AI Tools, Registry & Policy
Once Shadow AI is discovering usage, you govern it: classify each tool by policy (sanction status) and risk, recognize tools that aren't in the public catalog, and add your own internal AI tools. This page covers the registry, sanctioning, internal tools, and nominations.
The AI-tool registry
The registry is a global, AgenticAnts-maintained catalog of internet-facing AI tools (ChatGPT, Claude, Gemini, GitHub Copilot, Cursor, and many more). For each tool it carries the metadata and detection rules your agents and extensions use to recognize it and count usage correctly.
- It's shared across all organizations — one source of truth, kept current by AgenticAnts.
- Clients fetch it automatically and stay up to date within the hour.
- Browse it under Shadow AI → Settings → Registry, with search and category filters.
The registry tells clients how to detect a tool. Whether a tool is allowed in your organization is a separate, org-owned decision — that's the sanction status below.
Sanction status (policy)
Every discovered tool carries a sanction status that you set:
| Status | Meaning |
|---|---|
| Sanctioned | Approved for use in your organization. |
| Tolerated | Permitted, but monitored — you're aware of it but haven't formally approved it. |
| Unsanctioned | Not reviewed, or explicitly forbidden — surfaced as risk. |
Alongside sanction status, each tool has a risk level (low / medium / high / critical) you can adjust.
Sanction a tool
Open the tool
Go to Shadow AI → AI Apps, find the tool, and click its row to open the detail panel. (You can also review policy across all tools under Settings → Policy.)
Set status and risk
Choose Sanctioned, Tolerated, or Unsanctioned, adjust the risk level if needed, and add an optional note explaining the decision.
Save
The classification is saved immediately and reflected everywhere the tool appears (Overview risk posture, Apps, Users, Adoption).
Setting sanction status and risk requires the AI Steward (or Organization Owner) role.
Internal AI tools
Some AI tools won't be in the public registry — a private LLM gateway, an internal chatbot, or a homegrown coding assistant on a company domain. Add these as Internal AI Tools so they're detected and governed like any other.
Under Shadow AI → Settings → Policy → Internal AI Tools:
Add a tool
Click Add internal tool and give it a name and category (Chatbot, Code, Search, CLI, …).
Define how it's detected
Provide the detection signal:
- Web tools: the primary domain (and any additional domains).
- Desktop / CLI tools: the bundle IDs or executable names.
Save
The tool is scoped to your organization only and pushed to your clients on their next registry refresh. It then appears in your inventory and can be sanctioned like any other tool.
Nominating a tool for the registry
If a public (internet-facing) AI tool is missing from the registry, nominate it — AgenticAnts reviews nominations and, once approved, adds the tool to the shared registry for everyone.
Request the provider
On Settings → Registry, search to confirm the tool isn't already listed, then click Request provider and fill in what you know (name, vendor, domain, category).
Track the status
Your nominations appear in My Nominations with their state — Pending, In review, Approved, or Rejected (with a reason). You can cancel a pending nomination.
Once approved
The tool is added to the global registry and propagates to all clients automatically — no redeploy needed.
Use internal AI tools for anything private to your organization (custom domains, internal apps). Use nominations for public tools that should be in the shared catalog for everyone.
Next steps
- Understanding the Dashboard — where sanction status and risk show up.
- Directory Integration — attribute usage to departments and managers.
- Data & Privacy — what detection does and doesn't capture.