AI is another data loss vector

AI has transformed every industry, including AI-assisted development tools, AI agents to collect data, and AI chatbots to enhance service delivery. IT leaders are seeking new ways to leverage AI to support the growing needs of their organizations.

But as you continue to seek AI solutions, be aware of how your employees are really using AI. They may not be using the enterprise solutions provided by your organization. Instead, many employees are turning to "free" AI tools to support their day-to-day work. While this can sometimes lead to increased productivity, a big risk of this "shadow AI" is data exfiltration.

For example, a recent article in CIO Dive about why the prompt is the new data loss channel identified that employee use of "shadow AI" presents a data security risk to organizations:

"When employees can easily upload sensitive, proprietary data into an ever-growing range of unmonitored, public third-party tools [aka 'shadow AI'], it becomes a primary data-loss vector."

This is really a user awareness and training issue. What you put into AI becomes part of their training set, unless you have a specific "enterprise data protection" contact that says otherwise. That's especially true of "free" tools, because they often sell your data to pay for the service.

And not understanding that is where organizations face accidental data loss through AI. The article also notes that "most instances of data loss through 'Gen AI' (Generative AI) entirely accidental, resulting from a failure to understand the inherent security and privacy vulnerabilities of these tools."

But IT leaders recognize that "shadow IT" has always been a problem. First, it was employees bringing in third party tech tools to to their job. Then it was employees using outside technology services to process corporate data. Now it's using outside AI systems to do their work, opening the door to all kinds of new risks.

This risk was highlighted in a similar article a few weeks ago about how risky shadow AI use remains widespread. From the article:

"Many employees continue using AI tools through personal accounts that lack the proper security guardrails and fall outside the purview of their organizations' IT teams, creating opportunities for hackers to manipulate those tools and breach corporate networks."

Turn this into an education opportunity with your teams. When you talk about AI adoption in your organization, make sure to also include an honest discussion of risk, including issues around team members using these AI tools without realizing what happens to the data behind the scenes.