Shadow vs Sanctioned AI

Not all AI usage in your organization is approved.

Peridot distinguishes between sanctioned and shadow AI to help you understand risk and enforce control.

What is sanctioned AI?

Sanctioned AI refers to tools and systems that are:

• Approved by security or IT

• Configured with known policies

• Monitored and governed

These tools operate within defined control boundaries.

What is shadow AI?

Shadow AI refers to AI usage that occurs outside approved controls.

This includes:

• Employees using external AI tools without approval

• AI features embedded in SaaS platforms

• Internal tools calling model APIs without governance

• Experimental workflows running in production

Why shadow AI matters

Shadow AI introduces risk because it is:

• Invisible

• Uncontrolled

• Unaudited

Sensitive data may be exposed. Policies may be bypassed. Actions may be taken without oversight.

How Peridot identifies shadow AI

Peridot flags AI usage as shadow when:

• It is not associated with approved integrations

• It falls outside defined policies

• It cannot be mapped to known systems or environments

Moving from shadow to sanctioned

Peridot enables you to:

• Identify shadow AI usage

• Classify tools and systems

• Apply policies

• Bring usage under governance

The goal is not to eliminate AI usage—it is to control it.

What to do next

• Use Data Flows Overview to understand data exposure

• Apply controls using Policies Overview