» COLUMN
SHADOW OF DOUBT Unsanctioned AI Is Undermining Your Organization’s Security Posture says Sascha Giese, Global Tech Evangelist, Observability, SolarWinds
other factors, not the least of which are security and compliance. So, let’s look at the risks of shadow AI and outline a multipronged approach to turn your team's AI enthusiasm from a security risk to a productivity driver.
What Is Shadow AI? The rise of Shadow AI mirrors the rapid adoption of consumer-friendly artificial intelligence tools in the workplace. With platforms offering writing, design, coding, research, and data analysis capabilities, employees are increasingly leveraging AI without formal approval from IT teams. This trend is driven by enthusiasm for AI’s potential: the SolarWinds IT Trends Report 2024 found that 56% of surveyed IT professionals want their organizations to invest more in AI, while 46% wish adoption would happen faster. However, as AI tools proliferate outside official oversight, organizations face growing security, compliance, and data privacy risks that must be addressed.
Sascha Giese Global Tech Evangelist, Observability, SolarWinds
A
I enthusiasm among Middle Eastern consumers rides high, with most now utilizing it as part of their daily routines. So much so that in its recent study, BCG found that 83% of Saudi respondents were aware of and using ChatGPT, which grew to 91% in the neighboring UAE. This is just one popular AI service; today, even "innocent" browsers have AI features capable of recording URLs and data. All this means is that today, regional employees can sometimes be a step ahead of their organizations when embracing AI. After all, employees are primarily concerned with getting the job done, while organizations need to consider many
34
CXO DX / MAY 2025
However, taking advantage of AI tools without pre-approval from your IT department can open up a world of risk. In the first instance, employees might accidentally download malicious applications, and sensitive material may inadvertently be revealed to third parties. After all, many of these AI applications are free to use, and by now, hopefully, all of us are familiar with the adage, “If it’s free, then you’re the product.” This concern has been highlighted in the weeks following the launch of DeepSeek’s R1 model, during which governments in the US, South Korea, Australia, Italy, and Taiwan all placed restrictions on its utilization, citing concerns about how user and usage data could be handled. The rise of shadow AI introduces significant risks beyond accidental malware downloads and data leaks. One primary concern is the potential for non-compliance with industry regulations and data protection laws. Unvetted AI applications may not adhere to necessary compliance standards, leading to unauthorized data processing and storage practices that violate legal requirements. Additionally, the lack of oversight in shadow AI usage can result in inconsistent data handling and decision-making processes, undermining the integrity of business operations and leading to unreliable outcomes.