* [Blog](https://www.paloaltonetworks.com/blog)
* [Cloud Security](https://www.paloaltonetworks.com/blog/cloud-security/)
* [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/)
* Dissecting Shadow AI to I...

# Dissecting Shadow AI to Illuminate Hidden Footprints in Your Workloads

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshadow-ai-workloads%2F)  
[](https://twitter.com/share?text=Dissecting+Shadow+AI+to+Illuminate+Hidden+Footprints+in+Your+Workloads&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshadow-ai-workloads%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com%2Fblog%2Fcloud-security%2Fshadow-ai-workloads%2F&title=Dissecting+Shadow+AI+to+Illuminate+Hidden+Footprints+in+Your+Workloads&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com/blog/cloud-security/shadow-ai-workloads/&ts=markdown)  
\[\](mailto:?subject=Dissecting Shadow AI to Illuminate Hidden Footprints in Your Workloads)  
Link copied  
By [Sharon Farber](https://www.paloaltonetworks.com/blog/author/sharon-farber/?ts=markdown "Posts by Sharon Farber") and [Roni Yaari](https://www.paloaltonetworks.com/blog/author/roni-yaari/?ts=markdown "Posts by Roni Yaari")  
Apr 30, 2026  
6 minutes  
[AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown)  
[AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown)  
[CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown)  
[Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)  
[Data Security](https://www.paloaltonetworks.com/blog/cloud-security/category/data-security/?ts=markdown)  
[DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown)

AI is no longer confined to data science teams or controlled development environments. It's quietly spreading across infrastructure --- embedded in applications, packaged into containers, and deployed across compute workloads.
![The lifecycle diagram showing AI packages flowing from code to runtime](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/04/word-image-357632-1.png)
Figure 1: The lifecycle diagram showing AI packages flowing from code to runtime

The problem? Most organizations don't know where their AI lives.

## **The Rise of Shadow AI in Compute**

Security teams have long focused on code repositories and sanctioned AI projects. But today, AI is increasingly introduced through software packages and dependencies --- often without centralized visibility or governance.

A developer adds a Python library, a container image pulls in a model runtime, a workload includes an AI framework for a one-time use case --- AI is suddenly running in production without being tracked, secured or governed.

This is shadow AI in its most operational form, the workload layer, introduced through packages, dependencies and deployed components outside centralized visibility and governance.

The lack of visibility goes beyond governance. It opens a security gap. In over 90% of breaches, [preventable gaps materially enable the intrusion](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) via limited visibility, inconsistently applied controls or excessive identity trust.

When AI software packages are introduced through libraries, containers, or dependencies, they often bypass traditional security tracking. They don't show up in AI inventories, they aren't governed by policy, and they may never be reviewed for risk.

## **Why AI Software Packages Matter**

Software packages are the building blocks of modern AI applications, and identifying them is critical to ensure cross-infrastructure security since they:

* **Reveal hidden AI usage** AI frameworks and libraries are often the first signal that an application is leveraging AI.
* **Introduce component-based risk** Vulnerable or outdated packages can expose both the AI system and the broader environment, a risk often hidden in dependencies. As highlighted in the [Unit 42 Global Incident Response Report](https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/unit42/Unit42-Global-Incident-Response-Report.pdf?ts=markdown), "Over 60% of vulnerabilities in cloud-native applications reside in transitive libraries." In other words, the biggest risks often aren't in the code you write but in the components you inherit.
* **Form the AI bill of materials (AI-BOM)** Understanding which packages power your AI systems is essential for governance, compliance, and supply chain security.

## **What's New with Cortex Cloud AI-SPM: AI Software Packages on Workloads**

With the upcoming April release, [Cortex Cloud AI-SPM](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) expands visibility into AI software packages and dependencies from code repositories to deployed workloads. Software Composition Analysis (SCA) identifies AI packages and dependencies in code repositories. Cloud Workload Protection (CWP) adds workload-level package visibility, revealing AI components present on deployed workloads. Together, these capabilities create a more unified AI inventory from development through runtime and extend AI-SPM with more direct insight into what AI software is present in the environment.

### Where AI Is Now Visible

Security teams can now identify AI presence across a wide range of compute assets:

* VM instances with AI packages
* Running VM instances actively using AI
* VM instances with vulnerable AI packages
* Container instances with AI packages
* Container instances with vulnerable AI packages
* Images and Docker images with AI packages
* Base images containing AI components
* Base images with vulnerable AI packages

![AI package discovery across VM, containers, and images](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/04/word-image-357632-2.png)
Figure 2: AI package discovery across VM, containers, and images

## **From Infrastructure Signal Detection to AI Context**

What makes AI Software Packages on Workloads powerful is context. Instead of asking, *What software is running on this workload?* , security teams can now ask, *Where is AI being used, what powers it, and what risk does it introduce?*

Cortex Cloud shifts AI security from guesswork to explicit visibility.

