#shadow-ai — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #shadow-ai, aggregated by home.social.
-
Shadow AI ve vývoji začne být problém ve chvíli, kdy do pull requestu přijde změna navržená přes soukromý AI účet a nikdo už nedoloží, jaký kód, logy nebo interní dotaz model viděl. Samotný zákaz nestačí; dohled musí být v nástroji, kontrole kódu a CI.
https://zdrojak.cz/clanky/shadow-ai-ve-vyvoji-skryty-problem-ktery-musite-resit-v-pull-requestu/ -
Shadow AI ve vývoji začne být problém ve chvíli, kdy do pull requestu přijde změna navržená přes soukromý AI účet a nikdo už nedoloží, jaký kód, logy nebo interní dotaz model viděl. Samotný zákaz nestačí; dohled musí být v nástroji, kontrole kódu a CI.
https://zdrojak.cz/clanky/shadow-ai-ve-vyvoji-skryty-problem-ktery-musite-resit-v-pull-requestu/ -
Shadow AI: The Risk Quietly Undermining Your Competitive Edge
Employees are already using AI with or without your approval. Learn why blocking Shadow AI fails and how to build a practical governance strategy that works.https://jseggers.com/technology/shadow-ai-the-risk-quietly-undermining-your-competitive-edge/
-
Shadow AI: The Risk Quietly Undermining Your Competitive Edge
Employees are already using AI with or without your approval. Learn why blocking Shadow AI fails and how to build a practical governance strategy that works.https://jseggers.com/technology/shadow-ai-the-risk-quietly-undermining-your-competitive-edge/
-
https://winbuzzer.com/2026/06/30/microsoft-details-edge-security-controls-for-shadow-ai-xcxwbn/
Microsoft has improved Edge for Business controls for shadow AI, data loss prevention, contractors, extensions, and scareware.
#AI #EdgeForBusiness #MicrosoftEdge #Microsoft #ShadowAI #MicrosoftSecurity #Cybersecurity
-
https://winbuzzer.com/2026/06/30/microsoft-details-edge-security-controls-for-shadow-ai-xcxwbn/
Microsoft has improved Edge for Business controls for shadow AI, data loss prevention, contractors, extensions, and scareware.
#AI #EdgeForBusiness #MicrosoftEdge #Microsoft #ShadowAI #MicrosoftSecurity #Cybersecurity
-
When AI providers exhausted free training data, they monetized user inputs.
#ShadowAI is already happening; employees bypass security for productivity.
#PrivateAI infrastructure solves this: you choose the region, verify no cross-border routing, ensure zero training on inputs.
Same AI capabilities (GPT, Claude, Gemini, etc.), but with full data privacy. To whom do you entrust your data?
https://amazee.ai/blog/how-private-ai-ensures-data-sovereignty-and-protection
-
New by me: Shadow AI Is the New Shadow IT, but Blocking It Won't Work
https://www.kylereddoch.me/blog/shadow-ai-is-the-new-shadow-it-but-blocking-it-wont-work/
-
New by me: Shadow AI Is the New Shadow IT, but Blocking It Won't Work
https://www.kylereddoch.me/blog/shadow-ai-is-the-new-shadow-it-but-blocking-it-wont-work/
-
Nearly half of UK finance leaders say their organisations fall short on AI governance, according to new Soldo research. Twenty‑seven percent of employees bought AI tools without approval last year, fuelling shadow AI spend, and six in ten admit bending rules to access company funds. Only 27% of finance leaders say AI use is fully governed.
Story here: https://www.techfinitive.com/one-in-four-employees-buying-ai-tools-without-company-approval-research-finds/
#FinanceManagementSoftware #Fintech #ITManagement #ShadowAI #ShadowIT
-
Verizon DBIR Exposes Growing Browser-Based Threats
Employees are unwittingly putting sensitive data at risk by using AI tools like ChatGPT and Gemini on corporate devices, with 67% accessing these services with personal accounts and 45% using them regularly. This Shadow AI phenomenon is rapidly escalating, with a fourfold year-over-year increase in insider risk.
#ShadowAi #BrowserbasedThreats #DataLossPrevention #AiMisuse #InsiderThreats
-
78% of employees are bringing their own AI to work. Most without approval.
Banning AI doesn't work. It pushes usage into the shadows where you have zero visibility.
The solution to #ShadowAI: Provide a sanctioned alternative. A private #AIGateway keeps data sovereign, prevents model training on your IP, and maintains audit trails for compliance.
Replace shadow risk with controlled innovation:
https://amazee.ai/blog/solving-shadow-ai-dilemma -
78% of employees are bringing their own AI to work. Most without approval.
Banning AI doesn't work. It pushes usage into the shadows where you have zero visibility.
The solution to #ShadowAI: Provide a sanctioned alternative. A private #AIGateway keeps data sovereign, prevents model training on your IP, and maintains audit trails for compliance.
