Managing the AI apps inventory
Track the AI applications your teams use, with owners, approvals, policies, and risk.
Overview
The AI apps inventory is where you track the AI applications your teams use, whether you add them yourself or promote them from shadow AI monitoring. Each app records who owns it, which vendor provides it, how it was found and where it sits in your approval process.
Each app also links to the models it runs on, the policies that apply to it and the data types it can access, plus a risk score you set. That gives you one record per app to work from.
Accessing the AI apps inventory
Open AI apps from the sidebar. You get a table of every app, with a search box, a status filter and a New AI app button. Click a row to edit an app, or use the actions on each row to edit it, open the detail page or delete it.
Adding an AI app
Select New AI app and complete the form. Only the name is required; the other fields can be filled in now or later.
- Name: The name of the application, for example "ChatGPT Enterprise". This must be unique within your organization.
- Description: What the app is used for.
- Vendor: The vendor that provides the app, selected from your vendor records.
- Owner: The person responsible for the app, selected from your users.
- Status: Where the app sits in your approval process: draft, under review, approved, restricted, or banned.
- Discovered source: How the app was found: manual, shadow AI, employee report, SSO, proxy, or firewall.
- Required training: Any training a user must complete before using the app.
App statuses
The status tracks where an app is in your governance process. You can change it from the form or from the detail page.
- Draft: The app has been added but not yet reviewed.
- Under review: The app is being assessed for approval.
- Approved: The app is cleared for use.
- Restricted: The app may be used only under specific conditions.
- Banned: The app must not be used.
The app detail page
Open an app's detail page from the Details action on its row. The page shows summary cards (status, vendor, owner, risk score, discovered source and required training) and four sections for governing the app.
Model dependencies
Link the app to the models it runs on, selected from your model inventory. Use the Linked models field to add or remove models, then select Save dependencies. The linked models appear in the table below with their provider, model, version and status.
Policy mapping
Mark which of your policies apply to the app. Each policy has an Applicable toggle; turn it on for the policies that govern this app and select Save mapping. When the app's name matches a known tool, suggested policies appear in a panel above the table as a starting point.
Risk assessment
Score the app's risk across a set of criteria using the sliders. The page shows both the current saved score and the score calculated from your slider positions. Select Save assessment to store it. The saved score appears on the summary card and in the list.
Data exposure
Record which data types the app can access, such as public data, internal data, confidential data or customer PII. Each new app starts with a default set of data types that you can adjust.
Promoting a shadow AI tool
When shadow AI monitoring finds a tool in use, you can promote it into the AI apps inventory so it becomes a governed app. The promoted app keeps a link back to the shadow AI tool it came from, and its discovered source is recorded as shadow AI.
Editing and deleting apps
Click any row, or use the Edit action, to reopen the form and change the app's details. Use the Delete action to remove an app; you are asked to confirm before the app is deleted.