Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Caute_cautim
Community Champion
‎12-12-2023 06:01 PM
‎12-12-2023 06:01 PM

The existence of Shadow AI

Hi All

 

Why should we care about Shadow AI, this piece explains why we should be very worried and that we need to understand and counter this issue now.

 

https://www.techpolicy.press/beware-the-emergence-of-shadow-ai/

 

Regards

 

Caute_Cautim

Reply
6 Replies
Early_Adopter
Community Champion
‎12-12-2023 06:40 PM
‎12-12-2023 06:40 PM

That’s a terrible definition of Shadow IT… because the better one has been purloined to define Shadow AI.

It’s never code snippets it’s always a complete service or there is significantly less benefit in using it…

Luckily the vast majority of this stuff is web delivered so set your proxy, CASB and DLP to parent data going to anything but those services that you vet, approve and commission. This policy should be relatively easy as these are categorised and to be usable you should be paying for the service.

Monitor efficacy and do meet every quarter on the progress.
Reply
0 Kudos
Caute_cautim
Community Champion
‎12-12-2023 08:18 PM
‎12-12-2023 08:18 PM

@Early_Adopter   Don't forget the API gateway as well.

 

Regards

 

Caute_Cautim

Reply
0 Kudos
Caute_cautim
Community Champion
‎12-12-2023 08:29 PM
‎12-12-2023 08:29 PM

@Early_Adopter    Here is a definition for Shadow AI:  Shadow AI represents the hidden, uncontrolled frontier of AI usage within organizations, bringing both opportunities for individual productivity and challenges for corporate governance and risk management.

 

Forbes also did a piece on it on 31st October 2023:  https://www.forbes.com/sites/delltechnologies/2023/10/31/what-is-shadow-ai-and-what-can-it-do-about-...

 

CIO.com did a piece too:  https://www.cio.com/article/648969/shadow-ai-will-be-much-worse-than-shadow-it.html

 

2021.AI did a short piece on it too:  https://2021.ai/shadow-ai-impact-deploying-ai/

 

Plenty of explanations available.

 

Regards

 

Caute_Cautim

Reply
0 Kudos
Early_Adopter
Community Champion
‎12-12-2023 08:36 PM
‎12-12-2023 08:36 PM

That’s what the CASB is for API into the service and application aware forward/reverse proxy to the service - if you want a special, sure knock yourself out but all the SASE vendors are crawling over themselves to ‘do’ GenAI traffic with ZTNA, mirrored gateways etc. data you app send out can’t be decrypted, parsed and inspected? “Sorry, computer says no.”

Anyway when you commission a service in most regulated industries you’ll probably need to define the traffic you send down to the data element At some point and the vendor will undertake to not go beyond that - your internal audit reminding you and your internal data flows should all be mapped.

If your applications are sending data out without full instrumentation and oversight, fix it, its probably just a matter of time before it’s over.
Reply
0 Kudos
Early_Adopter
Community Champion
‎12-12-2023 08:43 PM
‎12-12-2023 08:43 PM

Yes the article at the top looks like it may have used shadow AI to generate its definition of Shadow IT:

“What is Shadow IT?

For those unfamiliar with Shadow IT, these are often code snippets, libraries, solutions, products, services, and apps on managed devices that lurk outside the oversight of corporate, nonprofit, and government IT departments. Shadow IT can threaten an organization's cybersecurity, privacy, and data confidentiality. For example, they increase the likelihood of data breaches and ransomware infiltrating the corporate network, often costing the organization more than $1m for each incident, according to the Verizon 2023 Data Breach Incident Report.”

Whilst it’s Shadow AI definition fits Shadow IT perfectly:

“ What is Shadow AI?

Shadow AI refers to the AI systems, solutions, and services used or developed within an organization without explicit organizational approval or oversight.”

Succinct, elegant and natural.

Reply
0 Kudos
Caute_cautim
Community Champion
‎12-12-2023 09:42 PM
‎12-12-2023 09:42 PM

HI @Early_Adopter    I enjoy these debates by the way:

 

The definition of Shadow IT can be described as:

 
Shadow IT is the use of IT-related hardware or software by a department or individual without the knowledge of the IT or security group within the organization. It can encompass cloud services, software, and hardware. The main area of concern today is the rapid adoption of cloud-based services.
 
I think this is distinctly different from the Shadow AI definition:
 
Shadow AI represents the hidden, uncontrolled frontier of AI usage within organizations, bringing both opportunities for individual productivity and challenges for corporate governance and risk management.
 
Which would mean the uncontrolled use of AI tools without authorisation within an organisation, which could result in organisational IP being disseminated out of the organisation without managements actual knowledge.  Which would result in the loss of IP, corporate knowledge and potentially share information unintentionally with competitors or the dark side, seeking greater understanding of the internal workings of the company.
 
I guess the issue, is keeping it in context with a meaningful comparison, and ensuring both are fully understood.
 
Regards
 
Caute_Cautim
Reply
0 Kudos