CyberCyte Shadow-IT is a discovery and control module within the CyberCyte platform, designed to identify and manage unauthorized or unmanaged assets across endpoints, identities, and network activity. The module monitors a broad set of artifacts including Windows, Linux, and macOS applications, Windows processes, scripts, and DLLs, browser add-ons, local user accounts, Active Directory and Azure user accounts, network devices, and process-level DNS/IP requests. Rather than relying solely on traditional software inventory, the module detects Shadow IT through indicators such as unsigned DLLs, unapproved browser extensions, rogue local accounts, anomalous scripts, and unexplained outbound network traffic. These signals are normalized into a unified asset-and-exposure model. Each discovery is risk-scored using AI-driven prioritization to surface the most significant deviations from policy first, reducing alert fatigue. Approved items — including applications, packages, scripts, DLLs, and browser add-ons — can be allowlisted to reduce noise and maintain a continuously enforced known-good baseline. The module also maps Shadow IT findings to attack path expansion risks, with a use case example demonstrating detection of steps associated with a targeted intrusion (e.g., DLL injection, script execution, typosquatted domain traffic, and vulnerable compression software), translating each finding into a corresponding control action.