New Tool Tracks Unauthorized AI Usage Across Organizations
- By John K. Waters
- 11/19/25
DevOps platform provider JFrog is taking aim at a growing challenge for enterprises: users deploying AI tools without IT approval. The company recently introduced Shadow AI Detection, a new feature designed to identify and manage unauthorized artificial intelligence implementations that often fly under the radar.
The capability targets a problem that has accelerated alongside the AI boom: developers and teams incorporating AI models and external services into their workflows without going through proper security reviews or governance channels. These unsanctioned implementations, known as shadow AI, can expose organizations to compliance violations, data leakage, and supply chain vulnerabilities. JFrog's tool automatically discovers both homegrown AI models and third-party API integrations, giving security and compliance teams visibility into AI usage they may not know exists.
"Recognizing and mitigating the risks of shadow AI is becoming a critical priority," said Yuval Fernbach, vice president and CTO of JFrog ML, in a statement. "This capability aims to strengthen oversight without limiting innovation."
As AI models from vendors such as OpenAI, Anthropic, and Google are increasingly integrated directly into workflows, organizations face mounting challenges tracking these tools across departments. JFrog's detection feature automatically inventories both internally developed models and third-party APIs in use, enabling centralized governance.
Once detected, the platform allows teams to implement access controls, enforce compliance policies, and audit usage across environments. The tool also supports monitoring of popular AI services, including OpenAI and Google Gemini.
The launch comes amid tightening AI regulations across the U.S. and Europe. JFrog says its detection feature is aligned with emerging frameworks, including the U.S. Transparency in Frontier AI Act, the EU AI Act, the Cyber Resilience Act, and Germany's BSI Guidelines. These regulations increasingly require documentation of AI usage, supply chain transparency, and proactive security controls.
JFrog positions its software supply chain platform, including the new Shadow AI Detection tool, as a response to both governance risks and global compliance demands. The capability will be available through the company's AI Catalog, with general availability expected in 2025. For more information, visit the JFrog site.
About the Author
John K. Waters is the editor in chief of a number of Converge360.com sites, with a focus on high-end development, AI and future tech. He's been writing about cutting-edge technologies and culture of Silicon Valley for more than two decades, and he's written more than a dozen books. He also co-scripted the documentary film Silicon Valley: A 100 Year Renaissance, which aired on PBS. He can be reached at [email protected].