Shadow AI

The AI tools your organization doesn't know about

The average enterprise has 665 distinct AI tools in use across its workforce. 80% of that usage happens outside IT's view. These aren't rogue actors — they're productive developers installing MCP servers, Claude Code plugins, and Cursor extensions to move faster. The problem isn't the tools. It's that nobody has a complete picture of what's running.

What shadow AI actually looks like

Shadow AI isn't malicious. It's what happens when developers adopt AI coding tools faster than IT can track them. A typical engineering organization accumulates:

MCP servers installed per-developer with shell access and secrets — no central registry
Claude Code plugins and custom skills that modify agent behavior without team awareness
Cursor configurations and .cursorrules files that vary wildly between team members
$2K/month surprise AI bills per team from untracked tool subscriptions and API usage

The risks of zero visibility

Without a centralized inventory, shadow AI creates compounding risks that grow with every new developer:

Unvetted MCP servers — third-party MCP servers can request shell access, read environment variables, and exfiltrate secrets with no audit trail
No audit trail — when an incident occurs, there is no record of which AI tools had access to what, or when they were installed
Cost explosion — duplicate subscriptions, unused licenses, and unmonitored API spend across hundreds of developers
Configuration drift — each developer's AI tools behave differently, leading to inconsistent code quality and unpredictable agent behavior

How Caliber discovers shadow AI

Caliber's caliber audit --org command scans every developer environment in your organization and builds a real-time inventory of AI tool configurations. No agents to install, no network sniffing — Caliber reads the config files that already exist on each machine.

$ caliber audit --org

# Scanning 142 developer environments...

# Found 38 MCP servers across 89 developers

# Found 12 Claude Code plugins

# Found 67 unique Cursor configurations

# Found 23 custom skills and 9 agent definitions

$ caliber audit --org --format json > inventory.json

# Export full inventory for compliance review

Caliber discovers and catalogs:

MCP servers — every server definition, its transport type, permissions, and which developers have it installed
Claude Code plugins — custom plugins that extend agent capabilities
Cursor configs — .cursorrules files and .cursor/mcp.json server definitions
Skills and agents — custom skill definitions and AGENTS.md configurations
Rules files — CLAUDE.md, .cursorrules, copilot-instructions.md across every project

From inventory to governance

Discovery is the first step. Once Caliber has a complete inventory, you can move from reactive firefighting to proactive governance. The governance dashboard gives security teams a single pane of glass for every AI tool in the organization — who installed it, what permissions it has, and whether it's been approved. Combined with fleet management, you can enforce approved tool lists, block risky MCP servers, and push standardized configurations to every developer.

For organizations navigating AI compliance requirements, shadow AI visibility is a prerequisite. You cannot govern what you cannot see. Learn more about AI setup for individual projects, or explore the full enterprise platform.

Frequently asked questions

How does Caliber detect shadow AI tools?

Caliber scans developer environments for AI tool configurations — MCP server definitions, Claude Code plugins, Cursor configs, skills, agents, and rules files. Running 'caliber audit --org' across your organization builds a real-time inventory of every AI tool in use, including those installed outside official channels.

Can shadow AI tools compromise our codebase?

Yes. Unvetted MCP servers can request shell access and read secrets from developer environments. Without centralized visibility, there is no audit trail for which tools have access to what. Caliber surfaces these risks by cataloging every MCP server, its permissions, and its access scope across your fleet.

What is the difference between shadow AI and sanctioned AI tools?

Sanctioned AI tools are approved, configured, and monitored by your organization. Shadow AI refers to the same categories of tools — MCP servers, plugins, coding assistants — but installed by individual developers without IT visibility. The tools themselves are not malicious; the risk comes from the lack of inventory, audit trail, and governance.

See every AI tool in your organization. No blind spots.

Book a Demo