Home Dashboard GitHub

Shadow AI Cloud Connector — multi-source discovery with persistent baselines

2026-03-23

securityobservability

What We Built

Extended shadow AI detector from request-log-only scanning to multi-source discovery: DNS scanning for AI provider patterns, API key leakage detection (regex for OpenAI/Anthropic/Google keys), scan configuration CRUD, manual scan trigger, alert acknowledgement, and DB-backed persistent baselines (v43 migration). Closes the multi-source shadow API discovery gap vs Salt Security and Cequence.

Lockstep Checklist

  • [x] API: 5 new endpoints
  • [x] SDK-TS: ShadowAi resource with 8 methods
  • [x] SDK-PY: ShadowAi + AsyncShadowAi with 8 methods each
  • [x] Tests: 9 tests (key detection, config, scan execution, alert ack)
  • [x] DB: v43 migration (shadow_ai_baselines + shadow_ai_alerts tables)
  • [x] Docs: Ship log