// Blog
The Compass: shadow AI is the new SaaS sprawl, tariff math hits procurement, and Gartner redraws the ITAM boundary
Published
Weekly Roundup · May 4, 2026 · 6 min read
One trend, a few category moves, three reads, one thing to do before the end of the week. That's the Compass, weekly.
This week: shadow AI subscriptions are creating a category of untracked spend that most IT teams can't see, the tariff situation has gone from "something to watch" to something affecting real purchase orders, and Gartner quietly expanded its definition of what counts as an IT asset. Let's get into it.
The trend: shadow AI is the new SaaS sprawl
Three weeks ago we covered SaaS sprawl as the cheapest audit a small team can run. The math was straightforward: roughly half of SaaS seats in a typical org are unused, and reclaiming them is free money. Since then, we've heard from enough teams to spot a pattern that deserves its own section: the fastest-growing category of untracked software spend isn't traditional SaaS anymore. It's AI tools.
ChatGPT Plus, Claude Pro, GitHub Copilot Business, Midjourney, Perplexity Pro, Notion AI, Grammarly Business, Adobe Firefly — the list of AI subscriptions that individuals or small teams can buy on a corporate card without going through procurement is long and getting longer. Most of these run $20–$30/seat/month. Individually, they're noise. Across a 100-person company where 40 people each signed up for two or three of them, you're looking at $30K–$40K/year in spend that doesn't show up in any asset register or SaaS management tool.
The spend isn't even the biggest problem. The data-flow risk is. Every AI subscription is a third-party service that employees are feeding company data into — code, documents, customer information, strategy decks. If you don't know which AI tools your people are using, you can't assess what data is leaving the building. And you can't write an acceptable-use policy for tools you don't know exist.
// What we're hearing from customers
The pattern is consistent: IT discovers shadow AI spend during a credit-card audit or an expense-report review, not through any proactive discovery mechanism. By the time it surfaces, the tools have been in use for months, habits have formed, and the conversation shifts from "should we allow this?" to "how do we govern what's already happening?" That's a harder conversation, but it's the real one.
The ITAM implication is direct. If your asset register tracks hardware and traditional software but not AI subscriptions, you have a blind spot that's growing faster than any other category of IT spend. The SaaS management tools (Zluri, Torii, Zylo, Productiv) are racing to add AI-specific discovery. In the meantime, the manual version of the audit — which we'll outline in this week's field test — is better than nothing, and "nothing" is what most teams are running today.
In the ITAM category this week
A few moves worth noting:
| Vendor | What moved | Why it matters |
|---|---|---|
| Zluri | Shipped AI app discovery as a core feature — auto-detecting AI tool usage across SSO, browser extensions, and expense data. | SaaS management tools are the first movers on shadow AI visibility. Zluri's approach — combining SSO logs with expense-report parsing — is pragmatic. The question is whether IT teams buy a separate tool for this or wait for their existing stack to catch up. |
| Torii | Positioning its automated SaaS management platform as the answer to "AI governance starts with visibility." Added AI-specific spend categorization and usage analytics. | The framing is right: you can't govern AI usage if you can't see it. Whether a SaaS management tool or an ITAM tool should own this is the category question of the year. Our bet: it's an asset management problem, because the answer involves people, devices, and software together. |
| ServiceNow | Knowledge 2026 announcements included expanded HAM Pro capabilities with AI-driven lifecycle predictions and deeper integration between SAM and HAM modules. | ServiceNow keeps widening the moat. The new lifecycle-prediction features are genuinely interesting — using historical fleet data to predict failure windows. The price point hasn't changed, though: this is still a 500+ seat conversation. |
| Josys | The Japanese IT management platform continues its push into the US market, combining device management, SaaS management, and cost optimization in a single platform. | Josys is worth watching for the same reason InvGate was two weeks ago: a well-funded challenger from outside the US that isn't carrying the legacy baggage of incumbents. The device + SaaS + cost bundle is the converged play that the market seems to be moving toward. |
| assetcompass | Added software-subscription tracking fields to the asset register — vendor, cost per seat, renewal date, and assigned users. Designed to catch the AI subscriptions and SaaS tools that don't show up in traditional discovery. | Our approach: you don't need a separate SaaS management platform if your team is under 200 people. You need a column in your asset register that makes AI and SaaS subscriptions visible alongside hardware. One system of record, not two. |
Three reads worth your time this week
Pieces that crossed our desk this week and earned a bookmark:
- NIST — AI Risk Management Framework (AI RMF 1.0). Originally published January 2023 and updated through 2025, the NIST AI RMF is the closest thing to a consensus framework for governing AI risk. It's voluntary, but the pattern is familiar: NIST frameworks start voluntary and end up in procurement requirements and audit checklists. The "Map" function — understanding AI systems in your environment — starts with knowing what AI tools are in use. That's an inventory problem before it's a governance problem.
