DEF CON 34 — "The Software Request Trap: How AI Tools, OAuth Connectors, and Shadow Apps Are Eating Your Security Posture"
Your software approval process has a hole in it the size of your entire AI strategy. This toolkit helps you find it, measure it, and close it.
Excel workbook mapping 80+ OAuth scopes across Microsoft Graph, Google Workspace, Slack, GitHub, Salesforce, Zoom, Atlassian, and 12 AI/automation platforms to risk tiers, attack scenarios, and MITRE ATT&CK techniques.
27 detection queries across 9 categories, validated against production data on two SIEM platforms — MDE Advanced Hunting (KQL) and Rapid7 InsightIDR (LEQL).
33 evaluation questions for assessing AI tool requests, with category risk profiles and a quick-decision triage matrix.
Know your shadow AI number in one hour:
- Open
shadow-ai-query-pack/queries/mde-kql/01-web-traffic-ai-domains.kql - Paste into Defender → Advanced Hunting
- Run it. Count the unique users. That's your number.
We ran this toolkit against a production environment (~1K endpoints):
| Finding | Number |
|---|---|
| Users on unapproved AI services | ~700 |
| Unapproved AI platforms detected | 13 |
| Users running local LLMs in Docker | ~50 |
| OpenClaw agent installations | ~10 (across 2 SIEM platforms) |
| OAuth consent grants (30 days) | ~90 (6 high-risk) |
| Power Platform events missed by cloud EDR | ~500 |
| Remote workers invisible to on-prem proxy | 100% |
Neither SIEM platform caught everything. Each had blind spots the other covered.
| Detection Layer | Remote Users | AI Web Traffic | AI Processes | OAuth | Local LLMs | Power Platform |
|---|---|---|---|---|---|---|
| Cloud EDR (KQL) | ✅ | ✅ | ✅ | ✅ | ✅ | ❌ |
| SIEM Endpoint Agent (LEQL) | ✅ | ❌ | ✅ | ❌ | ✅ | ❌ |
| SIEM Web Proxy (LEQL) | ❌ | ✅ (on-site) | ❌ | ❌ | ❌ | ❌ |
| SIEM Cloud Audit (LEQL) | ✅ | ❌ | ❌ | ✅ | ❌ | ✅ |
- MDE queries: Defender for Endpoint with Advanced Hunting
- IDR queries: Rapid7 InsightIDR with Log Search
- Excel tools: Microsoft Excel or LibreOffice Calc
- No code to install. No dependencies. No API keys.
See field-mapping-guide.md. Detection logic is platform-agnostic — only field names and syntax change. The guide includes reference field names for Splunk, Elastic, and CrowdStrike, but these are unvalidated — confirm in your environment before deploying. Contributions of validated queries for additional platforms are welcome.
MIT License. Use it, modify it, share it.
Released for defensive security research. All findings from anonymized production data. No employer names, client data, or identifying details included.