AI

AI enhances cybersecurity but complicates compliance and oversight. Automating tasks can lead to increased complexity, as seen when AI layered firewall rules, complicating audits. Federal agencies must demonstrate compliance, but AI's opaque logic challenges transparency and accountability. Solutions involve integrating independent auditing tools for clarity and validation alongside AI to maintain both efficiency and compliance. Federal leaders must ensure they have visibility into AI changes and validate compliance with regulations to mitigate risks.

https://federalnewsnetwork.com/commentary/2025/11/ai-is-solving-problems-its-also-creating/

TLDR: A recent UpGuard report reveals over 80% of employees, especially in healthcare and finance, use unapproved AI tools, with many trusting AI more than colleagues. Executives lead in usage, raising security concerns, as understanding AI risks correlates with increased unauthorized tool usage. Less than half of employees are aware of company AI policies, despite many recognizing data sharing issues.

https://www.cybersecuritydive.com/news/shadow-ai-employee-trust-upguard/805280/

Shadow AI poses significant security risks for companies due to unsanctioned use of AI tools, potentially leading to data leakage, compliance violations, and operational vulnerabilities. The rise of generative AI has prompted employees to adopt personal AI applications, often without IT oversight, which can expose sensitive information and introduce exploitative bugs. Organizations must recognize shadow AI's prevalence, enforce acceptable use policies, educate employees, and implement monitoring tools to mitigate risks while fostering productivity.

https://www.welivesecurity.com/en/business-security/shadow-ai-security-blind-spot/

The article warns that organizations are repeating cybersecurity’s historic mistakes with AI by treating quality assurance as an afterthought. Traditional software testing fails to catch many AI issues because AI systems behave unpredictably and can produce different results each time. Effective AI testing requires diverse human testers, specialized red teaming to identify behavioral flaws, and ongoing monitoring to detect new biases and failures as AI systems and societal contexts evolve. Relying solely on automated tools or conventional testing leaves organizations vulnerable to costly, sometimes silent AI failures that undermine trust and can have more severe consequences than past security breaches.

https://thenewstack.io/were-repeating-cybersecuritys-big-mistake-this-time-with-ai/

Citizen developers enhance productivity via AI automation but pose risks through unmanaged vulnerabilities, limited visibility, and compliance issues. Traditional security tools fail to monitor these automations effectively, leading to “security debt.” A structured approach that includes inventorying automations, enforcing least privilege access, and integrating security checks is essential to mitigate risks and maintain compliance while fostering innovation.

https://www.scworld.com/perspective/how-to-manage-the-growing-influence-of-citizen-developers