Shadow AI

Most organizations lack the monitoring capabilities and governance policies needed to mitigate risks posed by shadow AI according to a new report.

The survey, of 600 IT leaders across North America, EMEA, and APJ, from Cato Networks finds that while 61 percent of respondents found unauthorized AI tools in their environments, only 26 percent have solutions in place to monitor AI usage. Nearly half (49 percent) of the respondents either don’t track AI usage at all or address AI on a reactive basis.

Workers are increasingly using shadow AI to draft emails, analyze data, or summarize meetings, but are pretending they haven’t.

New data from marketing agency OutreachX finds 52 percent of US workers are worried about how AI will be used in their workplace in the future and that 48 percent of desk workers say they would be uncomfortable telling a manager they used AI for common tasks.

A new report reveals that nearly 80 percent of IT leaders say their organization has experienced negative outcomes from employee use of generative AI, including false or inaccurate results from queries (46 percent) and leaking of sensitive data into AI (44 percent).

Notably the survey of 200 US IT directors and executives from Komprise shows that 13 percent say that these poor outcomes have also resulted in financial, customer or reputational damage.

As with other forms of 'off the books' shadow tech, used by employees without company approval, shadow AI is a double-edged sword.

Cyberhaven Labs recently reported a sharp 485 percent increase in corporate data flowing to AI systems, with much of it going to risky shadow AI apps.

The AI era is here -- and businesses are starting to capitalize. Britain’s AI market alone is already worth over £21 billion and expected to add £1 trillion of value to the UK economy by 2035. However, the threat of “shadow AI” -- unauthorized AI initiatives within a company -- looms large.

Its predecessor -- “shadow IT” -- has been well understood (albeit not always well managed) for a while now. Employees using personal devices and tools like Dropbox, without the supervision of IT teams, can increase an organization’s attack surface -- without execs or the C-suite ever knowing. Examples of shadow AI include customer service teams deploying chatbots without informing the IT department, unauthorized data analysis, and unsanctioned workflow automation tools (for tasks like document processing or email filtering).