How to Detect AI Features Quietly Enabled Inside the SaaS Applications You Already Use

Among the categories of AI risk that have emerged most rapidly, the embedded AI feature stands out as both the most consequential and the most overlooked. The pattern is consistent across vendors: a SaaS application that has been part of the customer environment for years adds a generative-AI capability — meeting transcription, document summarization, code assistance, contact enrichment — and enables it by default. The data being processed by that capability is, in many cases, customer data the vendor previously had no permitted use for.

Detecting these features systematically requires a process that does not depend on the vendor's announcement, since announcements vary widely in prominence and frequency.

Step 1: build the in-scope vendor list

Begin with the inventory of SaaS vendors with whom your organization has a data-processing relationship. Procurement records will undercount this population materially, but they are a reasonable starting point. Add the OAuth-connected applications from your workspace administrator console and the SaaS systems federated to your identity provider. The combined list represents the universe of vendors capable of enabling AI features against your data.

Step 2: review each vendor's most recent product changelog

For each vendor on the list, review the public product changelog and release notes for the past 18 months. Mark any release that introduces a feature with one of the following descriptive terms: copilot, assistant, summarization, generative, draft, recommend, enrich, classification, or any reference to a foundation-model provider. This is a tedious step, but the output is a tractable list of suspected AI features per vendor.

Step 3: audit each suspected feature in the admin console

For each suspected AI feature, log into the vendor's administrative console and determine the feature's current enablement state in your tenant. Many vendors expose tenant-wide toggles in security or workspace settings; others expose per-user controls only. Document the default behavior, the current state, and any conditional configuration. Some vendors have moved features from opt-in to opt-out between releases, and the current state can differ from the original consent.

Step 4: read the current data-processing terms

The data-processing addendum, privacy policy, and AI-specific terms have been the most-revised contractual documents in commercial SaaS over the past 24 months. For each enabled feature, locate the relevant current terms and verify what the vendor is permitted to do with the data — including training of foundation models on customer prompts, retention of prompts and responses, and the introduction of sub-processors. A companion essay on SaaS-side AI training describes the patterns most often encountered in this review.

Step 5: evaluate against your data-handling policy

For each enabled feature, assess whether the data being processed and the vendor's permitted uses are consistent with your internal data-handling policy and with applicable external obligations. Authoritative frameworks include the NIST AI Risk Management Framework, the EU AI Act for high-risk use cases, and the NIST Privacy Framework for personal-data implications. Features that are inconsistent with policy require a remediation decision: disable, restrict to a subset of the workforce, or contract for explicit exemption.

Step 6: monitor prospectively

The detection effort is necessary but does not address future activations. Vendors continue to add AI features; some will be enabled by default. Establish a quarterly review cadence and a watch list of vendors whose AI strategy makes new features imminent. Where the vendor relationship is significant, consider contractual notification provisions for material AI changes.

Sustaining the process at scale

The manual process is feasible for fewer than 30 vendors and increasingly unworkable above that threshold. Waldo Security's SaaS Discovery continuously catalogs the SaaS surface, surfaces feature-level AI activity inside connected applications, and flags vendor terms changes that affect AI processing. A 24-hour audit walkthrough illustrates the continuous approach in operational detail.

For a focused review of AI-feature activity in your environment, a demonstration can be arranged.