Bockdev

Appearance

Mun Bock Ho profile picture Mun Bock Ho

Shadow AI and the Blind Spots in Third-Party Software Dependencies

Learn what Shadow AI is, how it hides inside third-party software dependencies, and what security and compliance risks it creates for your organization. Includes practical detection and mitigation strategies.

Shadow AI and the Blind Spots in Third-Party Software Dependencies

Your team swore they would never use unapproved AI tools. But somewhere in your supply chain, AI is already running. It's in the libraries your developers pulled from npm last Tuesday. It's in the SaaS platform your finance team uses to generate reports. It's in the code your vendor shipped last quarter.

You didn't approve it. You probably don't know it's there. And your security policies don't cover it.

This is the reality of Shadow AI in 2025. It's not just about employees sneaking ChatGPT into their workflow. The bigger, quieter risk lives inside your third-party software dependencies, and most organizations have almost no visibility into it.

What Is Shadow AI?

Shadow AI refers to any AI system or model used within an organization without official approval, oversight, or governance.

Most people think of Shadow AI as an individual employee habit. Someone uploads a sensitive document to an AI chatbot. A developer uses an AI code assistant without IT knowing. Those are real problems. But the harder-to-detect version is baked into software you already trust.

When a vendor, open-source library, or SaaS product integrates an AI model into its functionality, that AI becomes part of your environment whether you like it or not. You accepted the terms of service. You installed the package. You're already using it.

How AI Hides Inside Third-Party Dependencies

Modern software rarely runs in isolation. A single application might pull in hundreds of third-party packages. Each one can carry its own dependencies, and increasingly, those include AI components.

Here's how AI typically sneaks in:

Open-source libraries with embedded models A popular npm or PyPI package adds a local ML model for features like autocomplete, anomaly detection, or content filtering. When you update the package, the model updates too.

SaaS platforms with AI-powered features A project management tool adds AI summaries. A customer support platform adds AI response suggestions. These features may be opt-in on the surface but enabled by default under the hood.

SDKs that phone home to AI APIs Some SDKs send data to third-party AI services as part of their core function. Unless you read every changelog and audit every outbound call, you won't notice.

Vendor-built software with opaque AI integrations Enterprise software vendors now embed AI into modules, workflows, and analytics tools. The AI vendor powering that feature may not be disclosed in the main product documentation.

A simplified view of where AI can enter your dependency chain:

Your Application
├── Internal Codebase
│   └── (You control this)
├── Third-Party Libraries (npm, pip, Maven, etc.)
│   ├── Package A
│   │   └── Embedded ML model (local inference)
│   └── Package B
│       └── SDK → External AI API (data leaves your environment)
├── SaaS Integrations
│   ├── CRM with AI scoring (opt-out buried in settings)
│   └── Analytics tool with AI summarization (default on)
└── Vendor-Supplied Software
    └── AI model from undisclosed sub-processor

Each node in that tree is a potential blind spot.

Why This Is a Security and Compliance Problem

The risks are not theoretical. They fall into three main categories.

1. Data Exposure

When a third-party library sends data to an external AI API, that data may include personally identifiable information (PII), financial records, or intellectual property. Most teams don't realize data is leaving their perimeter at all.

2. Model Behavior You Can't Predict or Audit

If you don't know an AI model exists in your stack, you can't evaluate its outputs, test it for bias, or audit it for compliance. If it produces an incorrect or harmful result, you have no traceability.

3. Regulatory Non-Compliance

Regulations like GDPR, HIPAA, and the EU AI Act impose strict requirements around AI use, data processing, and transparency. If a third-party tool uses AI on your data, your organization can still be held responsible.

Risk CategoryExamplePotential Impact
Data exposureSDK sends query data to OpenAI APIPII leak, breach notification required
Unaudited model outputsAI in vendor tool produces incorrect decisionsLiability, reputational damage
Regulatory violationAI processes EU citizen data without disclosureGDPR fine, audit failure
Supply chain attackCompromised AI model injected via package updateMalicious behavior, data exfiltration
Vendor lock-in via AICore workflow depends on proprietary AI featureLoss of portability, pricing leverage

How to Detect Shadow AI in Your Dependencies

You can't fix what you can't see. Here are practical ways to find AI hiding in your stack.

Audit Your Dependency Tree

For Python projects, generate a full dependency list and check for known AI/ML packages:

bash
# Python
pip list --format=freeze > requirements_full.txt
grep -iE "openai|anthropic|langchain|transformers|torch|tensorflow|sklearn|huggingface" requirements_full.txt
bash
# Node.js
npm list --all --depth=10 > npm_tree.txt
grep -iE "openai|anthropic|langchain|@huggingface|tensorflow|onnx" npm_tree.txt

This won't catch everything, but it surfaces obvious AI library usage fast.

Monitor Outbound Network Traffic

Any library calling an external AI API will make HTTPS calls to endpoints like api.openai.com, api.anthropic.com, or generativelanguage.googleapis.com. Set up network monitoring to flag these calls.

bash
# Example: Use tcpdump to capture traffic to known AI API domains
sudo tcpdump -i any -n 'host api.openai.com or host api.anthropic.com' -w ai_traffic.pcap

In a cloud environment, use your VPC flow logs or a web application firewall (WAF) with domain-based rules.

