Shadow AI is no longer just employees installing new AI apps: it increasingly appears as quietly enabled features inside trusted SaaS tools. Obsidian Security logged 69,749 user interactions with embedded AI in a 30‑day window, most of which would have been invisible without browser-level monitoring — a sign that periodic procurement reviews alone no longer reveal real exposure.

Where embedded AI slips past controls

Large SaaS platforms such as Slack, Zendesk, and Airtable are rolling AI features into their UIs; those features can be toggled or used by end users without triggering IT procurement or third‑party risk management (TPRM) checkpoints. Unlike standalone AI products that at least pass through a procurement pipeline, embedded AI inherits the app’s approval status, creating blind spots: models may read message histories, tickets, or CRM fields that were never flagged for AI processing.

How continuous, browser-level detection works and why it’s different

Detection needs to happen where people actually type data and receive AI responses — the browser. Vendors such as Nudge Security and Obsidian Security combine lightweight identity‑provider integrations with browser extensions to do three things in real time: inventory which AI features are active, flag sensitive fields or data shared with AI, and send alerts or enforcement actions when policies are violated. That shifts governance from “what apps are allowed” to “what AI interactions are allowed, when, and by whom.”

Recommended Reading

FBI probes coordinated malware in Steam games — if it ties one actor, Valve will be under pressure to change vetting

The FBI’s Seattle Division has opened a public investigation into multiple Steam games that embedded malware to steal cryptocurrency and hijack accounts between May 2024 and January 2026. The agency is asking anyone who installed the affected titles to submit incident details and victim information while it investigates a likely coordinated campaign exploiting Steam’s release […]

FBI probes coordinated malware in Steam games — if it ties one actor, Valve will be under pressure to change vetting

Concrete risks for mid-sized organizations

Medium‑sized enterprises are especially exposed because IT governance tends to be decentralized and freemium AI tools or embedded features can be adopted by a team without central oversight. That creates practical failure modes: regulated data processed by an unvetted AI can breach data residency or contractual rules; duplicated AI subscriptions inflate costs; OAuth scope creep grants more access than intended; and lack of logs slows incident response when data is leaked.

These are not hypothetical: unmanaged AI interactions can transform a single user action into a compliance event if, for example, a customer support agent copies customer PII into an AI prompt inside Zendesk or Slack. Legal and compliance teams often cannot attest to controls because there is no continuous record of who used which AI capability and on what data.

Next checkpoint: enforce AI policies where users actually interact

The immediate operational step is to translate policy into real‑time controls: enumerate allowed AI features per app, map which data fields must be blocked from AI prompts, and enforce those rules at the browser or identity layer so enforcement follows user sessions. Vendors integrating with identity providers (IdP) can automate inventory and tie alerts to user accounts, providing the audit trails legal teams need to certify compliance.

For verification, CISOs and compliance leads should set a measurable checkpoint: within 90 days, install continuous monitoring in a pilot department, measure the number of previously invisible AI interactions found (Obsidian’s 69,749 figure is an indicator of scale to expect at enterprise volume), and apply selective blocking or scoped permissions to reduce sensitive data exposure.

Short Q&A

How fast should organizations act? Start pilots immediately; because embedded AI can be enabled by users at any time, waiting for the next procurement cycle leaves exposures unaddressed.

What telemetry matters first? Track which SaaS pages invoke AI features, which fields are seeded into prompts, which OAuth scopes have been granted, and which users or departments are the primary consumers.

Can existing security tools cover this? Not fully. Traditional app inventories miss embedded features; you need browser‑level or IdP‑integrated tooling to see and control actual interactions in real time.