--- id: "concept-shadow-agents" type: "concept" source_timestamps: ["00:11:45"] tags: ["security", "it-governance"] related: ["concept-unified-context-infrastructure", "concept-context-engineering", "framework-intent-gap-layers", "action-build-mcp-infrastructure", "entity-mcp"] definition: "Unsanctioned, fragmented AI agents and context pipelines built by individual teams, creating security, compliance, and governance risks." sources: ["s24-prompt-engineering-dead"] sourceVaultSlug: "s24-prompt-engineering-dead" originDay: 24 --- # Shadow Agents ## Definition **Shadow Agents** are the AI equivalent of *Shadow IT*: unsanctioned, team-built AI workflows and context stacks operating outside central governance. ## How They Emerge In a typical mid-sized enterprise: - One team pipes Slack data through a custom RAG pipeline. - Another team exports Google Docs into a vector store. - A third spins up an [[entity-mcp]] server pointed at Salesforce. - A fourth builds a Notion-scraping cron job. No two stacks share auth, audit, or eviction logic. ## Why It's Dangerous Unvetted agents are routinely given access to: - PII (personally identifiable information) - Financial data - Healthcare records - Customer contracts …without any sanctioned infrastructure for governance. This is a compliance time-bomb and a direct blocker to scaling AI safely. ## The Fix Layer 1 of the [[framework-intent-gap-layers]] — **[[concept-unified-context-infrastructure]]** — exists precisely to retire shadow agents. The recommended operational move is [[action-build-mcp-infrastructure]]: deploy a vendor-agnostic protocol (like [[entity-mcp]]) and force all org data access through it. ## Connection to Intent Shadow agents are the inevitable byproduct of stopping at [[concept-context-engineering]] without ascending to [[concept-intent-engineering]]. Without centralized intent, every team encodes its *own* implicit intent, multiplying mis-alignment. ## Related across days - [[concept-unified-context-infrastructure]] - [[action-build-mcp-infrastructure]] - [[concept-race-conditions-ai]] - [[arc-context-architecture-evolution]]