AI Governance

AI-BOM: The Shadow AI Inventory Your Enterprise Needs Before Governing AI

May 18, 20267 min

Shadow IT has evolved into Shadow AI — and there's a new tool to track every agent, bot, and model in use across the company: the AI-BOM (AI Bill of Materials). Without it, you don't know what's running, who authorized it, what data is exposed — and you can't govern what you can't see.

Shadow IT Became Shadow AI. The Problem Got Bigger.

For years, IT managers battled Shadow IT: employees using Dropbox, Trello, WhatsApp, and dozens of other unauthorized services outside corporate control.

In 2026, the problem has evolved. Shadow AI is the new frontier — and it's more complex for a fundamental reason: while an employee using personal Dropbox creates data storage risk, an employee using unauthorized ChatGPT, Claude, or any AI agent may be transmitting confidential data to third parties without realizing it, without a trace, without control.

In May 2026, The Register documented a concept gaining traction in more advanced security teams: the AI-BOM — AI Bill of Materials.

What Is an AI-BOM

Inspired by the Software Bill of Materials (SBOM) that regulators require from critical software vendors, the AI-BOM is a structured inventory of every AI component in use across the organization.

A complete AI-BOM documents:

  • Which AI models are being used (GPT-4o, Claude, Gemini, local models)
  • Which agents and bots are running, by whom, and with what permissions
  • What data those systems access and process
  • Who authorized each tool (or whether there's no documented authorization)
  • Which APIs are being called externally
  • Which vendor processes the data and under what privacy policy

Without this inventory, the answer to "which AI tools are using customer data?" is "we don't know."

Why This Is Urgent Now

The Proliferation of Agents Changed the Game

In 2023 and 2024, Shadow AI mostly meant employees using personal ChatGPT. In 2026, it means autonomous agents, n8n or Zapier automations connected to AI models, browser extensions with embedded AI, AI plugins in IDEs, and native AI copilots in SaaS tools.

Each of those points is a potential data-leakage vector that doesn't appear in the traditional IT asset inventory.

Regulations Have Real Consequences

Under GDPR and sector-specific regulations, the company is responsible for personal data processing — regardless of who inside the company initiated that processing. An employee who sends customer data to an unauthorized AI model doesn't eliminate the company's liability; they create it.

The phrase that keeps appearing in security discussions: "If you don't have visibility, you can't understand what to protect."

AI Agents Have Alarming Permissions

Modern AI agents can have access to email, calendar, code repositories, network files, databases, and external tools. A misconfigured or unaudited agent with access to corporate email is a permanent data-leakage risk — and many companies don't know it exists.

How to Build an AI-BOM in 4 Steps

Step 1: Discovery — Find What You Don't Know Exists

Use a combination of:

  • Network traffic analysis: which AI API domains are receiving requests? (api.openai.com, api.anthropic.com, generativelanguage.googleapis.com, etc.)
  • Browser extension audit: which AI-enabled extensions are installed on corporate devices?
  • SaaS connector review: which third-party integrations are connected to approved tools?
  • Team surveys: directly asking teams which AI tools they're using. Surprises guaranteed.

Step 2: Classification — Categorize by Risk

Not every AI tool is equally risky. Classify by:

Category Examples Risk Level
Personal tools with no corporate data ChatGPT for writing generic content Low
Approved enterprise tools with DPA Microsoft Copilot, Google Gemini for Workspace Medium (monitorable)
Tools with customer data access, no approval Any unaudited model with CRM access High
Autonomous agents with broad permissions Agents with email, file, internal API access Critical

Step 3: Governance — Document and Standardize

For each identified tool, document:

  • Owner (person or team)
  • Data accessed and processed
  • Vendor and applicable privacy policy
  • Status: approved, under evaluation, or to be decommissioned

Approved tools enter the official AI-BOM registry. Unapproved tools enter a decision process: approve with controls, replace with an approved alternative, or shut down.

Step 4: Maintenance — AI-BOM Is a Process, Not a Project

The AI-BOM must be continuously updated. New tools appear every week. Agents are deployed without formal review. The static inventory created today will be outdated in 60 days without an update process.

Implement:

  • Quarterly full AI-BOM review
  • Request process for new AI tools (with approval before use)
  • Automated alerts for new AI API domains detected in network traffic

Who Should Own the AI-BOM

AI-BOM ownership varies by organizational structure, but the functions that typically need to be involved are:

  • IT/Security: technical discovery, network monitoring, access controls
  • Legal/Compliance: contract review, DPAs, GDPR/regulatory adequacy
  • AI Manager / AI Officer (if exists): strategy, standardization, tool approval
  • Business leadership: prioritization, use case, exception approval

Without clear ownership, the AI-BOM becomes a document that exists but isn't maintained. Worse than not having one: you think you have visibility when you don't.

The Connection to Existing Shadow AI Work

If your company is already working on Shadow AI policies, the AI-BOM is the natural and necessary extension. A Shadow AI policy without an inventory is like a network security policy without a firewall — it exists on paper, not in practice.

FAQ

Do we need specific software to create an AI-BOM?
Not necessarily. For small to mid-sized companies, a well-structured spreadsheet with a regular update process works as a starting point. For larger organizations, SSPM (SaaS Security Posture Management) tools like Valence or Grip already offer AI inventory capabilities.

How long does building the first AI-BOM take?
Initial discovery typically takes 2 to 4 weeks for mid-sized organizations. The challenge isn't the tool — it's getting teams to reveal what they're using.

What do we do with unauthorized tools we find?
Don't shut down immediately without understanding the use case. Many Shadow AI tools exist because the official tool doesn't solve the problem. Understand first, then decide between approving with controls, providing an approved alternative, or discontinuing.

Is an AI-BOM required by any regulation?
Not explicitly yet, but it's being actively discussed in security frameworks. NIST AI RMF and ISO/IEC 42001 include AI system inventory requirements. Sector regulations (financial, healthcare) are beginning to specify similar controls.

Conclusion

The AI-BOM is no longer a theoretical governance exercise. It's the operational foundation of any real AI control strategy.

Without knowing which tools are in use, what data is being processed, and who authorized each system, any AI policy is fiction. Effective governance starts with visibility — and the AI-BOM is the instrument of that visibility.

If your company needs help building its first AI-BOM or structuring an AI tool governance process, talk to Intrabit.

Further Reading

  • Shadow AI: 38% of Your Employees Are Already Leaking Company Data Without Telling You
  • 1 in 5 Companies Has Already Suffered an AI Data Breach — Is Yours Next?
  • AI Policy That Actually Changes Behavior (Not the One That Goes in a Drawer)

Related articles

  • AI Transparency Is Now Law — What Your Chatbot, Marketing Content, and Employee Tools Must Display by August 2026
  • Your Recruitment Software Is Already Regulated as High-Risk — The August 2026 Deadline Your HR Team Doesn't Know About
  • 95% of Enterprises Are Spending Billions on AI and Seeing Nothing Back — The Organizational Failure at the Root

Ready to diagnose your company?

The first session is free and takes 45 minutes.

Request diagnosis