Replace shadow risk with controlled innovation:
https://amazee.ai/blog/solving-shadow-ai-dilemma -
#ShadowAI isn't really a tech problem. It's a visibility problem.
If your org can't see where #AI is being used, you can't manage the #risk..or the opportunity.
Check out this thoughtful discussion on how to govern AI without slowing innovation: https://loom.ly/evtMxXg
-
#ShadowAI isn't really a tech problem. It's a visibility problem.
If your org can't see where #AI is being used, you can't manage the #risk..or the opportunity.
Check out this thoughtful discussion on how to govern AI without slowing innovation: https://loom.ly/evtMxXg
-
The New Digital Battlefield: Why 2026 Demands a Hardened Security Stance
2,251 words, 12 minutes read time.
The digital landscape has fundamentally shifted, and if you are still looking at your network through the lens of yesterday’s defensive strategies, you are already behind. We have entered an era where the perimeter is not just porous; it is effectively non-existent. As we navigate 2026, the rise of agentic artificial intelligence has transformed the threat landscape from a series of isolated incidents into a continuous, automated, and relentless war of attrition. Adversaries are no longer manually probing for weaknesses during business hours; they are deploying autonomous software agents that scout, exploit, and pivot through complex multi-cloud environments without human intervention. This shift marks the end of the era where reactive patch management and static firewall rules could keep an enterprise safe. Analyzing the current trajectory of these automated threats, it is clear that the primary battlefield has moved from the network edge to the identity layer, making every single access request a potential point of compromise that requires immediate, granular verification.
The Weaponization of Intelligence and the Death of Perimeter Defense
The most significant change to the security landscape this year is the democratization of sophisticated offensive tools. Attackers have evolved beyond simple phishing schemes, utilizing generative models to craft hyper-personalized deception campaigns that are virtually indistinguishable from legitimate communications. These are not the poorly translated emails of a decade ago; these are synthesized audio, video, and text-based deepfakes that exploit human psychology by mimicking trusted colleagues or vendors. When I look at the rapid maturation of these technologies, I see a clear pattern of adversaries targeting the human element while simultaneously leveraging machine learning to identify and exploit zero-day vulnerabilities in public-facing applications. The traditional concept of a “trusted network” has been completely eroded by this reality. It is no longer enough to guard the gates; organizations must now assume that their internal environments are already compromised and operate with a mindset of constant, zero-trust verification.
Moving Beyond Prevention Toward Active Operational Resilience
Prevention remains a fundamental goal, but in 2026, it is no longer the sole pillar of a successful security posture. The smartest organizations are now shifting their focus toward operational resilience, which acknowledges the inevitability of a security incident and prioritizes the ability to withstand, contain, and recover from such events in real time. This transition requires a move away from reliance on human analysts to manually triage every alert. We are seeing a necessary pivot toward automated incident response frameworks that can detect anomalies and orchestrate remediation actions at machine speed. By integrating security orchestration, automation, and response tools into a unified platform, security teams are finally beginning to close the gap between detection and mitigation. This level of responsiveness is the only way to counter the speed of agentic AI attacks, as traditional manual processes are simply too slow to keep pace with an adversary that never sleeps and never tires.
The Silent Expansion of the Shadow AI WorkforceOne of the most insidious threats currently facing enterprises is the unchecked proliferation of shadow AI agents. In 2026, it is no longer just about employees using unapproved chatbots to summarize meeting notes; we are witnessing the deployment of autonomous agents that have been granted direct, persistent access to critical business data and internal systems. These digital coworkers operate with a level of agency that far outstrips simple automation, performing tasks like financial reporting, supply chain adjustments, and email management without constant human oversight. When an organization fails to maintain a comprehensive inventory of these agents, it effectively creates a shadow workforce that exists entirely outside the purview of traditional identity and access management systems. This identity sprawl introduces a massive, hidden attack surface where a single misconfigured agent—or one compromised through a malicious prompt injection—can initiate a cascade of unauthorized actions across the corporate network. Because these agents are designed to move data and execute processes, they essentially function as authorized insiders with elevated privileges, making the task of distinguishing between legitimate autonomous operations and malicious activity an increasingly complex needle-in-a-haystack problem.
Why Identity Has Replaced the Network as the Primary Battleground
For years, the industry obsessed over the network perimeter, pouring capital into firewalls and intrusion detection systems to keep the bad guys out. That era is definitively over. In the current threat environment, identity is the new perimeter, and it is failing under the weight of AI-powered credential abuse and deepfake deception. Attackers are no longer focused on finding a hole in a firewall; they are finding ways to walk through the front door using stolen or synthesized credentials that appear entirely authentic. When I evaluate the efficacy of modern security controls, it is obvious that static multi-factor authentication is no longer enough to stop an adversary who can perform real-time biometric spoofing or orchestrate a multi-stage social engineering attack that mimics an executive’s voice or likeness during a critical transaction. Every single access request must now be treated as a high-stakes event, validated against real-time behavioral patterns, device health telemetry, and geolocation data. We have moved into a world where trust must be continuously earned through granular verification, and any system that assumes a user or an agent is “trusted” based on a single point of entry is simply begging to be exploited.
