The Inventory Problem Nobody Wants to Admit They Have
Ask the average Director of AI or Head of Platform at an enterprise whether they have a complete inventory of the AI tools their organization is running. Most will give a version of the same answer: they know the major deployments, the centrally approved tools, the API contracts that go through procurement. What they are less confident about is everything else — the tools on personal credit cards, the shared API keys provisioned for a proof of concept six months ago and never deprovisioned, the team-level subscriptions that went through a departmental budget without touching IT procurement, the open source models running in someone's AWS account.
This is the enterprise AI tool audit problem. It is not a security failure or a governance failure in the sense of something going wrong. It is the natural state of fast-moving AI adoption in organizations where tooling acquisition is low-friction, teams have broad latitude to experiment, and centralized governance has not kept pace with the rate of adoption. The practical consequence is that most enterprises in 2025 are running AI tools they do not have a complete inventory of, spending money they have not fully attributed, and carrying risk they have not fully assessed.
Conducting an AI tool audit is the first step toward changing that. This post gives a practical approach to running one.
Before You Start: Define What You Are Looking For
An enterprise AI tool audit is not a security scan. It is a structured effort to build a complete inventory of AI tooling across four dimensions: what tools are in use, who is using them, how they are being paid for, and what data is being processed. Each of these dimensions has different discovery methods, different risk implications, and different remediation paths.
The scope of your audit should include, at minimum: API-based AI services (any tool that makes calls to an AI model API, whether internally developed or third-party), SaaS AI applications (tools with AI features that teams access through a browser or native app), AI-enabled integrations within existing software (AI features within collaboration tools, CRM systems, IDEs), and developer AI tooling (code assistants, AI-enhanced CLI tools, AI-integrated development environments).
Define "in use" before you start. A tool is in use if it has had meaningful activity in the past ninety days. Tools from before that window are worth noting for deprovisioning but are lower priority for the initial inventory.
Step One: Start With Finance, Not Engineering
The most reliable starting point for an AI tool audit is not a network scan or a developer survey. It is the billing data. Payments leave traces that are harder to obscure than usage logs, and finance teams typically have visibility into payment methods that engineering or IT do not.
Work with your finance team to pull all software and SaaS payments from the past twelve months. Sort by vendor and look for any vendor whose primary product is AI-related. This will surface the obvious ones (OpenAI, Anthropic, Google AI, Microsoft Azure AI) and many less obvious ones (AI writing tools, AI image generation platforms, AI data enrichment services). Flag every line item that touches an AI vendor, including those that are sub-items of larger vendor relationships (Azure AI as a line item within an Azure enterprise agreement, for example).
Next, look at payment methods. Corporate cards, departmental purchasing cards, and expense reimbursements are the most common vectors for shadow AI tool acquisition. If your expense system allows filtering by vendor category, a keyword search for "AI," "GPT," "Claude," "model," or "assistant" across expense submissions will surface a significant portion of individually-expensed AI subscriptions.
Step Two: Map the API Layer
Any internal-facing AI capability that was built rather than bought runs through an API. Mapping the API layer means identifying every API key, service account, or integration credential that touches an AI provider.
- Secret management systems: If your organization uses a secrets manager (Vault, AWS Secrets Manager, Azure Key Vault, GCP Secret Manager), query it for secrets with names or descriptions that suggest AI API credentials. Key naming conventions like OPENAI_API_KEY, ANTHROPIC_API_KEY, GOOGLE_AI_KEY, and their variants will surface most of them.
- CI/CD environment variables: Pull a list of environment variables set in your CI/CD platforms (GitHub Actions, CircleCI, Jenkins, GitLab CI) and scan for AI API credential patterns. This surfaces keys that are embedded in build pipelines rather than application secrets management.
- Infrastructure as code: Search your IaC repositories (Terraform, Pulumi, CloudFormation) for resource definitions that reference AI services. This will surface AI-adjacent infrastructure like vector databases, embedding endpoints, and model serving infrastructure that may not be visible from the billing or secrets layer.
- Application code repositories: A search of your source code repositories for imports or initializations of AI SDK libraries (openai, anthropic, langchain, llama-index, and similar) will identify services that are actively calling AI APIs, even if those services are not prominently documented. Pay particular attention to repositories that are not in active development — they may be running in production against shared credentials that no one is actively monitoring.
Step Three: Survey the Teams
Billing and technical discovery will find most of what is in active use, but not all of it. The remainder requires direct outreach to teams. A structured survey is more effective than informal conversations because it creates a record and signals that the audit is a serious governance exercise rather than an ad hoc inquiry.
