The upcoming Wave: AI's Emergence as the New Shadow IT

The upcoming Wave: AI's Emergence as the New Shadow IT
Thousands (potentially tens of thousands) of Indie AI Apps are emerging. What are the risks?

a) The Challenge of AI in Cybersecurity

Similar to the historical emergence of SaaS shadow IT, the integration of AI poses a familiar challenge for Chief Information Security Officers (CISOs) and cybersecurity teams. Employees are discreetly incorporating AI into their workflows, often bypassing established IT and cybersecurity review processes. The rapid adoption of ChatGPT, accumulating 100 million users within 3 months with minimal marketing, signifies a growing demand for AI tools driven by employees.

b) Risks of Indie AI Tools

Joseph Thacker categorizes the risks associated with indie AI tools, highlighting areas such as data leakage, content quality issues, product vulnerabilities, and compliance risks. AI tools, especially those employing large language models, have extensive access to employee prompts, leading to potential leaks. Content quality issues arise from hallucinations in large language models, risking the publication of inaccurate information. Indie AI tools, developed by smaller entities, are more susceptible to product vulnerabilities and compliance risks, lacking mature privacy policies and adherence to industry standards.

c)  Linking Indie AI to Enterprise SaaS Applications

Employees seeking enhanced productivity through AI tools often progress to integrating AI with daily-used SaaS systems. Indie AI vendors actively encourage these connections within their products. However, this integration poses an increased vulnerability to backdoor attacks. As AI tools predominantly use OAuth access tokens for AI-to-SaaS connections, the continuous API-based communication granted to tools like AI scheduling assistants with platforms such as Slack, Gmail, and Google Drive can expose organizations to potential security risks.

These notes come from one of our favorite newspapers, The Hacker News

Let's get you started

If SaaS Security is a relevant topic for you and your team, we want to hear from you. Let's schedule a demo together and discuss your current challenges securing the hundreds of apps used by your team.

Prefer to send an email directly? No problem! You can reach us at contact at zygon.tech Whether you have questions, suggestions, or just want to say hello, we're here to respond promptly to your emails.

"Zygon is going to improve our overall security posture by inventorying and controlling 90% of SaaS that usually remain uncovered by Security Teams."
Arnaud, CISO,  Large Global Group

More articles

Continue reading with these posts...