- TechTarget — "How tariffs are changing IT procurement strategies." The tariff picture has shifted from "watch this space" to "this is affecting purchase orders." The practical summary: US tariffs on Chinese-manufactured electronics remain elevated, some exemptions have expired or narrowed, and OEMs have passed costs through with varying degrees of transparency. If you're planning H2 hardware purchases, the article's framework for evaluating buy-now-vs-wait is the most clear-eyed we've seen. We covered the DRAM pricing angle three weeks ago; this piece covers the trade-policy layer.
- Gartner — "Redefining ITAM: From Assets to Technology Investments." The paywalled version is behind the Gartner research portal, but the framing has been discussed in enough conference sessions to summarize: Gartner is pushing ITAM teams to think in terms of "technology investments" rather than "assets." The practical shift is that SaaS subscriptions, AI tools, and cloud consumption should sit alongside hardware in a single governance view. This aligns with what the FinOps + ITAM convergence we covered last week is pointing toward: one financial view of all technology spend, not separate silos for cloud, hardware, and software.
A thing to watch: tariff uncertainty meets refresh planning
We flagged hardware pricing pressure three weeks ago through the DRAM lens. The tariff layer adds a second variable to the same equation. Here's the current state as we understand it:
- US tariffs on Chinese-manufactured electronics remain elevated. The semiconductor-specific exemptions that applied to certain categories have narrowed. OEMs have responded with price increases that range from modest to significant depending on product line and manufacturing origin.
- Supply chain diversification is happening but slowly. Dell, Lenovo, and HP have all accelerated manufacturing in Vietnam, India, and Mexico, but the transition takes years to fully execute. In the meantime, the "China + 1" strategy means higher logistics costs even where tariffs are avoided.
- The procurement implication for small teams is straightforward: if you're planning a hardware refresh for H2 2026, the price you'll pay is less predictable than it was a year ago. Budgets approved in January may not cover the same volume by July. That's not a reason to panic-buy — it's a reason to have current fleet data so you can make an informed call about which devices actually need replacing vs. which can stretch.
// The planning question
The teams who'll navigate this best are the ones who can answer two questions fast: "Which devices in our fleet are candidates for life-extension?" and "What's our actual replacement cost at today's pricing?" If those answers take a week to assemble, you're planning with stale data in a market that's moving. If they take five minutes, you can adjust in real time.
Field test: the shadow AI audit
If the shadow AI trend above resonated, here's the quick-and-dirty version of the audit. Takes about an hour and surfaces spend you probably didn't know about.
- Pull 90 days of corporate card transactions. Search for: "OpenAI," "Anthropic," "GitHub Copilot," "Midjourney," "Notion," "Perplexity," "Grammarly," "Adobe," "Jasper," "Runway," "ElevenLabs." These are the most common AI subscriptions we see on expense reports. Your finance team can run this in most expense management tools in under ten minutes.
- Check your SSO logs. If you're running Okta, Google Workspace, or Entra, look for OAuth app authorizations in the last 90 days. AI tools that employees connected via "Sign in with Google" or "Sign in with Microsoft" will show up here. This catches tools that bypassed the corporate card entirely.
- Ask your team leads directly. Send a three-line message: "We're mapping AI tool usage across the company. No one's in trouble. What AI tools is your team using for work?" The amnesty framing matters. If people think this is a crackdown, they'll underreport. If they think it's inventory, they'll be surprisingly honest.
- Build the register. For each tool: name, vendor, cost per seat, number of seats, data sensitivity (what company data flows through it), and owner. This is your AI asset inventory. It belongs in the same system of record as your hardware and traditional software.
The goal isn't to ban everything. Most of these tools are genuinely useful, and the teams using them are more productive for it. The goal is visibility — know what's in use, what data is flowing where, and what you're spending. Governance follows from visibility, not the other way around.
Housekeeping
Last week's piece on FinOps crossing into ITAM generated the most discussion of any Compass edition so far. The thread that resonated most: the cost-per-seat view of the fleet. Several readers pointed out that their CFOs already think in unit economics for cloud spend but have never seen the same framing applied to hardware. That's the gap. If you haven't done it yet, pulling one number — total annual hardware spend divided by headcount — is a thirty-second exercise that changes the budget conversation.
Also worth noting: our Spreadsheet vs. ITAM Software guide continues to be the most-read piece on the blog this month. If you're still on the fence about whether your team has outgrown the spreadsheet, that's the honest assessment of where the line is. Spoiler: it's usually around 50–75 devices, not the 500 that enterprise vendors would have you believe.
The Compass goes out weekly. If this was useful and you want next week's in your inbox, the easiest way to subscribe right now is to start a free trial — we'll add you automatically. No pitch deck, no sales call.
30-day trial · No credit card · Limited founding spots