Review SaaS Data Processing Agreements

For every SaaS tool your team uses, check the Data Processing Agreement (DPA) and Terms of Service for language like "machine learning", "AI model", "third-party AI providers", or "automated processing." Ask vendors directly if their product uses AI on your data.

Use Software Composition Analysis (SCA) Tools

Tools like Snyk, FOSSA, or Dependency-Track can scan your dependency graph for known packages. Some are adding AI component detection as part of their license and security scanning.

yaml
# Example: Snyk config to scan dependencies
# .snyk or snyk test command
snyk test --all-projects --severity-threshold=medium

How to Reduce the Risk

Detection is the first step. Here is what to do after you find Shadow AI in your stack.

Create an AI Inventory

Document every AI component in your environment. Include the model name or family, the vendor, the data it processes, and whether it has been approved.

json
{
  "ai_inventory": [
    {
      "component": "Salesforce Einstein",
      "vendor": "Salesforce",
      "data_processed": ["customer records", "email content"],
      "approved": true,
      "approved_by": "CTO",
      "approval_date": "2024-11-01"
    },
    {
      "component": "npm:langchain@0.1.x",
      "vendor": "LangChain Inc.",
      "data_processed": ["unknown - pending audit"],
      "approved": false,
      "action_required": "audit or remove"
    }
  ]
}

Add AI Disclosure Requirements to Vendor Contracts

Any new vendor contract or SaaS agreement should require vendors to disclose all AI sub-processors and notify you before introducing new AI components that process your data.

Set Up Automated Dependency Scanning in CI/CD

Add AI package detection to your CI pipeline so new AI dependencies are flagged before they reach production.

yaml
# GitHub Actions example: flag new AI dependencies
name: AI Dependency Check
on: [pull_request]

jobs:
  ai-check:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Check for new AI packages
        run: |
          grep -rniE "openai|anthropic|langchain|transformers|torch|tensorflow" requirements*.txt package*.json \
          && echo "WARNING: AI package detected - review required" \
          || echo "No known AI packages found"

Define an AI Acceptable Use Policy

Your security policy needs an explicit section on AI. It should cover what AI tools are approved, who can approve new ones, what data categories AI may process, and how vendors must disclose AI use.

Shadow AI Risk vs. Managed AI: A Quick Comparison

FactorShadow AIManaged AI
VisibilityNone or partialFull inventory
Data governanceUnknownDocumented and audited
Compliance postureHigh riskControlled
Vendor accountabilityNoneContractual obligations
Incident responseDifficult, slowDefined process
AuditabilityNoneLogs and traceability

Q&A

1. What is the difference between Shadow IT and Shadow AI?

Shadow IT refers to any unapproved technology used in an organization. Shadow AI is a subset specifically about AI tools and models used without authorization. Shadow AI carries unique risks around data training, model behavior, and regulatory compliance that generic Shadow IT guidance doesn't address.

2. Is an AI feature in a SaaS tool I already approved still considered Shadow AI?

Yes, if the AI feature was added after your original approval and you were not notified, the AI component itself has not been approved. You should review new features in tools you already use on a regular basis.

3. Can open-source libraries really contain AI that calls external APIs?

Yes. Some open-source packages include SDK integrations that can send data to cloud-based AI services. Unless you read the full dependency code or monitor outbound network traffic, this can happen without you knowing.

4. What regulations specifically apply to Shadow AI?

GDPR applies when AI processes personal data of EU residents. HIPAA applies when AI touches protected health information. The EU AI Act adds further obligations for high-risk AI systems. CCPA applies for California residents' data. Sector-specific regulations like SOC 2 and ISO 27001 also require you to inventory and control your processing tools.

5. How often should we audit our dependency tree for AI components?

At minimum, audit with every major dependency update and quarterly as a standing review. Automated scanning in CI/CD (as shown above) can catch new additions in real time.

6. What should I do if I find an unapproved AI component already in production?

First, assess what data it accesses. Then determine if that data should have been processed by that AI. If there is a potential breach or compliance issue, engage your legal and privacy teams. Finally, decide whether to approve the component retroactively, replace it, or remove it.

7. Are AI features that run locally (on-device or on-premise) lower risk?

Generally yes, since data does not leave your environment. But they still carry risks around model accuracy, bias, and auditability. You still need to inventory and document them.

8. How do I know if a vendor is using AI on my data?

Ask them directly in writing. Review their DPA and privacy policy for references to "automated processing," "machine learning," or "AI sub-processors." Reputable vendors will disclose this. If they won't, that's a red flag.

9. Should developers be blocked from using AI coding tools entirely?

Blocking tends to push usage further underground. A better approach is to define approved tools, set clear data handling rules (for example, no customer data in AI prompts), and build a lightweight approval process for new tools.

10. What is the fastest first step a security team can take today?

Run a dependency scan (like the grep commands shown above) on your top five most critical applications. The goal is not a complete inventory on day one. It is to find the most obvious, highest-risk AI components quickly and start building visibility from there.

My SaaS
Acluebox
Build modular and reusable system prompts with my SaaS, Acluebox. Also, free prompt template generators there.

References

Made with ❤️ by Mun Bock Ho

Copyright ©️ 2026