This page maps common Shadow AI risks to what Spur can detect and control today. It’s aligned to the actual collectors (Chrome/Edge extension + macOS endpoint agent) and the admin portal features.
Each card includes a concrete threat identifier, related MITRE ATT&CK techniques (the data-movement or account-use behaviors the risk aligns with), the signal Spur can produce, and the control surface (policy, DLP rule, block).
Customer data, CRM exports, or personal data pasted into consumer AI tools without a DPA or approved safeguards.
Employees use new AI tools without IT awareness, creating unmanaged data exposure and inconsistent controls.
Native AI apps and local model runtimes can bypass browser-only controls and create blind spots.
Inability to show who used which AI tools, what was blocked, and what policies were in effect during an audit window.
Violations, detections, and sensitive-data blocks stay siloed outside your security monitoring workflows.
Spur is designed not to collect prompt content by default. DLP runs on-device in the browser extension, and events focus on metadata and policy outcomes.
MITRE links describe underlying behaviors (exfiltration over web services, valid cloud accounts, etc.). Shadow AI risk often involves employees using legitimate tools — not only malicious actors — but the same techniques apply to detection and audit evidence.