## **Real-World Scenario: Hidden Risk in a Container**

A platform team deploys a container image for data processing. Unknown to security:

* The image includes an open-source AI library
* The library has a known vulnerability
* The container has access to sensitive data

Without visibility into AI packages on workloads, the team simply sees another container. With Cortex Cloud AI-SPM, it becomes a high-risk AI workload with vulnerable components and access to sensitive data.

That's the difference between infrastructure monitoring and AI-aware security.

## **Mapping Shadow AI Across the Lifecycle**

AI doesn't appear in just one place. It spans the application lifecycle.

|------------|------------------------------|--------------------------------|
| **Stage**  | **Shadow AI Signal**         | **Risk**                       |
| Code       | AI libraries in repositories | Unreviewed AI usage            |
| Build      | AI packages in images        | Vulnerable dependencies        |
| Deploy     | AI packages on workloads     | Unauthorized AI execution      |
| Runtime    | Active AI workloads          | Data exposure, data misuse     |
| Operations | AI interaction with data     | Compliance and governance gaps |

The lifecycle view shows how shadow AI can surface from code to operations. In practice, teams need to narrow that broad picture to the workloads that contain AI packages so they can investigate risk and act.
![Filtered view of compute assets to show AI packages on workloads](https://www.paloaltonetworks.com/blog/wp-content/uploads/2026/04/word-image-357632-3.png)
Figure 3: Filtered view of compute assets to show AI packages on workloads

## **Why It Matters -- Now**

The rise of AI agents and automated workflows is accelerating the problem. [Recent industry research from SACR](https://softwareanalyst.substack.com/p/the-convergence-of-ai-and-data-security) highlights that AI is no longer just an application layer but is also an autonomous execution layer capable of accessing data, calling APIs, and executing workflows. That means:

* AI systems can act on data.
* AI agents can access resources.
* AI workflows can execute autonomously.

All of this is powered by software components that often go untracked.

## **Who Needs to Know?**

* \*\*Security teams:\*\*Gain visibility into AI software packages and the workloads running them.
* \*\*Cloud and platform teams:\*\*Understand where AI is embedded in infrastructure.
* \*\*AI and data leaders:\*\*Ensure governance across the AI supply chain.
* \*\*Palo Alto Networks customers:\*\*Achieve parity and go beyond traditional workload visibility by explicitly mapping AI usage.

## **From Shadow AI to Full Control**

AI is no longer something you deploy. It's something that emerges.

By illuminating AI software packages across workloads, Cortex Cloud AI-SPM turns hidden AI usage into actionable insight:

* Discover AI wherever it runs.
* Understand the risks AI introduces.
* Govern AI across the full lifecycle.

In the age of AI, visibility starts with the smallest building block.

## Learn More

Stop Shadow AI from haunting your workloads. Book a [Cortex Cloud demo](https://www.paloaltonetworks.com/cortex/cloud/demo?ts=markdown) to see how you can gain full visibility into hidden AI packages and secure your environment from code to runtime.

*** ** * ** ***

## Related Blogs

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown), [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown), [Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown)

[#### Is AI a New Challenge for Cloud Security? Yes and No.](https://www.paloaltonetworks.com/blog/cloud-security/ai-security-gap-cloud-models-agents/)

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [AI-SPM](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-spm/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### Explore the OWASP Top 10 for LLMs: A New Interactive Guide](https://www.paloaltonetworks.com/blog/cloud-security/owasp-top-10-llms-ai-security-guide/)

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [Cloud Workload Protection](https://www.paloaltonetworks.com/blog/cloud-security/category/cloud-workload-protection/?ts=markdown)

[#### Understanding API Risk in the Age of AI](https://www.paloaltonetworks.com/blog/cloud-security/api-security-ai-risk/)

### [AI Security](https://www.paloaltonetworks.com/blog/cloud-security/category/ai-security/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown)

[#### OWASP Top 10 for Agentic Applications 2026 Is Here -- Why It Matters and How to Prepare](https://www.paloaltonetworks.com/blog/cloud-security/owasp-agentic-ai-security/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam-2/?ts=markdown), [Identity Security](https://www.paloaltonetworks.com/blog/cloud-security/category/identity-security/?ts=markdown), [KSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/kspm/?ts=markdown)

[#### Turning Kubernetes Last Access to Kubernetes Least Access Using KIEMPossible](https://www.paloaltonetworks.com/blog/cloud-security/kubernetes-identity-security-kiempossible/)

### [CIEM](https://www.paloaltonetworks.com/blog/cloud-security/category/ciem-2/?ts=markdown), [Cloud Security](https://www.paloaltonetworks.com/blog/category/cloud-security/?ts=markdown), [DSPM](https://www.paloaltonetworks.com/blog/cloud-security/category/dspm/?ts=markdown), [IAM](https://www.paloaltonetworks.com/blog/cloud-security/category/iam-2/?ts=markdown)

[#### All Paths Lead to Your Cloud: A Mapping of Initial Access Vectors to Your AWS Environment](https://www.paloaltonetworks.com/blog/cloud-security/aws-initial-access-cloud-perimeter-security/)

### Subscribe to Cloud Security Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language