The New Shadow IT Isn't Employees Using ChatGPT

A year ago, shadow AI meant employees pasting confidential data into ChatGPT. That was a people problem with people solutions — training, policies, access controls.

The shadow AI of 2026 is different. AI agents are hitting production APIs, making network calls, and generating mobile app traffic before security teams even know they exist. Developers are integrating unvetted MCP servers into their workflows, and the deployments are outrunning anyone’s ability to track them.

The old detection playbook doesn’t work anymore. You can monitor which humans visit which URLs. You can’t easily spot an autonomous agent making API calls through a chain of MCP servers, each adding its own context and permissions.

Banning agents isn’t the fix — that ship has sailed. Treat AI agent traffic like you’d treat any new service account: identity, scoping, and logging from day one. If an agent can make network calls, it needs a traceable identity. If it connects to external services, those connections need the same approval flow as any third-party integration.

The companies getting this right noticed early that “who has access” now includes things that don’t have a login screen.