A practical playbook to find, assess, and govern unvetted AI before it bites

Contributed by Thane M. Russey, VP, Strategic AI Programs, LCG Discovery & Governance

Series context. This installment extends Part 1 on AI as evidence and Part 2 on governance, then follows Part 3 on chain of custody, to tackle a growing reality, AI features and tools slip into enterprise workflows before security, legal, or audit can evaluate them. We show how to surface shadow AI, control it without crushing speed, and anchor decisions to recognized standards so they stand up under scrutiny. [1][2][3] (lcgdiscovery.com)

Why shadow algorithms are a growing risk

AI capabilities are now integrated into email clients, office suites, browsers, marketing platforms, developer tools, and SaaS add-ins. Well-meaning teams implement these features because they quickly address problems; however, the same convenience can result in sensitive data being sent to third-party models, changing evidence provenance, or producing outputs that appear authoritative without supporting test results. This is no longer just a theoretical governance issue. NIST’s AI Risk Management Framework considers AI risks as enterprise risks, not just science-project risks. It provides practical steps around Governance, Map, Measure, and Manage so that business owners and assurance teams speak the same language. [2]

Generative systems add new failure modes, from data leakage to subtle content fabrication. NIST’s Generative AI Profile, released in July 2024, is an official companion to the AI RMF and provides concrete controls for training data, prompt inputs, content provenance, monitoring, and human oversight. If your organization uses or embeds generative models, this profile is the shortest path to a common checklist across product, legal, and security. [3]

Regulators and standards bodies have also moved. ISO/IEC 42001 established requirements for an AI Management System, meaning auditors and customers will increasingly expect a structured program, defined roles, competence, operational controls, and continual improvement, all documented with evidence. [4] The EU AI Act entered into force on August 1, 2024, and the obligations phase in over time. If your products or services touch EU residents, you will need inventory, risk classification, and basic transparency and documentation, even if you are U.S.-based. [6]

There is an enforcement risk as well. The FTC’s Operation AI Comply has targeted deceptive AI claims and misuse, signaling that over-promising AI capabilities without substantiation can create liability. If a shadow tool influenced marketing or customer communications, you may have exposure you did not plan for. [9]

LCG perspective. Shadow AI happens when the business finds a faster path than governance. Give builders a visible on-ramp that is easier than going around you, then require proof of validation, logging, and a named accountable owner. Anchor decisions to the AI RMF functions and ISO/IEC 42001 clauses so every approval leaves an audit trail. [2][4]

A 90-day playbook to surface and control shadow AI

• Create the inventory you wish you already had. Run discovery across apps, browser extensions, SaaS integrations, workflow bots, and embedded “copilot” features. Classify each item by use case, data sensitivity, user population, and potential impact. Use the AI RMF functions as your classification backbone so risk and compliance can map findings to actions. [2][3]
• Name an owner for every AI use, no exceptions. Business ownership drives hygiene. Require each owner to document intended purpose, input data sources, model or feature versions, expected outputs, and known failure modes. Tie the record to change control. [2]
• Demand vendor assurances you can verify. Ask for SOC 2 reports that cover relevant Trust Services Criteria, security, availability, processing integrity, confidentiality, and privacy, and confirm the scope, period, and complementary user entity controls that your team must operate. This is table stakes before you let a tool touch sensitive data. [8]
• Add supply-chain discipline for software and services. During sourcing and renewal, map responsibilities using ISO/IEC 27036-3 guidance for hardware, software, and services supply chains, so controls do not fall into gaps between you and your supplier. [5]
• Stand up lightweight AI change control. Before any model or embedded feature touches live data, capture a one-page record of inputs, outputs, evaluation data, metrics, acceptance thresholds, and risks. Store test artifacts with the record. Over time, align these records with ISO/IEC 42001 clauses for operations and improvement, reducing future audit effort. [4]
• Put a human in the loop where harm is plausible. For decisions that affect people or legal rights, define review gates, escalation paths, and override criteria. Do not rely on tribal knowledge. Log each review with the reviewer’s identity, the context, and the decision. The AI RMF and the Generative AI Profile both emphasize the importance of defined human oversight. [2][3]
• Turn on observability and keep the receipts. Collect model version, prompts, responses, confidence scores where available, guardrail events, data lineage, and drift indicators. These logs support reproducibility, incident investigations, and the evidentiary chain of custody if an output is challenged. [2][3]
• Screen for extraterritorial obligations. Add one question to the intake: Does the use case target or substantially affect EU residents? If yes, classify under the EU AI Act, record transparency duties, and track upcoming milestones. It is more efficient to build a simple screening step now than to retrofit later. [6]
• Close the communication gap. Publish an “approved AI catalog,” a one-page request pathway, and turnaround service levels. Reward teams that bring tools forward early. Over time, this builds a culture that moves fast and keeps receipts. [2][4]

