What is ‘Shadow AI’ and Why Does It Create Security Risks?

GenAI tools, such as ChatGPT, can make your job easier by automating many routine tasks. Unfortunately, those tools can also make the IT team’s job harder.

Using publicly available GenAI tools without IT’s knowledge is called “Shadow AI,” and it can create serious security threats. Hackers are constantly looking to steal information that is entered into GenAI prompts. The information you enter can also be used to train the AI model so that it becomes part of the model’s output. Your company faces the risk of information exposure and may also be in violation of laws regulating the use of personal data in AI algorithms.

Shadow AI Security Risks for Businesses in Midland Texas

Shadow AI is a growing threat in companies of all sizes. In a recent TELUS Digital survey, more than two-thirds of workers who use GenAI admitted to using publicly available tools. More than half admitted to entering sensitive information into them. Almost a third did so in violation of company policies prohibiting the entry of sensitive information into GenAI tools.

Read your company’s GenAI policy carefully before using publicly available tools. If the policy prohibits their use, be sure to abide by that ban. Ask your IT team if the company has adopted any GenAI tools that you can safely use. If there are not any, suggest ways that GenAI could help you do your job better.

If your company permits the use of GenAI, or if you are using it at home, there are ways to do so safely and effectively.

  • Keep private data private. Assume that anything you enter in the GenAI prompt could be exposed. Avoid entering any sensitive data and use the tool’s settings to opt out of data collection.

  • Provide clear instructions. While GenAI tools can seem conversational, they struggle to understand sarcasm, hyperbole, or other non-literal references. Provide the GenAI tool with explicit instructions and you will get more accurate and relevant output.

  • Double-check the output. AI systems often “hallucinate,” meaning they generate false information that sounds plausible. Double-check the output by cross-referencing with trusted sources or ask the model again using different wording.

  • Use GenAI for the right tasks. GenAI is great for drafting emails, finding information quickly, or jumpstarting creativity. However, it is not good for tasks requiring nuanced judgment, complex decision-making, or high levels of precision, and may perpetuate or amplify biases present in training data.

BlogJack CohlmiaShadow AI, Cybersecurity, Security