.svg)
June 2026
Omar Zarabi
Every technology wave follows a familiar pattern.
A new category of tools emerges. Employees discover that these tools make them more productive. Adoption spreads rapidly across the organization. Innovation accelerates. And then leadership realizes they have no idea what's actually being used.
We've seen this story before.
A decade ago, SaaS transformed the way organizations operated. Teams no longer had to wait for IT to acquire software. Anyone with a corporate email address could sign up for a new tool and start using it immediately. Teams moved quickly because those tools enabled them to move quickly.
The result was what became known as "Shadow IT," or technology being used across the organization without visibility, oversight, or governance from IT and security teams.
While these tools delivered tremendous business value, they also created significant challenges:
-Sensitive data was being shared outside approved systems.
-Organizations lost visibility into what applications were being used.
-Security teams struggled to understand risk exposure.
-Compliance requirements became increasingly difficult to enforce.
-IT teams were constantly playing catch-up.
The reality was simple: you cannot secure what you cannot see.
Organizations needed a better way to understand what SaaS applications were actually being used across their environments, and they did that by leveraging outbound DNS activity to shine a light on application usage. Organizations could finally gain visibility into the SaaS tools employees were accessing every day.
For many companies, it was the first time they had a complete picture of their SaaS footprint and that visibility became the foundation for governance. Once organizations understood what applications existed in their environment, they could establish policies, implement controls, reduce risk, and make informed decisions without slowing down innovation.
Today, we're seeing the exact same pattern emerge again but with AI.
Employees are experimenting with AI tools to write content, analyze data, generate code, automate workflows, and improve productivity. Teams are integrating AI capabilities into business processes. Developers are building AI-powered applications. Organizations are beginning to deploy autonomous agents that can take action on behalf of users.
Many organizations know AI is being used across their environment, but they don't know:
-Which AI tools employees are using.What data is being shared with those tools.
-Which AI applications have been integrated into business workflows.
-Where AI agents are operating.
-What risks exist across their AI ecosystem.
In other words, we're experiencing the rise of Shadow AI. And just like Shadow IT before it, Shadow AI has a visibility problem.
When we talk about AI adoption inside an organization, we typically see it emerge across three layers.
AI Usage: This is the most immediate and widespread form of adoption. Employees interact directly with AI tools to increase productivity, accelerate research, generate content, or assist with daily work. These interactions often happen organically, long before formal governance programs are established.
AI Applications: The second layer involves applications that have AI capabilities built into them or applications that are specifically designed around AI. These tools become embedded into business processes and workflows, often touching sensitive company data and critical operations.
AI Agents: The third and fastest-growing layer is AI agents. Unlike traditional AI tools that simply generate outputs, agents can make decisions, interact with systems, and execute workflows on behalf of users. As organizations adopt agentic AI, the governance challenge becomes significantly more complex as the technology is actively participating in business operations.
The good news is that the same principles that helped organizations gain control of SaaS environments can help them gain control of AI environments. Our approach focuses on three foundational steps:
Discover: Before organizations can manage AI risk, they need visibility. Discovery creates the baseline for every governance decision that follows.
Govern: Once visibility exists, organizations can establish guardrails to enable responsible adoption by creating policies, controls, and oversight mechanisms to align AI usage with business objectives, security requirements, and compliance obligations.
Respond: The final step is action. Organizations need the ability to identify risky behavior, address policy violations, remediate exposure, and continuously adapt as the AI landscape evolves. Visibility without action is incomplete. Effective governance requires the ability to respond when risks emerge.
Years ago, organizations needed a way to gain control over the SaaS tools operating in their environment. Today, they need that same level of control over AI. While the technologies are different, the underlying problem remains the same.
Innovation moves faster than governance. The organizations that succeed will not be the ones that try to stop AI adoption, but the ones that embrace it. By helping organizations discover AI usage, govern AI applications, establish guardrails for AI agents, and respond to emerging risks, we enable businesses to use AI with confidence rather than uncertainty.
History may repeat itself but fortunately, so can the solution.
