Shadow AI: find the unapproved models and agents in your tenant

Shadow AI is the AI nobody signed off on. An employee consents to a third-party AI app over OAuth, a team spins up an agent using a model that never went through review, a service principal quietly gains the permissions to read mail or files. None of it appears in a governance plan, and all of it can reach your data.

You cannot govern what you cannot see. Senserva surfaces the app registrations, OAuth grants, service principals, and agents living in your Microsoft 365, Intune, Defender, and Entra ID environment, and flags the ones holding high-risk permissions, so the AI operating in the dark comes into the light.

How shadow AI gets in

Shadow AI rarely arrives as a deliberate breach. It accumulates through ordinary, well-intentioned actions that no one reviews after the fact.

OAuth-consented AI apps
A user grants a third-party AI tool access over OAuth. The consent is real and persistent, and the app keeps its access until someone revokes it.
Service principals you did not track
App registrations and service principals, including those backing AI agents, can hold standing permissions that nobody is reviewing.
Agents on unapproved models
Agents may run on models that never passed review, raising data-handling and safety questions that an approved-model policy is meant to prevent.
Over-broad permissions
Any of the above can hold high-risk Microsoft Graph scopes, turning an unsanctioned tool into a real path to your data.

How Senserva helps

Shadow AI is a discovery problem first, a least-privilege problem second, and a monitoring problem for good. Senserva addresses all three on the Microsoft side, with the honest caveat that some governance signals are advisory where Microsoft Graph does not yet expose the setting.

Step What Senserva does
DiscoverSurfaces app registrations, OAuth grants, and service principals, including the agent identities behind AI tools, so unsanctioned apps stop being invisible.
Least privilegeFlags high-risk Microsoft Graph scopes on those apps and agents, deterministically read from Graph, so over-broad access is ranked and visible.
Approved modelsTracks the use-of-approved-models governance control. This one is advisory: where Graph does not expose the setting, Senserva raises it for review so it is not forgotten.
MonitorAudit-log and sign-in health checks, plus scheduled re-scans, catch new shadow AI as it appears rather than at the next annual review.

Senserva is an advisory scanner. It shows you the shadow AI and its risk, ranks the worst of it, and applies any remediation only after a human approves it.

Discovery is the first control

Every shadow-AI program starts the same way: build the inventory, find the over-privileged outliers, and keep watching. The same scan that finds unsanctioned AI apps also maps the agents you do know about, so your approved and unapproved AI sit side by side in one ranked view.

From there, least privilege and monitoring keep the list from growing back. The goal is not to block all AI, it is to make sure every AI in the tenant is one you chose and can account for.

Bring shadow AI into the light

Run a scan and see the AI apps, grants, service principals, and agents already operating in your tenant, ranked by risk. For the agent-permission detail, see Microsoft AI security, and for least-privilege guidance on agents, see the AI agent inventory.

Scan your tenant free Microsoft AI security AI agent inventory

Explore the AI Enhanced suite

Agentic AI for Microsoft 365 security, end to end. Each piece works with the AI of your choice.

Works with any AIChatGPT, Claude, Gemini, Copilot, or a local model, with a built-in prompt builder. Claude & MCPRun Microsoft 365 security agentically from Claude through the Senserva MCP. AI security reportsSix AI-enhanced report types generated from one scan. AI remediationValidated, approve-before-apply fixes for every finding. AI complianceMap and close gaps against CISA SCuBA, MCSB, and more.