The Rising Tide of Supply Chain and API Vulnerabilities
While the focus on agentic AI and identity is necessary, we cannot afford to ignore the systemic rot within our interconnected software ecosystems. Modern applications are built on a sprawling web of third-party APIs, open-source libraries, and cloud-native integrations that create countless back doors into an organization’s most sensitive data. Attackers have realized that they do not need to break through the fortified front door of a target company when they can instead compromise a trusted vendor, a CI/CD workflow, or an OAuth token that grants them indirect, authenticated access. The data from the past year confirms a dramatic increase in the exploitation of public-facing applications, often leveraged through these compromised trust relationships. This means that an organization’s security posture is only as strong as its weakest third-party integration. Moving forward, the only way to mitigate this risk is to treat every API and every software dependency as a potential ingress point, enforcing rigorous oversight and ensuring that security transparency extends far beyond the internal walls of the enterprise.
The Escalation of Data Poisoning and Model Integrity Risks
While much of the industry attention has been captured by the potential for AI-driven external attacks, there is an equally dangerous, albeit quieter, evolution occurring within the integrity of the data that powers these systems. We are currently facing a crisis of confidence regarding the inputs that drive corporate decision-making and autonomous workflows. In 2026, it is not enough to secure the infrastructure; we must now confront the reality of data poisoning, where adversaries inject subtle, malicious anomalies into the datasets used for training or fine-tuning enterprise machine learning models. This is not about a sudden, catastrophic system failure that triggers a loud alarm; it is about the gradual, calculated subversion of business logic. When an attacker successfully manipulates the underlying data, they can induce a model to make flawed recommendations, prioritize fraudulent transactions, or ignore malicious patterns in security logs. This turns a company’s most potent technological asset into a Trojan horse, working silently against the organization’s interests from the inside out. Securing the data pipeline has become a top-tier security imperative, requiring rigorous provenance tracking, continuous auditability of training sets, and the implementation of robust adversarial training techniques designed to identify and reject manipulated inputs before they can degrade the model’s reliability.
Addressing the Looming Talent Gap and Defensive Burnout
The rapid pace of technological change is not only taxing our technical systems; it is pushing human defenders to their absolute breaking point. We are operating in an environment where the volume, variety, and velocity of security alerts have completely outstripped the cognitive capacity of traditional security operations center teams. Expecting human analysts to keep pace with adversaries who are utilizing automated agents to conduct attacks at machine speed is a recipe for failure and inevitable burnout. This is why the integration of advanced analytics and automated triage is no longer just a luxury for the largest organizations; it is a fundamental survival requirement. The goal is to move the human element up the value chain, shifting the focus from mundane, repetitive monitoring tasks toward high-level threat hunting, architecture design, and strategic oversight. By offloading the grunt work of log aggregation, initial correlation, and basic incident containment to intelligent machines, we can preserve the sanity of our teams while simultaneously reducing the dwell time of attackers within our environments. A security strategy that fails to account for the human element of this equation is doomed to fall apart as the attrition rates in cybersecurity continue to climb in response to this relentless, high-pressure digital conflict.
Building a Future-Proof Architecture Based on Radical Transparency
Looking toward the remainder of this year and beyond, the only way for any organization to maintain a viable security stance is to embrace a philosophy of radical transparency and aggressive defensive engineering. We must abandon the secrecy that has historically defined corporate security departments and instead adopt a model of shared intelligence. This means actively participating in industry threat-sharing consortia, automating the ingestion of real-time indicators of compromise, and building systems that are designed to be observable at every layer of the stack. A closed, proprietary system is inherently more fragile in the current climate than an open, well-audited, and resilient architecture. We need to move toward a future where security controls are not just bolted onto existing infrastructure as an afterthought, but are instead natively woven into the software development lifecycle, the CI/CD pipeline, and the very identity frameworks that govern access. The threats we face today are systemic and collaborative; our defenses must be equally coordinated, pervasive, and uncompromising if we are to have any hope of maintaining control over our digital domains.
