@Early_Adopter   Don't forget the API gateway as well.

 

Regards

 

Caute_Cautim

@Early_Adopter    Here is a definition for Shadow AI:  Shadow AI represents the hidden, uncontrolled frontier of AI usage within organizations, bringing both opportunities for individual productivity and challenges for corporate governance and risk management.

 

Forbes also did a piece on it on 31st October 2023:  https://www.forbes.com/sites/delltechnologies/2023/10/31/what-is-shadow-ai-and-what-can-it-do-about-...

 

CIO.com did a piece too:  https://www.cio.com/article/648969/shadow-ai-will-be-much-worse-than-shadow-it.html

 

2021.AI did a short piece on it too:  https://2021.ai/shadow-ai-impact-deploying-ai/

 

Plenty of explanations available.

 

Regards

 

Caute_Cautim

That’s what the CASB is for API into the service and application aware forward/reverse proxy to the service - if you want a special, sure knock yourself out but all the SASE vendors are crawling over themselves to ‘do’ GenAI traffic with ZTNA, mirrored gateways etc. data you app send out can’t be decrypted, parsed and inspected? “Sorry, computer says no.”

Anyway when you commission a service in most regulated industries you’ll probably need to define the traffic you send down to the data element At some point and the vendor will undertake to not go beyond that - your internal audit reminding you and your internal data flows should all be mapped.

If your applications are sending data out without full instrumentation and oversight, fix it, its probably just a matter of time before it’s over.

Yes the article at the top looks like it may have used shadow AI to generate its definition of Shadow IT:

“What is Shadow IT?

For those unfamiliar with Shadow IT, these are often code snippets, libraries, solutions, products, services, and apps on managed devices that lurk outside the oversight of corporate, nonprofit, and government IT departments. Shadow IT can threaten an organization's cybersecurity, privacy, and data confidentiality. For example, they increase the likelihood of data breaches and ransomware infiltrating the corporate network, often costing the organization more than $1m for each incident, according to the Verizon 2023 Data Breach Incident Report.”

Whilst it’s Shadow AI definition fits Shadow IT perfectly:

“ What is Shadow AI?

Shadow AI refers to the AI systems, solutions, and services used or developed within an organization without explicit organizational approval or oversight.”

Succinct, elegant and natural.

HI @Early_Adopter    I enjoy these debates by the way:

 

The definition of Shadow IT can be described as: