Most enterprises do not have a shadow-AI problem. They have a shadow-AI discovery problem.
Engineers paste sensitive data into ChatGPT. Sales tools call OpenAI directly from a Chrome extension. A pilot team wires up an open-source model behind a corp VPN. Each of these is rational on its own. Stacked together, they are an unmanaged egress surface that your CISO cannot defend.
What `reframe scan --shadow` actually does
Reframe Harness runs a one-shot inventory across the tenant:
- Endpoint capture — every outbound call to a known model host (`api.openai.com`, `api.anthropic.com`, `generativelanguage.googleapis.com`, hosted Gemini, etc.) gets fingerprinted.
- Identity attribution — each call gets attached to a user, a workload, or an unidentified source (which itself becomes a finding).
- Classification — sanctioned (routed through the Reframe gateway), unsanctioned-known (egress to a known model not on your policy), unsanctioned-unknown (mystery LLM traffic).
What happens to the unsanctioned calls
Unsanctioned calls are quarantined at the policy interceptor and offered a single, frictionless redirect: the same prompt, same model family, routed through the Reframe gateway with your policy, redaction, and audit applied. Engineers keep moving. CISOs get the audit trail. Compliance gets the evidence bundle.
Why this matters now
The EU AI Act, NIST AI RMF, and every internal AI governance committee converge on the same question — can you prove how AI is being used in your environment? "We trust our people" is not an answer that survives a board meeting.
Reframe Harness gives you the answer: a signed inventory, a one-command quarantine, and a path to bring every AI call inside the policy you signed.