Menu
  • AI Governance Overview
  • 358 pages and 90 vendors
  • 90 controls and 25 case studies
  • Mappings to EU AI Act and NIST AI RMF
Download Book
Vertical Line
  • Agentic AI Governance
  • 19 case studies
  • 11 Agentic AI platforms
  • Companion to AI Governance Comprehensive
Download Book
Marquee Hyperlink Example
YDC_AIGOV Shadow AI Governance Agents to highlight risks associated with AI embedded within vendor applications
Click here for detailed information

YDC_AIGOV Shadow AI Governance Agents:

Automating the process of governing applications with embedded AI including EU AI Act Risk Assessment and integration with ServiceNow and Collibra AI Governance. Potential to reduce the cost of Commercial-off-the-Shelf (COTS) applications by three to five percent. YDC_AIGOV agents reduced the research effort from 45 minutes to 45 seconds per application.

Sunil Soares, Founder & CEO, YDC
Khushboo Shah, Lead AI Governance Researcher
January 23, 2025

YDC_AIGOV Available as Private Preview on Hugging Face
Today we are announcing YDC_AIGOV Shadow AI Governance agents to automate the process of governing applications with embedded AI. YDC_AIGOV is now available for Private Preview on Hugging Face. You can view a demo video here.

The YDC team will continue to improve the accuracy of the agents (see metrics below) and to add features such as Risk Classification for multiple apps in batch mode. For these reasons, our Private Preview will require somebody from YDC to work with the agents. If you would like to engage on this, please DM  Sunil Soares on LinkedIn or send an email to info@yourdataconnect.com.

Shadow AI Governance
We define Shadow AI as applications where vendors have added artificial intelligence capabilities into their application suite without the full understanding of the company as to the overall impact on AI risk. In a previous blog, we discussed a recent YDC study at a mid-size company. To summarize, the company’s ServiceNow team pulled a list of 800 commercial-off-the-shelf (COTS) applications from CMDB. The excel sheet included details such as Application Name, Vendor Name, Application Description, and Owner. The YDC team used the YDC_AIGOV agents to discover 256 apps (32 percent) with embedded AI.

Return on Investment

Based on YDC research, Shadow AI Governance has the potential to reduce the cost of COTS applications by three to five percent. These savings accrue from improved negotiating posture with application vendors and exclude any reductions in AI risk. In addition, the YDC_AIGOV agents reduced the effort to research individual applications from 45 minutes (when done manually) to 45 seconds.

YDC_AIGOV Agent Hierarchy
YDC_AIGOV includes an agent hierarchy to accomplish specialized tasks.

Single App
The Hugging Face UI has a number of windows: Single App, Multi-App, ServiceNow Integration, Collibra Integration, and Single App Risk Classifier. The Single App interface accepts the application name as input and returns results such as the Application Name, Privacy Policy URL, Embedded AI Description, etc. in JSON format. This JSON file is directly addressable via the Hugging Face API from applications like Collibra and ServiceNow as we will see later.

Multi-App
The Multi-App interface allows for batch processing of applications in CSV format.

ServiceNow Integration
The YDC_AIGOV-ServiceNow integration with Hugging Face enables the agents to auto-create AI use cases in ServiceNow for any applications that have embedded AI.

The agents also auto-create AI risk assessments in ServiceNow for any applications where data is not excluded from AI training (this condition may need to be modified).

Collibra Integration

The YDC_AIGOV-Collibra integration with Hugging Face enables the agents to auto-create AI use cases in Collibra for any applications that meet the condition where Embedded AI = “Yes.”

The integration also auto-creates a shell for an AI Risk Assessment in Collibra if the vendor does not exclude data from AI training. In a previous blog, we discussed the use of differentiated Collibra workflows to drive downstream actions with groups like Third-Party Risk Management (TPRM).

Single App Risk Classifier

The Single App Risk Classifier assigns a risk classification to the application based on the EU AI Act. For example, Actimize Xceed would be classified as “Other” under Article 6 of the EU AI Act because it falls within the fraud detection exception.

Accuracy Metrics and Future Enhancements
The YDC team has more work to do to improve the accuracy of the agents and to add features such as the Risk Classification for multiple apps in batch mode. The accuracy of YDC_AIGOV for new apps not in our database is 70.48% overall, 83.13% for tracking Embedded AI and 89.16% for Privacy Policy URLs. Obviously, these figures are close to 100% if the app is already in our database.

Next Steps

For the above mentioned reasons, our Private Preview will require somebody from YDC to work with the agents. If you would like to engage on this, please DM  Sunil Soares on LinkedIn or send an email to info@yourdataconnect.com.

Recent Posts

12347 Arabella Dr, Port St.

Lucie, FL 34987, USA

X-twitter Linkedin
Copyright 2025 YDC™ is a registered trademark of YourDataConnect, LLC. All Rights Reserved.

Fairness & Accessibility

Component

Component ID: 5.0

Mitigate bias and manage AI accessibility.

List of Controls:

  • Bias
  • Accessibility
Mitigate Bias
Control
View Details
ID: 5.1

Ensure that AI systems are fair and manage harmful bias.
Component
Sub-Control
Regulation
  
Source
Address Fairness and Accessibility EU AI Act -Article 10(2)(f)(g) – Data and Data Governance (“Examination of Possible Biases”)

Vendors

Detect Data Poisoning Attacks
Control

View Details

ID: 10.4.1

Data poisoning involves the deliberate and malicious contamination of data to compromise the performance of AI and machine learning systems.

Component
Control
Regulation
Source
10. Improve Security10.4 Avoid Data and Model Poisoning AttacksEU AI Act: Article 15 – Accuracy, Robustness and Cybersecurity 

Vendors

Improve Security
Component

Component ID: 10

Address emerging attack vectors impacting availability, integrity, abuse, and privacy.  

List of Controls:

  • Prevent Direct Prompt Injection Including Jailbreak
  • Avoid Indirect Prompt Injection
  • Avoid Availability Poisoning
    • Manage Increased Computation Attack
    • Detect Denial of Service (DoS) Attacks
    • Prevent Energy-Latency Attacks
  • Avoid Data and Model Poisoning Attacks
    • Detect Data Poisoning Attacks
    • Avoid Targeted Poisoning Attacks
    • Avoid Backdoor Poisoning Attacks
    • Prevent Model Poisoning Attacks
  • Support Data and Model Privacy
    • Prevent Data Reconstruction Attacks
    • Prevent Membership Inference Attacks
    • Avoid Data Extraction Attacks
    • Avoid Model Extraction Attacks
    • Prevent Property Inference Attacks
    • Prevent Prompt Extraction Attacks
  • Manage Abuse Violations
    • Detect White-Box Evasion Attacks
    • Detect Black-Box Evasion Attacks
    • Mitigate Transferability of Attacks
  • Misuse of AI Agents
    • Prevent AI-Powered Spear-Phishing at Scale
    • Prevent AI-Assisted Software Vulnerability Discovery
    • Prevent Malicious Code Generation
    • Identify Harmful Content Generation at Scale
    • Detect Non-Consensual Content
    • Detect Fraudulent Services
    • Prevent Delegation of Decision-Making Authority to Malicious Actors

Identify Executive Sponsor

View Details

ID : 1.1 

Appoint an executive who will be accountable for the overall success of the program.

ComponentRegulationVendors
1. Establish Accountability for AIEU AI Act 
We use cookies to ensure we give you the best experience on our website. If you continue to use this site, we will assume you consent to our privacy policy.
OK