CYBERSECURITY
IT GOVERNANCE

The upcoming Wave: AI's Emergence as the New Shadow IT

Dec 13, 2023
12 min read
Contents
Text Link
Thousands (potentially tens of thousands) of Indie AI Apps are emerging. What are the risks?

a) The Challenge of AI in Cybersecurity

Similar to the historical emergence of SaaS shadow IT, the integration of AI poses a familiar challenge for Chief Information Security Officers (CISOs) and cybersecurity teams. Employees are discreetly incorporating AI into their workflows, often bypassing established IT and cybersecurity review processes. The rapid adoption of ChatGPT, accumulating 100 million users within 3 months with minimal marketing, signifies a growing demand for AI tools driven by employees.

b) Risks of Indie AI Tools

Joseph Thacker categorizes the risks associated with indie AI tools, highlighting areas such as data leakage, content quality issues, product vulnerabilities, and compliance risks. AI tools, especially those employing large language models, have extensive access to employee prompts, leading to potential leaks. Content quality issues arise from hallucinations in large language models, risking the publication of inaccurate information. Indie AI tools, developed by smaller entities, are more susceptible to product vulnerabilities and compliance risks, lacking mature privacy policies and adherence to industry standards.

c)  Linking Indie AI to Enterprise SaaS Applications

Employees seeking enhanced productivity through AI tools often progress to integrating AI with daily-used SaaS systems. Indie AI vendors actively encourage these connections within their products. However, this integration poses an increased vulnerability to backdoor attacks. As AI tools predominantly use OAuth access tokens for AI-to-SaaS connections, the continuous API-based communication granted to tools like AI scheduling assistants with platforms such as Slack, Gmail, and Google Drive can expose organizations to potential security risks.

These notes come from one of our favorite newspapers, The Hacker News

Kevin Smouts
Co-founder and CPO at Zygon. Kevin loves to share his views about Cybersecurity.
Need an access management security check up ?
Get your audit now

FAQ

All the questions you can have

No items found.