Shadow AI poses significant security and privacy risks as employees use AI tools without IT oversight, including public LLMs and SaaS applications. This use can lead to data breaches and compliance violations, as organizations cannot track sensitive data or protect it adequately. Banning these tools is ineffective and might increase hidden AI use. Instead, organizations should identify and approve AI tools while implementing safeguards, monitoring data flows, and training employees on risks. A proactive strategy is needed to balance security with the competitive advantages that AI provides.
https://www.infosecurity-magazine.com/news-features/shadow-ai-governance-cisos/