Shadow AI: Is it Already on Your Network? 👀
Hi everyone,
Â
Something came across my radar this week that I thought was worth bringing here, because honestly it's the kind of thing that'll either make you nod along or give you a mild headache. Possibly both.
Â
A new survey from BlackFog of over 2,000 workers at large companies found that nearly half of employees are using AI tools their employer hasn't approved. And it's not just people on the shop floor doing it either. 69% of C-suite leaders and presidents said they're fine with it, basically prioritising speed over security concerns.
Â
That in itself is a lot. But the bit that really stood out to me was what people are actually putting into these tools. A third admitted to sharing internal research or datasets. 27%* have entered employee data like salaries or performance info. 23%* have fed in company financial information. Often into free tools, where that data is highly likely being used to train the model.
Â
A separate Lenovo study published recently, surveying 6,000 enterprise employees globally, found that between a fifth and a third of workers are using AI completely outside the visibility of their IT teams. And 61%** of IT leaders said AI is increasing their cybersecurity risk, but only 31%** feel confident they can actually address it.
Â
For this community specifically, I'd imagine this lands a bit differently than it does for the average person reading a news article. You're the ones who'd have to deal with the fallout.
Â
So I'm curious where you stand on it:
- Is shadow AI something you're already seeing in your organisations, and if so how are you handling it?
- Is the answer better policy, better tooling, approved alternatives, or some combination of all three?
Â
And genuinely, is this a problem that can actually be solved, or is it something we as tech professionals must simply acknowledge and adapt to?
Â
Would love to hear how people are approaching it, especially those of you working in security or compliance heavy environments.
Â
🔗* Shadow AI risks deepen as 31% of users get no employer training — Help Net Security
Â
Cheers,
Kirk
Â

