Documentation Index
Fetch the complete documentation index at: https://docs.runlayer.com/llms.txt
Use this file to discover all available pages before exploring further.
The Shadow AI Problem
When employees configure MCP servers or install AI skills directly in their coding tools (Cursor, Claude Code, Claude Desktop / Cowork, VS Code, Codex, Windsurf, Goose, Zed, OpenCode, Cline, Cline CLI, Gemini CLI, Antigravity, GitHub Copilot CLI, etc.), these integrations operate outside centralized observability and control. This creates a shadow IT problem for AI tooling that security teams must address. The Shadow page in the sidebar gives you a dashboard view of all shadow discovery metrics — scanned devices, managed vs. shadow server breakdowns, a Shadow vs Managed comparison chart, a Shadow Server Discoveries timeline, skill discovery timelines by risk level, and top repositories with shadow skills. A Connectors section shows the most common shadow servers, users with shadow servers, top servers to migrate, and which MCP clients are in use. Use it alongside Detect and Enforce for full visibility. Runlayer provides two complementary approaches to address shadow AI:Detect
Discover and inventory shadow MCP servers and skills via scheduled scans
Enforce
Intercept MCP tool calls in real-time to enforce security policies
Security Risks
Shadow MCP Servers
Shadow MCP servers pose significant security risks:- Data exfiltration — Risky MCP servers can steal source code, credentials, API keys, and customer data
- Supply chain attacks — Compromised or trojanized MCP packages can inject risky behavior into otherwise legitimate tools
- Prompt injection — Shadow MCPs may contain tool poisoning attacks that manipulate AI behavior
- Lateral movement — MCPs with broad permissions can be exploited to access internal systems
- Compliance violations — Uncontrolled access to PII, PHI, or regulated data without audit trails
Shadow Skills
Skills are instruction files that extend AI coding assistants with specialized knowledge, workflows, and tool integrations — such as SKILL.md files. When these are installed outside organizational control, they become shadow skills. Shadow skills introduce distinct risks:- Prompt injection — Skill instructions can manipulate AI behavior, override safety guidelines, or inject malicious prompts
- Unauthorized automation — Skills can define workflows that automate actions beyond what an organization has approved
- Supply chain risk — Unvetted community skills may contain instructions that exfiltrate data or introduce vulnerabilities
Why This Matters for Security Teams
Unlike traditional shadow IT, shadow AI is particularly dangerous because:- AI amplifies access — A single MCP or skill can give AI assistants broad access to databases, APIs, and file systems
- Actions are automated — MCPs enable AI to take actions autonomously, not just read data
- No audit trail — Shadow MCPs and skills operate outside your logging and monitoring infrastructure
- Difficult to detect — MCP configurations and skill files are stored in user-space config files, not installed as traditional software
Choosing an Approach
| Feature | Detect | Enforce |
|---|---|---|
| Purpose | Discovery and inventory | Real-time control |
| When it runs | Scheduled scans via MDM | Continuous interception |
| What it does | Finds shadow servers and skills, classifies them | Blocks/allows MCP tool calls |
| Scope | MCP servers and skills | MCP server tool calls only |
| Best for | Visibility, compliance audits | Active security enforcement |
- Deploy Detect to discover existing shadow servers and skills
- Deploy Enforce to control what shadow MCP servers can do
Related Resources
Re-analyzing Classifications
Refresh server and skill classifications after changes
Responding to Discoveries
Security team response framework
Troubleshooting
Common issues and solutions