The survey should ask each team to report: AI tools they are actively using, how each tool is paid for, what data types are processed through each tool (customer data, proprietary code, internal documents, general business data), whether any tools are using shared credentials, and whether there are any AI experiments or proofs of concept that are not yet in production but are making live API calls.
Frame the survey as an inventory exercise, not a compliance audit. Teams that feel they are being audited for violations will under-report. Teams that understand the organization is building its first complete AI inventory will generally cooperate fully, especially if the communication makes clear that the goal is governance infrastructure rather than usage policing.
Step Four: Assess What You Found
Once you have the inventory, the assessment phase categorizes what you found and identifies the remediation priorities. A useful framework organizes findings into four categories.
| Category | Description | Primary Risk | Remediation Priority |
|---|---|---|---|
| Sanctioned and attributed | Tools with formal procurement, clear team ownership, and cost attribution | Low (ensure ongoing monitoring) | Maintenance |
| Sanctioned but unattributed | Tools with formal procurement but no team-level cost attribution | Budget governance gap | High — attribution instrumentation needed |
| Unsanctioned but known | Tools being used without formal procurement approval, but visible to finance or IT | Data governance, contract risk | High — evaluate and formalize or terminate |
| Shadow | Tools not visible to finance or IT, discovered through code/survey | Data governance, security, contract risk, ungoverned spend | Critical — immediate review required |
Data Risk Assessment
For every tool in your inventory, assess what data is being processed. The critical question is whether customer data, regulated data (HIPAA, GDPR-scoped, PCI), or proprietary intellectual property is being passed to the tool's API. AI tools that process customer PII under terms of service that do not include appropriate data processing agreements represent a regulatory exposure. AI tools that process proprietary source code or internal documentation under terms that allow training data use represent an IP risk. These risks require evaluation of each vendor's data handling terms, which is a distinct exercise from the inventory itself but should follow directly from it.
Step Five: Determine What to Do With What You Found
An audit that produces a list but no action plan is not useful. The output of an AI tool audit should be four lists: tools to formalize, tools to consolidate, tools to deprovision, and tools requiring immediate data risk remediation.
Formalize
Tools that are delivering genuine value but operating without proper procurement, attribution, or data review should be brought into your governance framework. This means formal procurement, team-level cost attribution, data processing review, and inclusion in your ongoing AI tool inventory. Formalizing rather than simply prohibiting unsanctioned tools that are adding value is the practical governance approach — prohibition drives tools further underground.
Consolidate
It is common to discover that multiple teams are paying for separate accounts or subscriptions to the same AI vendor or the same type of tool. Consolidating these relationships reduces cost, improves negotiating leverage with vendors, and simplifies ongoing governance. An enterprise contract with a single AI vendor is almost always cheaper than five team-level subscriptions to the same vendor.
Deprovision
Credentials, subscriptions, and integrations for tools that are not actively being used should be deprovisioned. This includes API keys for abandoned proofs of concept, seat licenses for tools with near-zero utilization, and integrations for use cases that were discontinued. Stale credentials are a security risk; stale subscriptions are pure waste.
Remediate Data Risk
Any tool processing data categories that require specific handling under your data governance policies, regulatory requirements, or contractual obligations to customers — without appropriate terms in place with that vendor — requires immediate remediation. The remediation may be termination of the tool, renegotiation of vendor terms, or modification of the workflow to exclude the sensitive data categories. This is the highest-priority category and should not wait for the broader governance rollout.
Turning a One-Time Audit Into Ongoing Visibility
A single AI tool audit is valuable but inherently point-in-time. New tools will be adopted. New API keys will be provisioned. New individual subscriptions will appear on expense reports. The discipline built during the audit needs to become an ongoing operational capability.
This means establishing a lightweight intake process for new AI tool adoption — not a lengthy approval process that drives teams toward shadow procurement, but a structured registration that captures tool name, team, purpose, data types, and payment method. It means periodic re-runs of the technical discovery steps (secrets scanning, IaC review, code repository scanning) to catch new additions. And it means integrating AI tool inventory management into existing IT asset management or software governance processes rather than treating it as a separate function.
Platforms like Oberhahn provide the ongoing attribution and visibility layer that makes this sustainable — connecting the tool inventory to the cost data and surfacing anomalies that signal new unregistered tools or changes in the usage pattern of known ones. The audit gets you the baseline. The infrastructure gets you the ongoing visibility that makes the baseline worth having.