May 18, 2026

Shadow AI Through the ITAM Lens: Managing AI Within Existing Processes

Shadow AI Through the ITAM Lens: Managing AI Within Existing Processes

AI in the context of ITAM/SAM is not a new discipline. It is an additional layer of control on top of existing software, SaaS, and cloud services. The goal is not to build "AI Asset Management" from scratch — it is to extend the existing software asset lifecycle to cover AI functionality that is already spreading across the corporate IT landscape.

What Is Now in Scope

The corporate IT landscape is shifting quietly but quickly: familiar tools are gaining AI features, employees are connecting external services without approval, and AI spend is fragmenting across dozens of subscriptions. ITAM/SAM now needs to cover:

  • SaaS solutions with embedded AI functionality
  • AI subscriptions and AI add-ons to existing products
  • AI features built into software already in the environment
  • Actual AI usage and associated costs
  • AI-related risks and AI access to corporate data
  • AI integrations and API usage
  • Shadow AI — unsanctioned use of AI tools

How the Asset Record Changes

Previously, ITAM captured a standard asset entry:

  • Product - MIcrosoft 365
  • License - E3
  • Owner - HR
  • Cost - $36/user

Now an AI context layer is added to the same record:

ProductAI EnabledAI FeatureRiskData AccessMicrosoft 365YesCopilotLowSharePoint / Exchange

The point is not simply to "see AI" — it is to bring AI into an already governed software asset lifecycle.

Shadow AI: Concrete Examples

In practice, AI is already present inside tools that have been in the infrastructure for years:

  • Zoom — AI Companion is enabled
  • Salesforce — Einstein AI is active
  • Notion — Notion AI is in use
  • GitHub — Copilot licenses have been purchased
  • OpenAI — direct SaaS usage discovered without a corporate contract

A typical scenario: a company purchased 500 Copilot licenses. Only 120 are actively used. Some users have never opened Copilot. Some departments are simultaneously using ChatGPT Enterprise. The result — duplicated AI spend and blind spots in security.

ITAM/SAM does here what it has always done: identifies owners, analyzes usage, maps costs to actual consumption, classifies risks, and surfaces optimization opportunities.

AI Risk Classification

AI TypeRisk LevelEmbedded corporate AI (Copilot within the corporate tenant)LowPublic generative AI (ChatGPT Free)HighAI with external model trainingCritical

Data access control is a separate dimension. ITAM/SAM needs visibility into which resources each AI tool can reach: SharePoint, Jira, Confluence, corporate email, CRM, ERP, and external models.

Shadow AI in action: an employee connects an AI assistant to corporate Google Drive without IT or security approval. Data flows to an external model — and no one knows.

New Discovery and Tracking Objects

Beyond familiar installed applications and SaaS authorizations, ITAM now tracks:

  • AI browser extensions
  • AI plugins in corporate tools
  • AI API usage
  • Generative AI SaaS (direct and unsanctioned)
  • AI integrations and AI features within existing software

Custom Fields in the ITAM System

To manage AI properly within a CMDB or ITAM platform, new custom attributes are required:

FieldExample ValueAI EnabledYesAI FeatureCopilotRisk LevelHighAI Cost$24K/yearAI Usage StatusActiveAI Data AccessSharePointExternal Model UsageYesApproved AI ToolNoAI OwnerDigital TeamAI via APIEnabled

Data Sources for AI Tracking

Most of these sources already exist in the infrastructure — they simply need to be leveraged in the right context:

  • Microsoft Graph API — Copilot and M365 AI usage
  • CASB/SASE — Shadow AI discovery
  • Browser extension analysis — ChatGPT, Gemini extensions
  • SaaS telemetry — AI feature usage
  • SSO/IdP systems — AI service authorizations
  • Procurement systems — mapping AI costs to actual consumption
  • Cloud event logs — integrations and API calls

AI is gradually becoming another area of control within ITAM/SAM — alongside software, SaaS, cloud services, and spend management. For organizations, this means moving from point-in-time control of individual AI tools toward comprehensive AI governance within the existing IT landscape. ITAM/SAM is now one of the key leverage points for building a transparent, governed, and cost-effective approach to AI use across the enterprise.

Contact

Get in touch

Getting in touch is easy - subscribe to our channel in Telegram and LinkedIn page.
Have a project in mind or just want to talk automation? Drop us a message — we’re always happy to connect, share ideas, and see how we can help.

We care about your privacy and personal data. By sending this form you accept the terms and conditions of our privacy policy.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

Consulting and automation for enterprise class ITAM and ITSM

info@synta.pro

Republic of Kazakhstan, 050046, Almaty city, Egizbayev street 7/9, office 174

Quick Links
AboutBlogEventsContact
Technology partners
Flexera
Snow SoftwareBMC SoftwareFreshworks

© 2026 Synta LLP. All Rights Reserved

Privacy policy