The speed of AI adoption is unlike any tech shift we’ve seen before. While the transition to SaaS and BYOD took years, AI has integrated into the enterprise in  months, often moving faster than security teams can track.

‍

Jeremy joined the Security Weekly team to talk about AI governance and navigating the current AI landscape in regards to Shadow IT, employee privacy, and more.

AI Governance and Visibility

The integration of AI into enterprise workflows has created a “visibility gap” faster than previous technology shifts like SaaS or BYOD.

• The Problem: Organizations are deploying more attack surface in 12 months than they did in the previous decade, often without security team oversight.
• API-Centric Security: Since almost all AI traffic travels via APIs, API observability is the best way to gain visibility. This allows teams to inspect payloads for sensitive data leakage.
• User vs. App Monitoring: Monitoring should be split into two streams:
  1. Employee Usage: Protecting against data leakage (e.g., staff pasting PII into ChatGPT).
  2. Application Security: Ensuring internal AI bots don’t hallucinate or fall victim to prompt injection.
• Privacy Concerns: There is a significant cultural divide between the US and Europe regarding employee monitoring, requiring tools that can redact or encrypt prompts to satisfy GDPR-style privacy expectations.