we’ve been trying to define this internally for months and keep going in circles. we have a sanctioned tools list. ChatGPT enterprise is on it. Copilot is on it. a couple of other tools the business specifically requested and went through procurement. everything else is technically not approved. the problem is AI is now inside everything. we approved Notion last year, Notion now has an AI assistant built in. we approved Slack, Slack has AI summaries and a built in AI tool. we approved a project management platform it rolled out an AI feature in a product update without any announcement. none of these were evaluated as AI tools when we approved them. now they are and the data flowing through them is going to external models we never reviewed. and then there’s the browser extension problem. employees are installing AI extensions directly into Chrome. grammar tools, writing assistants, meeting summarizers, code helpers. some of them have permissions to read everything on every page. we found one extension that had been installed by about 60 people that had full read access to all browser content including internal tools, CRM data, support tickets. it wasn’t on anyone’s radar. the shadow AI surface area is just completely different from shadow IT. with shadow IT you could find things in network logs or cloud billing. shadow AI hides inside approved tools, inside browsers, inside IDEs. it doesn’t generate new accounts or new spend. it’s just quietly there moving data around. where are other teams drawing the line and how are you actually enforcing it in practice? submitted by /u/Constant-Angle-4777
Originally posted by u/Constant-Angle-4777 on r/ArtificialInteligence
You must log in or # to comment.