The Final Synthesis: Adapting to the Persistent Threat Paradigm
As we look toward the horizon, it becomes clear that the distinction between a peaceful digital state and an active security incident has effectively dissolved. We are no longer living in a world of binary outcomes where one is either secure or compromised. Instead, we are navigating a permanent state of high-intensity conflict where persistent, automated threats constantly probe for the slightest deviation in our operational baseline. Success in this environment is not defined by the absence of attacks, but by the ability to maintain the continuity of business operations while under fire. This requires a fundamental departure from the legacy mindset of static defenses and annual compliance audits. It demands a posture that is defined by agility, continuous monitoring, and the willingness to radically restructure how we manage identity, data, and software supply chains. The organizations that thrive will be those that accept this reality and invest heavily in the defensive infrastructure that allows them to observe, adapt, and respond faster than the adversary can evolve.
Institutionalizing Vigilance as a Core Business Function
The ultimate takeaway from the current threat landscape is that cybersecurity can no longer be sequestered into a back-office IT department. It must be elevated to a board-level priority that dictates how the company handles everything from vendor selection to product development. When leadership treats security as a checkbox, they are fundamentally misunderstanding the existential risk that these automated threats pose to their market position and operational integrity. I see this reality manifesting in the increasing frequency of leadership turnover within organizations that fail to treat security as a first-order business risk. If you are not integrating security into your organizational DNA, you are building your future on a foundation that is already actively being undermined by adversaries. Establishing a culture of vigilance means fostering a workforce that is trained to recognize the signs of deception, ensuring that security-by-design is non-negotiable for every engineering team, and maintaining a budget that reflects the severity of the threat landscape.
Securing the Path Forward in a Hostile Digital Ecosystem
In closing, the path forward is narrow and requires an uncompromising commitment to technical excellence. We cannot afford to be complacent, nor can we afford to trust in the effectiveness of legacy solutions that were never designed to operate against AI-driven adversaries. The future of security is about visibility, automation, and the ruthless elimination of unnecessary trust. It is about building a defense that is as intelligent, distributed, and persistent as the threats we are up against. This is not a short-term project that can be completed and filed away; it is a permanent change in how we operate, build, and interact in the digital world. The landscape will continue to shift, and the tools available to our adversaries will continue to improve, but by focusing on robust identity management, resilient architecture, and an unwavering commitment to data integrity, we can maintain the upper hand. The battle for the digital future is ongoing, and only those who are willing to adapt, innovate, and secure their environments with extreme prejudice will remain standing when the smoke clears.
SUPPORTSUBSCRIBECONTACT MED. Bryan King
Sources
- CISA Cybersecurity Advisories
- NIST Cybersecurity Framework
- ENISA Threat Landscape Reports
- SANS Institute Security Blog
- Gartner Cybersecurity Research
- CrowdStrike Global Threat Report
- Mandiant M-Trends Report
- Palo Alto Networks Cyberpedia
- Google Security Blog
- Microsoft Security Blog
- IBM Cost of a Data Breach Report
- CIS Critical Security Controls
- Cybereason Defense Blog
- Dark Reading
- The Hacker News
- Recorded Future Intelligence
- Rapid7 Security Blog
- Unit 42 Threat Intelligence
- FireEye Threat Research
- Tenable Research Blog
- AlienVault Security Essentials
- Varonis Data Security Blog
- Proofpoint Security Blog
- Trend Micro Security News
- Check Point Research
- Recorded Future Threat Intelligence
- Kaspersky Daily
- FortiGuard Labs
- Cisco Security Reports
- Splunk Security Blog
- CrowdStrike Blog
- CyberScoop
- SC Media
- ZDNet Security
- BleepingComputer
Disclaimer:
The views and opinions expressed in this post are solely those of the author. The information provided is based on personal research, experience, and understanding of the subject matter at the time of writing. Readers should consult relevant experts or authorities for specific guidance related to their unique situations.
Related Posts
Rate this:
#agenticAIThreats #AIDrivenThreats #APIVulnerabilities #automatedDefense #automatedIncidentResponse #automatedSecurityTools #autonomousCyberAttacks #behavioralAnalytics #biometricSpoofing #cloudSecurity #credentialAbuse #cyberHygiene #cyberResilience #cyberRiskManagement #cyberWarfare #cybersecurityBestPractices #cybersecurityFuture #cybersecurityLeadership #cybersecurityPosture #cybersecurityStrategy #cybersecurityTrends2026 #dataPoisoning #deepfakeDetection #digitalInfrastructure #enterpriseProtection #enterpriseRisk #enterpriseSecurity #identityCentricSecurity #incidentManagement #informationSecurity #modelIntegrity #networkDefense #operationalResilience #riskManagement #securityAutomation #securityOperationsCenter #securityByDesign #shadowAI #softwareSupplyChain #supplyChainSecurity #threatHunting #threatIntelligence #threatLandscape #threatMitigation #ZeroTrustArchitecture -
Shadow AI Exposes 2,000 Vibe-Coded Apps with Sensitive Data
A shocking discovery by Red Access revealed over 2,000 apps with sensitive corporate, operational, or personal data exposed online, leaving countless organizations vulnerable to risk. These apps, found on popular vibe-coding platforms, were often deployed without basic security controls, granting open access to sensitive information.
