The rapid adoption of AI tools like ChatGPT and Microsoft Copilot in enterprises is outpacing cybersecurity teams’ ability to establish effective governance controls, exposing longstanding failures in how organizations implement security policies around operational workflows. Shadow AI—employees’ use of unauthorized AI tools to enhance productivity—highlights that restrictive policies alone are insufficient; sustainable governance requires aligning controls with actual work practices, providing approved, usable alternatives, and adopting a risk-based, ongoing operational approach rather than one-time policy enforcement. This shift is critical to managing AI-related risks without driving usage further outside organizational visibility.
https://www.infosecurity-magazine.com/opinions/shadow-ai-is-exposing-governance/