Review discovered AI tools
AI Discovery detects and classifies the AI tools actually used in your organization. Your job as an admin or security lead is triage: decide, tool by tool, what is sanctioned, what needs review, and what gets blocked.
Newly discovered vs. catalog
Discovery has two tabs: Newly discovered — tools recently observed by Shield Web that are not yet approved in your catalog — and Catalog, your reviewed inventory. When unreviewed tools appear, Shield prompts you: "New AI tools detected — please triage them."
Every app row shows vendor, functional category (e.g. LLM chat, coding assistant), when it was first seen, how many users it affects, and its source (Verified by the Qadar catalog, auto-detected, or manually added).
Risk and status
Two dimensions drive the triage:
- Risk — based on data exposure, vendor trust, and compliance posture. The KPI tiles let you jump straight to high-and-critical-risk or ungoverned apps.
- Status — the approval state in your organization: sanctioned, under review, unsanctioned, or blocked.
Sanction, review, or block
Use the quick actions on each app — also in batch:
- Allow — marks the app as sanctioned for your organization.
- Warn / Review — flags it for evaluation; the app stays accessible while your team decides.
- Block — employees are prevented from using it.
A blocked or allowed status takes effect through Shield Web like any policy. For finer rules on a sanctioned tool — specific data types, specific actions — create a policy scoped to that tool.
Internal tools
Self-hosted or internal AI (an Azure OpenAI deployment, a custom RAG app) won't be auto-detected — use Add custom app so it appears in your catalog and governance picture like everything else.
Tip: the "Ungoverned" metric (apps in review or unsanctioned) is the number to drive to zero — it is your live shadow-AI backlog.
Was this article helpful?
Related articles
Tour of the Shield Control dashboard
Monitored AI, blocked events, open risks, prompt volume, risk distribution — what the Safe-AI dashboard tells you and where each number comes from.
Read articleCreate a policy
Build a policy from the five layers — tools, data types, actions, context, enforcement — and activate it for your organization in minutes.
Read articleThe audit log and CSV export
Every detected AI interaction and its policy outcome, filterable and exportable — the tamper-resistant record for reviews and audits.
Read articleStill stuck?
Send us the details — we answer within one business day.