#SensitiveDataExposure #Vibecoding #ShadowAi #EmergingThreats #DataLeak
-
"Most organizations still think about Shadow AI as employees using an unapproved chatbot. That definition is already outdated.
The LayerX research shows that enterprise AI usage is rapidly fragmenting across a growing ecosystem of AI tools, embedded assistants, AI browser extensions, AI search engines, coding copilots, and AI-powered SaaS features that often operate outside traditional visibility and governance controls.
Nearly 30% of enterprise users already use multiple AI platforms, while the top 5% interact with six or more AI applications. Employees are no longer relying on a single assistant for isolated tasks. They are combining multiple AI systems inside the same workflows, often switching between tools depending on the task, data type, or convenience.
This is what modern Shadow AI actually looks like. It's the growing long tail of AI tools that organizations struggle to see, track, or govern. In many cases, organizations may not even realize AI is being used at all, creating a far larger governance challenge than most organizations anticipate."
https://thehackernews.com/2026/05/new-ai-usage-report-enterprise-ai-risk.html
-
"Most organizations still think about Shadow AI as employees using an unapproved chatbot. That definition is already outdated.
The LayerX research shows that enterprise AI usage is rapidly fragmenting across a growing ecosystem of AI tools, embedded assistants, AI browser extensions, AI search engines, coding copilots, and AI-powered SaaS features that often operate outside traditional visibility and governance controls.
Nearly 30% of enterprise users already use multiple AI platforms, while the top 5% interact with six or more AI applications. Employees are no longer relying on a single assistant for isolated tasks. They are combining multiple AI systems inside the same workflows, often switching between tools depending on the task, data type, or convenience.
This is what modern Shadow AI actually looks like. It's the growing long tail of AI tools that organizations struggle to see, track, or govern. In many cases, organizations may not even realize AI is being used at all, creating a far larger governance challenge than most organizations anticipate."
https://thehackernews.com/2026/05/new-ai-usage-report-enterprise-ai-risk.html
-
CxO: "Holy shizzle! We need to get control of AI use! It's out of control! We're going to get fined, sued, and maybe executives might go to jail!"
Information Security: "Great! First we will inventory the use of AI, map that against employees and contractors who are using " Shadow AI", and have a conversation with them to cease and desist while we bring rigor to the use of AI"
CxO: "Excellent! But, I need to still keep vibe coding while using this Claude Bot thing I downloaded to my company laptop last night. Oh! And I also need to keep using that Agentic AI stock trading bot I loaded on my company laptop as well!"
Information Security: 😳🧐😒🙄
Turns out the C-suite loves shadow AI - Help Net Security
#shadowai #executivesuite #policyexception
https://share.google/UjrLQ4tcbLH1LnfhF -
CxO: "Holy shizzle! We need to get control of AI use! It's out of control! We're going to get fined, sued, and maybe executives might go to jail!"
Information Security: "Great! First we will inventory the use of AI, map that against employees and contractors who are using " Shadow AI", and have a conversation with them to cease and desist while we bring rigor to the use of AI"
CxO: "Excellent! But, I need to still keep vibe coding while using this Claude Bot thing I downloaded to my company laptop last night. Oh! And I also need to keep using that Agentic AI stock trading bot I loaded on my company laptop as well!"
Information Security: 😳🧐😒🙄
Turns out the C-suite loves shadow AI - Help Net Security
#shadowai #executivesuite #policyexception
https://share.google/UjrLQ4tcbLH1LnfhF -
Everyone is navigating AI security in real time -- even Google | TechCrunch https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/ #cybersecruity #AI #AISecurity #GoogleCloud #ShadowAI #ShiftLeft #Governance
-
Everyone is navigating AI security in real time -- even Google | TechCrunch https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/ #cybersecruity #AI #AISecurity #GoogleCloud #ShadowAI #ShiftLeft #Governance
-
#GoogleCloud COO #FrancisdeSouza emphasises the need for a #platformapproach to #AIsecurity, integrating #security from the start and addressing the threat of #shadowAI. He highlights the need for consistent security across clouds and the emergence of AI-native defences. https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/?AIagents.at #AIagent #AI #ML #NLP #LLM #GenAI
-
#GoogleCloud COO #FrancisdeSouza emphasises the need for a #platformapproach to #AIsecurity, integrating #security from the start and addressing the threat of #shadowAI. He highlights the need for consistent security across clouds and the emergence of AI-native defences. https://techcrunch.com/2026/05/24/everyone-is-navigating-ai-security-in-real-time-even-google/?AIagents.at #AIagent #AI #ML #NLP #LLM #GenAI
-
47% of employees use personal AI accounts at work, bypassing security controls. Shadow AI costs $670K per breach. Traditional DLP cannot see encrypted sessions to unauthorized endpoints. Pre-execution output governance is the only architectural response that works. #ShadowAI #DataSecurity
-
🗽 Sono appena tornato da una vacanza a New York.
