The Hidden AI Footprint: What Your Enterprise Software Adds to Your Risk Surface.
When leaders ask us how much AI is in their environment, the answer they expect is a list of standalone tools: ChatGPT, Copilot, Gemini, a specific ed-tech application, a marketing plug-in. The actual answer is usually two to three times larger than that list and lives inside software the organization already owns.
Embedded AI is the part of the footprint that is expanding fastest and being governed least. It arrives through feature updates to existing enterprise platforms, through acquisitions that pull AI capabilities into general-use software, and through vendor marketing that rebrands existing features as "AI-powered" without changing the underlying contract. For most organizations, it is the largest unmanaged source of AI exposure in the environment.
Where the hidden footprint lives
A useful mental model is to inventory the software the organization runs and ask, for each major platform, whether it currently includes AI features that process institutional data. The results are usually surprising.
Productivity suites
Microsoft 365 and Google Workspace include AI assistants that can read email, documents, calendars, and chat history to generate summaries, draft responses, and surface insights. Adobe Creative Cloud has integrated generative AI into image and video editing. Zoom, Teams, and Google Meet provide AI meeting summarization and action-item extraction. Each of these features has a data-handling profile and a licensing footprint that is distinct from the base product.
Student information systems, enterprise resource planning, and HR platforms
Major SIS vendors (PowerSchool, Infinite Campus), ERP platforms (Workday, Oracle, Colleague, Banner), and HR and recruiting systems (Cornerstone, Paradox, HireVue analogues, Paycom) have added AI features for predictive analytics, drafting, resume screening, chatbot interactions with constituents, and more. Some of these features are opt-in at the tenant level; others are on by default. Some process data within the tenant boundary; others send it to a third party or a separate AI service.
Customer service and CRM
Salesforce Einstein, HubSpot AI, Zendesk AI, and numerous help desk platforms now include AI drafting, summarization, and triage. The same category includes website chatbots, many of which are now powered by third-party AI providers rather than the CMS vendor.
Security tools
Many security platforms use AI for detection, triage, and response drafting. Email security, endpoint detection, SIEM, and identity products are increasingly AI-assisted. These tools often process highly sensitive operational data.
Sector-specific platforms
In education, classroom tools, formative assessment platforms, and content-generation add-ons increasingly embed generative AI. In healthcare, EHR assistants and clinical documentation tools do the same. In legal, contract review, discovery, and research platforms now include AI capabilities. In municipal operations, permitting, 311, and constituent communication platforms are adopting AI quickly.
Why the footprint is being missed
Three dynamics consistently keep the hidden footprint out of sight:
Procurement does not see it
Procurement intake processes were designed to flag new software purchases and major renewals, not in-flight feature updates to software already in use. When a vendor adds an AI feature via a quarterly update, no new contract is signed and no intake review is triggered. The organization inherits the feature.
Legal and privacy reviews happen once
Vendor contracts are reviewed at the initial procurement and often at renewal. If the AI feature arrives between those moments, the original contract terms usually do not address the new data-handling configuration. Some vendors update terms of service automatically; others issue separate AI addenda; some update neither.
IT rarely sees the full picture
Tenant-level AI settings are configurable in each platform. Unless IT has been asked to inventory AI settings across the software catalog, the defaults usually govern. Defaults are frequently permissive.
The common result is that an organization has an AI policy, an AI acceptable-use statement, and perhaps a staff training module, but has never conducted a systematic review of the AI features already active in its production environment.
A practical inventory approach
Building a complete inventory does not require a new tool or a consultant engagement, though it is faster with help. It requires a disciplined pass across the software catalog.
Step 1. Start from the software catalog, not the AI use list
Inventory every major platform, application, and service the organization uses. For each, list the vendor, the contract owner, the renewal date, the data classifications processed, and the approximate number of users.
Step 2. Ask a standard set of AI-specific questions per platform
For each platform, document whether the platform currently offers AI features, which features are active in the organization's tenant, what data those features process, whether the processing stays within the tenant or is sent to a third party, whether the data is used to train the vendor's models, and whether the features can be disabled centrally. Many of these answers come from the vendor's trust or privacy portal, but some require a direct vendor conversation.
Step 3. Classify
For each AI feature in active use, assign a risk tier based on the sensitivity of the data processed and the extent of human review before the feature's output is used externally. Three tiers are usually sufficient: low (internal drafting, low-sensitivity data), medium (summarization of sensitive internal data, decision support with human review), high (customer-facing output, employment decisions, automated decision-making on protected classes).
Step 4. Decide and document
For each feature in medium or high tier, make an explicit decision: keep, disable, or defer pending vendor clarification or contract addenda. Document the decision, the owner, and the revisit date. This is the artifact auditors, boards, and insurers increasingly want to see.
Step 5. Add the AI question to procurement and renewal intake
The inventory is only useful if it stays current. Procurement intake and renewal workflows should include standing AI questions so the organization catches new features before they arrive in production.
What this looks like operationally
For an organization with 30 to 50 enterprise platforms, an initial inventory typically takes three to four weeks and produces a register of 8 to 15 AI features in active use, of which 2 to 4 fall into the medium or high tier and warrant an explicit governance decision. The exercise almost always surfaces at least one feature the leadership team did not know was active.
The organizations that do this work well treat it as an operating routine, not a one-time project. Quarterly inventory refreshes, annual vendor reviews, and renewal-triggered reviews keep the footprint visible as the vendor ecosystem continues to expand AI capabilities.
The gap between policy and configuration
The organizations that will be caught out by AI regulation, insurance underwriting questions, or incident response events are rarely the ones that adopted standalone AI tools aggressively. Those organizations tend to know what they adopted. The organizations that will be caught out are the ones that had an AI policy on paper and a permissive default configuration across their software catalog in practice. The gap between the two is the hidden footprint.
How Firestorm helps
Firestorm's AI governance and readiness work includes a structured inventory of the organization's AI footprint, including embedded features in enterprise platforms. We work with the organization to classify active features, make governance decisions, and establish the procurement and renewal routines that keep the inventory current. For insurance partners operating programs for member organizations, the inventory is extended to the member portfolio through our assessment framework.
Have questions or need support with an AI footprint inventory? Start a conversation.