Shadow AI assessment

GenerativeAI carries both promises and perils – improved productivity, but also data privacy, reputation, IP infringement risks among others. Know what GenerativeAI services are currently used by your end-users, risk classification of these services and receive actionable recommendations for improvements. 

Your business challenges

"Put simply, shadow AI is when staff bolt AI tools onto their work systems to make life easier, unbeknown to management. This quest for efficiency is, in most cases, well intentioned, but it’s opening companies up to a new realm of cybersecurity and data privacy issues. ” 

Your business challenges

Our Solution

Are you a medium or large business concerned about cybersecurity and privacy risks posed by uncontrolled usage of generative Al tools like ChatGPT, Bard, and others? Even if you have software asset management in place, most GenAl tools slip through them as they are entirely browser-based without local software installed on endpoints. This offer is tailored for you to assess current usage of the latest GenAl solutions across your company.

Our standard delivery process:

  • 1-month engagement.
  • Deployment of Microsoft Defender for Cloud Apps.
  • Integration with existing Microsoft Defender for endpoints.
  • Data collection (2 weeks).
  • Project closure meeting - final report review.

Engagement checklist and structure

1. Planning

  • Kickoff meeting, pre- requisites check (MS Defender for Endpoints
    licensing and config) 
  • Activate trial licenses if required
  • Acquire permissions to access customer tenant

2. Deployment

  • Go to and ensure Settings > Endpoints > General > Advanced features > Microsoft Defender for Cloud Apps toggle is On. Check prerequisites!

3. Collect and Analyze

  • Twice per week check ingest on 
  • After 2 weeks of data collection, export data and prepare assessment report

4. Present

  • Project closure meeting - final report discussion and next steps
Your benefits and deliverables

Your benefits and deliverables

Deliverable – AI roadmap, including: 

  • GenerativeAI compliance assessment report: 
    • List of identified GenAI services 
    • List of users per service, including total volume, upload volume and number of transactions 
    • Risk classification for each service identified 
    • Traffic volume per risk group 
    • Vendor geographies (HQ) 


  • Visibility - who is using what GenAI tools in your company 
  • More than 400 GenAI services in catalog (and growing), including purely browser based that are not visible to conventional software asset management solutions 
  • Risk classification for identified GenAI services based on general. security, compliance and legal criteria 
  • Usage data to enable most efficient procurement decisions and internal policies and instructions improvement process 

We are ready to tell you more

Stay up-to-date

with the latest news and events from Squalio.

Stay up-to-date