🤖 E mi sono portato a casa qualcosa di inaspettato: non souvenir, ma una riflessione molto concreta su dove siamo davvero arrivati con l’AI.
🌃 A Times Square, accanto a Coca-Cola e Samsung, c’era la pubblicità di una piattaforma AI.
Nei café, da Starbucks a Gregorys, chiunque avesse un laptop aperto — studenti, sviluppatori, giornalisti — stava interagendo con Claude, Copilot o ChatGPT.
Non come una novità. Come normalità.Negli USA, l’AI ha già superato il punto di non ritorno culturale.
📊 I dati lo confermano: il 41% dei lavoratori americani usa la GenAI per scopi professionali, contro circa il 20% delle aziende europee. E il divario è ancora più ampio tra grandi imprese (55%) e PMI (17%).
Nel mio nuovo articolo parlo di:
🏙️ Quello che ho visto tra Times Square e i café di Manhattan
📈 I dati reali dietro al divario USA vs Europa
⚠️ Shadow AI: perché la crescita incontrollata è il rischio più sottovalutato
🔐 Come governance e identity management stanno diventando fondamentali per adottare l’AI in modo sostenibile🔗 Leggi il post qui:
https://iam.fabiograsso.net/it/blog/okta-ai-newyork/?utm_source=infosec.exchange&utm_medium=social&utm_campaign=2026q2_masto_pushState già governando gli agenti AI nella vostra organizzazione? O siete ancora nella fase “proviamo e vediamo cosa succede”? Qual è oggi il principale gap di governance AI nella vostra azienda?
#AI #IntelligenzaArtificiale #AISecurity #AIGovernance #Cybersecurity #IAM #GenAI #ShadowAI #Okt
-
🗽 Sono appena tornato da una vacanza a New York.
🤖 E mi sono portato a casa qualcosa di inaspettato: non souvenir, ma una riflessione molto concreta su dove siamo davvero arrivati con l’AI.
🌃 A Times Square, accanto a Coca-Cola e Samsung, c’era la pubblicità di una piattaforma AI.
Nei café, da Starbucks a Gregorys, chiunque avesse un laptop aperto — studenti, sviluppatori, giornalisti — stava interagendo con Claude, Copilot o ChatGPT.
Non come una novità. Come normalità.Negli USA, l’AI ha già superato il punto di non ritorno culturale.
📊 I dati lo confermano: il 41% dei lavoratori americani usa la GenAI per scopi professionali, contro circa il 20% delle aziende europee. E il divario è ancora più ampio tra grandi imprese (55%) e PMI (17%).
Nel mio nuovo articolo parlo di:
🏙️ Quello che ho visto tra Times Square e i café di Manhattan
📈 I dati reali dietro al divario USA vs Europa
⚠️ Shadow AI: perché la crescita incontrollata è il rischio più sottovalutato
🔐 Come governance e identity management stanno diventando fondamentali per adottare l’AI in modo sostenibile🔗 Leggi il post qui:
https://iam.fabiograsso.net/it/blog/okta-ai-newyork/?utm_source=infosec.exchange&utm_medium=social&utm_campaign=2026q2_masto_pushState già governando gli agenti AI nella vostra organizzazione? O siete ancora nella fase “proviamo e vediamo cosa succede”? Qual è oggi il principale gap di governance AI nella vostra azienda?
#AI #IntelligenzaArtificiale #AISecurity #AIGovernance #Cybersecurity #IAM #GenAI #ShadowAI #Okt
-
From #Venture Beat: "5,000 vibe-coded apps just proved shadow #AI is the new S3 bucket #crisis"
The post mentions examples from a Bank in #Brazil, a #Clinical study in #UK, etc.
#VibeCoding #ShadowAI #Security
https://venturebeat.com/security/vibe-coded-apps-shadow-ai-s3-bucket-crisis-ciso-audit-framework
-
From #Venture Beat: "5,000 vibe-coded apps just proved shadow #AI is the new S3 bucket #crisis"
The post mentions examples from a Bank in #Brazil, a #Clinical study in #UK, etc.
