CISOs no closer to containing shadow AI’s skyrocketing data risks

Posted on by

“Employees use generative AI tools without IT oversight, often pasting sensitive data into personal accounts or relying on unvetted code suggestions,” said James McQuiggan, security awareness advocate at KnowBe4. “These actions can increase the risk of data leakage, compliance violations, and weakened software integrity, all without the user realizing the impact.”

David Brauchler, technical director at global cybersecurity company NCC Group, told CSO that shadow AI has become an inevitability that security leaders must address.

“Employees find AI useful, and without a sanctioned, approved way to leverage its capabilities, organizations may quickly find sensitive data in the hands of third parties,” Brauchler warned. “This data can find its way into training datasets or can even be directly exposed to attackers through bugs and breaches, as has occurred more than once.”