We are Customer Zero: How SailPoint secured its own shadow AI

Generative AI has reshaped the productivity landscape, but it has also introduced a massive, often invisible risk: Shadow AI. Employees are moving fast, adopting new tools to do their jobs better, but IT and security teams are often left in the dark regarding where corporate data is actually going.

The challenge: you can’t govern what you can’t see

To understand the challenges AI brings to our customers, and develop a solution, SailPoint looked at the proliferation of AI tools through three key lenses.

• The CIO perspective: CIOs’ concerns are twofold. First, the use of unsanctioned AI tools can create an unmanageable IT environment, driving up hidden costs, and creating integration nightmares. Second, without a centralized view, teams can’t ensure technology investments are used effectively and in alignment with business strategy.
• The CISO perspective: For CISOs, it’s about the lack of visibility into Shadow AI. Each new, ungoverned AI tool represents a potential vector for data exfiltration and a compliance nightmare waiting to happen. Corporate data could easily be fed into black-box systems with unknown security postures. This dramatically expands the potential attack surface and increases the risk of serious security breaches and regulatory fines.
• The Chief AI Officer perspective: Chief AI Officers want to foster a culture of responsible innovation. The rise of Shadow AI indicates a strong desire from employees to leverage cutting-edge technology. However, innovation cannot come at the cost of security and compliance. The challenge is to empower the workforce with the AI tools they need to be productive while ensuring guardrails are in place to protect the organization.

At SailPoint, we understand the potential vulnerabilities that AI tools can bring, which is why we’ve developed our newest innovation: SailPoint Shadow AI Remediation. Then as part of our commitment to being "Customer Zero," we were the first to roll out and test SAIR.

Implementing as Customer Zero

In considering the AI challenge, we suspected there may be gaps in our monitoring and needed a way to detect rogue use of AI tools without hindering the productivity of our workforce. We needed to move from a reactive stance to a proactive one.

"Day one, we noticed the depth of information and insights that Shadow AI Remediation can provide," says Taylor Trick, a SailPoint expert involved in the rollout. The initial deployment provided details about user behavior and LLM usage, like ChatGPT and Google Gemini.

We didn't test this in a lab; we tested it in the real world, on our own network. We rolled out the SAIR browser extension in a phased approach, starting with key internal teams before expanding to the entire organization.

The deployment covered 3,400 users—our own crew members.

For a rollout of this magnitude, disruption is usually the biggest fear. However, the process was seamless. "Not a single ticket was opened out of 3,400 people," Taylor notes.

By treating ourselves as the first customer, we proved that deployment could be swift and non-intrusive.

Immediate visibility and "wow" moments

The value of becoming Customer Zero became apparent almost instantly. We didn't have to wait weeks or months for trend lines to appear.

"This is not something that took a highly coordinated and sustained effort. We installed SailPoint Shadow AI Remediation and were collecting rich information that made significant impacts in days," says Scott Boysel.

The data provided a forensic accounting of our entire environment. We found gaps in application onboarding and uncovered unexpected AI usage patterns.

Turning insight into action

Visibility is only the first step. Because we were using SAIR in our own environment, we could immediately test its remediation capabilities. We didn’t just watch the risks; we took action to address them.

The tool allowed us to implement proactive security measures, such as:

• Real-time redirection: Guiding users away from unsanctioned tools and toward approved AI platforms.
• Policy application: Flagging high-risk applications and applying governance policies immediately.
• Spend management: Identifying redundant apps to optimize software spending.

Dan Jean-Louis, Manager of Identity Governance & Administration at SailPoint, puts it best, "You can’t implement effective change unless you have the validation to back it." The data gave us the leverage we needed to make intelligent, defensible decisions about our security architecture.

Bridging the gap between identity and security

Perhaps the most critical outcome of our Customer Zero initiative was how it united our internal teams. Shadow AI Remediation acted as a bridge between our identity security experts and our Security Operations Center (SOC).

By feeding browser-level activity data into our security frameworks, we created a tighter feedback loop. "It provides a bridge between how we govern and administer our identities and what risks may be present," Scott explains. "It tells us about data sprawl, data exfiltration risks, and applications we may not have onboarded."

Validated for the world

We built Shadow AI Remediation because the market and our customers demand it. We tested it on ourselves first as part of our Customer Zero commitment because we refuse to release a product that we wouldn't trust with our own data.

Our experience as Customer Zero proved that SailPoint Shadow AI Remediation is more than just a visibility tool; it is a mechanism for safely enabling innovation. We identified the vulnerabilities, built remediations, and validated the results. Now, we are ready to help organizations everywhere close the gaps in security hygiene and gain control over Shadow AI.

Ready to see what you've been missing? Learn more about Shadow AI Remediation.