#VibeCoding #ShadowAI #Security
https://venturebeat.com/security/vibe-coded-apps-shadow-ai-s3-bucket-crisis-ciso-audit-framework
-
Can You Name Every AI Running in Your Organization Right Now? https://youtu.be/IY1-RAgeSo4 #AIGovernance #ArtificialIntelligence #GenerativeAI #AgenticAI #AIAgents #Cybersecurity #RiskManagement #DataGovernance #ShadowAI #ResponsibleAI #AICompliance #CISO #BoardroomCybersecurity
-
Can You Name Every AI Running in Your Organization Right Now? https://youtu.be/IY1-RAgeSo4 #AIGovernance #ArtificialIntelligence #GenerativeAI #AgenticAI #AIAgents #Cybersecurity #RiskManagement #DataGovernance #ShadowAI #ResponsibleAI #AICompliance #CISO #BoardroomCybersecurity
-
AI-BOMs Emerge to Secure Enterprise AI Supply Chains
Imagine biting into a mysterious birthday cake without knowing its ingredients or who baked it - that's what it's like for enterprises trying to secure their AI supply chains without visibility into the components used to build their AI systems. Traditional software bills of materials just aren't cutting it in this new landscape.
#AiSupplyChains #ArtificialIntelligence #ShadowAi #Sbom #EnterpriseSecurity
-
78% of your employees are bringing their own AI to work.
A sales hire pastes a confidential transcript into ChatGPT to save time. Your IP is now training a public model.
60% admit they'll bypass an #AI ban to hit productivity targets. Banning doesn't stop #ShadowAI, it just moves it to personal devices where you have zero control.
This is an access problem, not a compliance problem.
https://amazee.ai/blog/solving-the-shadow-ai-dilemma-with-private-ai
-
78% of your employees are bringing their own AI to work.
A sales hire pastes a confidential transcript into ChatGPT to save time. Your IP is now training a public model.
60% admit they'll bypass an #AI ban to hit productivity targets. Banning doesn't stop #ShadowAI, it just moves it to personal devices where you have zero control.
This is an access problem, not a compliance problem.
https://amazee.ai/blog/solving-the-shadow-ai-dilemma-with-private-ai
-
You can’t protect what you can’t see. 🔍 AI adoption is growing, but your security doesn't have to suffer. Cloudflare’s Max Imbiel shares how to gain visibility using your existing SASE & DNS data.
Read more via Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/visibility-is-the-first-step-to-securing-shadow-ai #ShadowAI #CloudflareOne -
You can’t protect what you can’t see. 🔍 AI adoption is growing, but your security doesn't have to suffer. Cloudflare’s Max Imbiel shares how to gain visibility using your existing SASE & DNS data.
Read more via Dark Reading: https://www.darkreading.com/cyberattacks-data-breaches/visibility-is-the-first-step-to-securing-shadow-ai #ShadowAI #CloudflareOne -
Shadow AI: This New Productivity Secret Is Also a Massive Liability https://www.inc.com/chloe-aiello/shadow-ai-silicon-valleys-new-productivity-secret-is-also-a-massive-liability/91331997 #cybersecurity #risk #ShadowAI #AI #ArtificialIntelligence #DataLeaks #DataPoisoning #misinformation
-
Shadow AI: This New Productivity Secret Is Also a Massive Liability https://www.inc.com/chloe-aiello/shadow-ai-silicon-valleys-new-productivity-secret-is-also-a-massive-liability/91331997 #cybersecurity #risk #ShadowAI #AI #ArtificialIntelligence #DataLeaks #DataPoisoning #misinformation
-
🎙️ Nouvel épisode avec Cyndie Fletz, Nicolas Milot et Dominique Derrier : on parle Shadow AI et PME.
Interdire l'IA en entreprise ? Ça ne fonctionne pas. Mieux vaut éduquer, encadrer et fournir les bons outils.
Comme avec des ados : on peut pas tout contrôler, mais on peut inculquer les bons réflexes. 😅
🎧 Web: https://polysecure.ca/posts/episode-0x739.html#1e5e7545
🎧 Spotify: https://open.spotify.com/episode/5KI2SsgPgaTowGMDvCyGah?si=j1HEqlbcRUewsfkDlifTww
🎧 YouTube: https://youtu.be/kXXK8rh3F1E -
Browser Extensions Emerge as Unchecked AI Security Risk
Did you know that the biggest AI security risk to your organization might be hiding in plain sight - in the browser extensions used by every employee, quietly evading your existing security protections? A recent report from LayerX reveals the shocking truth about this largely overlooked threat.
#AiSecurityRisk #BrowserExtensions #EmergingThreats #Genai #ShadowAi
-
#Hollywood #assistants are increasingly using #AI tools, both officially sanctioned and #shadowAI, to manage larger workloads and shrinking headcounts. While AI is being used for tasks like composing emails and generating script coverage, concerns exist about its limitations in capturing the nuances of storytelling and its potential impact on job security. https://www.hollywoodreporter.com/movies/movie-features/hollywood-assistants-ai-development-1236553905/?eicker.news #tech #media #news
-
El Caballo de Troya en tu Navegador: Los Riesgos de la IA Generativa en la Empresa
Por: Ariel Corgatelli
El dilema de la productividad: ¿A qué costo estamos ahorrando tiempo? La fuga de datos a través de chatbots se ha convertido en el nuevo dolor de cabeza para los departamentos de ciberseguridad.