Map your program to standards, and avoid the common pitfalls

How to map practice to frameworks, in plain language

• NIST AI RMF functions as your control families. Label your intake forms, evaluation checklists, and monitoring dashboards with the Governance, Map, Measure, and Manage framework. This creates a common tongue across product, legal, risk, and audit. It also allows you to point to a recognized federal framework when regulators or customers ask, how do you manage AI risk. [2]
• Use the Generative AI Profile for anything prompt driven. The profile lists practical tasks for training data hygiene, content provenance, output review, and model monitoring. Treat it like a cross-functional to-do list. [3]
• Treat your process like an AI Management System. ISO/IEC 42001 expects clear policies, role definitions, competence, operational controls, incident handling, and continual improvement. If you already run ISO-style management systems for quality or information security, reuse that muscle for AI. [4]
• Bake supplier expectations into contracts. ISO/IEC 27036-3 provides a framework for your acquisition and vendor oversight, so you do not assume your supplier is doing the right thing without evidence. Pair it with SOC 2 requirements for independent attestation where appropriate. [5][8]
• Plan for the EU AI Act, even if you are U.S.-based. The law is in force, obligations phase in on a firm timeline, and the Commission has rejected calls to pause implementation. Use the publicly posted timeline to sequence your preparation. [6] (

Pitfalls we see, with concrete mitigations

• Believing a marketing claim is a control. Mitigation: ask for SOC 2 evidence, confirm the scope, read exceptions, and implement your required complementary controls. If the vendor cannot produce an attestation, treat the use as higher risk until they can. [8] (
• Treating embedded AI as “just a feature.” Mitigation: run the same intake and evaluation you would for any new system that touches sensitive data. Capture inputs, outputs, failure testing, and approval before production. [2][4]
• No log of human review. Mitigation: define gated review steps and make logging automatic with periodic sampling. Human-in-the-loop is only defensible if you can prove it happened. [2][3]
• Ignoring cross-border exposure. Mitigation: add an EU touchpoint question to intake and route hits to legal for AI Act classification and transparency planning. [6]
• Letting hype slip into public statements. Mitigation: involve compliance with copy review and avoiding unsubstantiated AI claims. Enforcement has shown there is no AI exemption from truth-in-advertising rules. [9]

Quick Checklist

1. Inventory AI in use, assign owners, and rate risks.
2. Validate vendors with SOC 2 and ISO/IEC 27036-3 controls.
3. Document evaluation, enable logging, and define human review before production. [2][5][8]

Final thought

Shadow algorithms thrive in the gaps between urgency and oversight. The remedy is not an innovation freeze; it is an on-ramp that teams can use quickly, paired with practical tests, independent attestations, and monitoring that make the benefits real and the risks understandable. Use the AI RMF to create a shared language, adopt the Generative AI Profile where prompts drive output, structure the program under ISO/IEC 42001, and extend procurement and vendor oversight with ISO/IEC 27036-3 and SOC 2. That combination gives you speed with receipts, which is exactly what regulators, courts, and customers will expect. [2][3][4][5][8]

References (endnotes)

[1] AI with Integrity – Part 3: AI and the Chain of Custody, LCG Discovery Experts, Oct 17, 2025. https://lcgdiscovery.com/ai-with-integrity-part-3-ai-and-the-chain-of-custody/ (lcgdiscovery.com)
[2] NIST, Artificial Intelligence Risk Management Framework (AI RMF 1.0), NIST AI 100-1. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.100-1.pdf (NIST Publications)
[3] NIST, Artificial Intelligence Risk Management Framework: Generative AI Profile (NIST-AI-600-1), July 26, 2024. https://nvlpubs.nist.gov/nistpubs/ai/NIST.AI.600-1.pdf (NIST Publications)
[4] ISO/IEC 42001:2023, Artificial intelligence — Management system. ISO. https://www.iso.org/standard/42001 (ISO)
[5] ISO/IEC 27036-3:2023, Cybersecurity — Supplier relationships — Part 3: Guidelines for hardware, software, and services supply chain security. ANSI Webstore entry. https://webstore.ansi.org/standards/incits/incitsisoiec270362023 (ANSI Webstore)
[6] European Commission, AI Act enters into force, Aug 1, 2024. https://commission.europa.eu/news-and-media/news/ai-act-enters-force-2024-08-01_en See also, implementation timeline overview: https://artificialintelligenceact.eu/implementation-timeline/ (European Commission)
[7] NIST, AI Risk Management Framework landing page (context and updates). https://www.nist.gov/itl/ai-risk-management-framework (NIST)
[8] AICPA & CIMA, SOC 2 — Trust Services Criteria overview. https://www.aicpa-cima.com/topic/audit-assurance/audit-and-assurance-greater-than-soc-2 (AICPA & CIMA)
[9] U.S. Federal Trade Commission, FTC Announces Crackdown on Deceptive AI Claims and Schemes (“Operation AI Comply”), Sept 25, 2024. https://www.ftc.gov/news-events/news/press-releases/2024/09/ftc-announces-crackdown-deceptive-ai-claims-schemes (Federal Trade Commission)

This article is for general information and does not constitute legal advice.