plan: which tools to kill this week, which to fix with enterprise licensing or DPA, which to replace with sanctioned alternatives, and which to keep. Each step has a named owner and a turnaround commitment.
A one-document governance posture: approved tools per data class, sub-processor list, vendor DPAs, the approval path for new tools, and the named owner of the line. Built to be shared with a regulator, LP, client, or auditor on request.
Five parallel channels: expense-report keyword search across 12 months (ChatGPT, Claude, OpenAI, Anthropic, Perplexity, Copilot), structured anonymous employee survey, endpoint browser-extension inventory, SaaS contract walkthrough for embedded AI features, and DNS-level traffic sample. The five together typically find 15 to 50 tools where leadership estimated five.
The survey is positioned as discovery, not enforcement. The promise is that current tools are not punished; only future ones outside the governance line are. Cooperation rates are high when leadership communicates the change directly and the Audit moves quickly. Where cooperation is low, the other four channels still produce a defensible inventory.
The AI Operating Audit covers governance, throughput, and tool inventory across the firm. The Shadow AI Audit is the same engagement scoped specifically toward unsanctioned use: it weights detection and inventory heavier and remediation slightly lighter. Most firms find that what starts as a Shadow AI Audit becomes a full AI Operating Audit by week three because the inventory is the entry point to the rest of the work.
Two to six weeks depending on firm size and entity count. Standard single-entity Shadow AI Audit is from $15,000. Most firms continue into the Fractional CAIO retainer afterward, quoted in the Audit readout.
Every engagement begins with a short fit review and the Shadow AI Audit. Most firms continue into the AI Operating Partner relationship from there. If there is not strong mutual fit, we tell you directly.