El avance de la Inteligencia Artificial generativa ha sido meteórico. Herramientas como ChatGPT, Claude o Gemini se han vuelto compañeros inseparables de miles de empleados que buscan optimizar tareas tediosas. Sin embargo, en esta carrera por la eficiencia, se está abriendo una brecha de seguridad silenciosa pero letal: la exposición de datos corporativos sensibles.
https://www.instagram.com/reel/DWwfk4GoASs/
1. El algoritmo nunca olvida
El concepto fundamental que muchos usuarios ignoran es que los chatbots no son herramientas de procesamiento estático, sino modelos en constante aprendizaje. La mayoría de las versiones gratuitas de estas plataformas utilizan los «prompts» (las instrucciones o textos que ingresamos) para re-entrenar sus algoritmos.
Cuando un empleado sube un código fuente para buscar un error, o un acta de directorio para que la IA redacte un resumen, esa información deja de pertenecer a la empresa. Pasa a formar parte del vasto conjunto de datos del modelo y, en teoría, podría aparecer filtrada o influenciar respuestas generadas para otros usuarios en el futuro.
2. El peligro del «Shadow AI»
Así como hace años hablábamos del Shadow IT (el uso de software no autorizado por el departamento de sistemas), hoy nos enfrentamos al Shadow AI.
El riesgo es doble:
- Pérdida de Propiedad Intelectual: Algoritmos, estrategias de marketing antes de ser lanzadas o procesos industriales únicos.
- Cumplimiento Legal (Compliance): Subir datos de clientes o empleados a servidores de terceros puede violar leyes de protección de datos personales (como la GDPR o normativas locales), exponiendo a la empresa a multas millonarias.
3. El factor humano y el «atajo» peligroso
El eslabón más débil sigue siendo el usuario. Muchos empleados, bajo la presión de la inmediatez, trabajan documentos importantes con IA sin saber los daños que pueden generar. No hay mala intención, hay falta de formación en cultura de ciberseguridad. Una planilla de Excel con sueldos o una base de datos de clientes subida a una IA «para que la ordene» es, técnicamente, una filtración de datos autoinfligida.
Guía de Buenas Prácticas: ¿Cómo usar la IA sin comprometer a la empresa?
Para aprovechar los beneficios de la IA sin convertirla en un riesgo, es fundamental seguir estos pilares:
- Anonimización: Antes de interactuar con una IA, se deben eliminar nombres reales, direcciones IP, correos electrónicos y cifras financieras exactas. Usar «Empresa X» o «Monto Y» protege el contexto sin sacrificar el resultado.
- Uso de Versiones Enterprise: Las empresas deben invertir en licencias corporativas que garantizan que los datos no se utilicen para entrenar modelos públicos y que cumplen con estándares de privacidad específicos.
- Políticas de Uso Claro: No se trata de prohibir, sino de regular. Crear una guía interna que especifique qué tipo de información puede tocar la IA y cuál debe permanecer estrictamente en servidores locales.
- Revisión de Configuraciones: Verificar siempre en los ajustes de la herramienta si existe la opción de «Desactivar historial y entrenamiento».
Conclusión
La Inteligencia Artificial es una herramienta de transformación increíble, pero en ciberseguridad, la confianza ciega no es una opción. Como siempre decimos, la seguridad de la información comienza con la conciencia del usuario.
#arielmcorg #chatgpt #ciberseguridad #IA #infosertec #PORTADA #RADIOGEEK #SeguridadInformatica #ShadowAI #tecnologia -
KiloClaw targets shadow AI with autonomous agent governance https://www.artificialintelligence-news.com/news/kiloclaw-targets-shadow-ai-autonomous-agent-governance/ #kiloclaw #agenticai #enterpriseai #openclaw #shadowai #governance #ai #technology
-
Mobvoi TicNote Pods bring 4G AI note taking to earbuds and ditch your phone
https://fed.brid.gy/r/https://nerds.xyz/2026/03/mobvoi-ticnote-pods-4g-ai-earbuds/
-
Join us tomorrow @ 12:30 PM CT as Recon’s very own threat hunting aficionado, Watson Brown, dives into Detecting AI in the tuMoltuous Shadows!
Don’t get left in the dark with the AI - secure your spot here: thursdef.com
-
ICYMI: As new AI tools enter workplaces, privacy risks don’t always come from where people expect.
We analyzed 3 emerging AI tools and explained the real governance questions businesses should be asking before adoption.
-
A bit nostalgic to read this piece about law firms in my old stomping grounds (#Hawaii) and their cautious approach to #AI. 100% agree that firms need to have an acceptable use policy, otherwise their associates are going to use it without oversight. #ShadowAI
https://www.bizjournals.com/pacific/news/2026/01/16/hawaii-law-firms-adopting-ai.html