What Lurks in the Dark: Taking Aim at Shadow AI

Security teams are confronting a new nightmare this Halloween season: the rise of generative artificial intelligence. Generative AI tools have unleashed a new era of terror for chief information security officers, from powering deepfakes that are nearly indistinguishable from reality to creating sophisticated phishing emails that seem startlingly authentic to access logins and steal identities. The generative AI horror show goes beyond identity and access management, with vectors of attack that range from smarter ways to infiltrate code to exposing sensitive proprietary data. According to a survey from The Conference Board, 56% of employees are using generative AI at work, but just 26% say their organization has a generative AI policy in place. While many companies are trying to implement limitations around using generative AI at work, the age-old search for productivity means that an alarming percentage of employees are using AI without IT's blessing or thinking about potential repercussions. After some employees entered sensitive company information onto ChatGPT, Samsung banned its use as well as that of similar AI tools. Now, as generative AI evolves so quickly that CISOs can't fully understand what they're fighting against, a frightening new phenomenon is emerging: shadow AI. From Shadow IT to Shadow AI There is a fundamental tension between IT teams, which want control over apps and access to sensitive data in order to protect the company, and employees, who will always seek out tools that help them get more work done faster. Despite countless solutions on the market taking aim at shadow IT by making it more difficult for workers to access unapproved tools and platforms, more than three in 10 employees reported using unauthorized communications and collaboration tools last year. Generative AI can add another scary dimension to this predicament when tools accumulate sensitive company data that, when exposed, could damage corporate reputation. Mindful of these threats, in addition to Samsung, many employers are limiting access to powerful generative AI tools. At the same time, employees are hearing time and time again that they'll fall behind without using AI. Without solutions to help them stay ahead, workers are doing what they'll always do - taking matters into their own hands and using the solutions they need to deliver, with or without IT's permission. So it's no wonder that the Conference Board found that more than half of employees are already using generative AI at work - permitted or not. Performing a Shadow AI Exorcism For organizations confronting widespread shadow AI, managing this endless parade of threats may feel like trying to survive an episode of The Walking Dead. And with new AI platforms continually emerging, it can be hard for IT departments to know where to start. There are time-tested strategies that IT leaders and CISOs can implement to root out unauthorized generative AI tools and scare them off before they begin to possess their companies. Businesses can benefit by proactively providing their workers with useful AI tools that help them be more productive but can also be vetted, deployed, and managed under IT governance. By offering secure generative AI tools and putting policies in place for the type of data uploaded, organizations demonstrate to workers that the enterprise is investing in their success. Many workers simply don't understand that using generative AI can put their company at tremendous financial risk. Alarmingly, security professionals are more likely than other workers to say they work around their company's policies when trying to solve their IT problems. Shadow AI is haunting businesses, and it's essential to ward it off. These will help them seize the transformative business value of generative AI without falling victim to the security breaches it will continue to introduce.

This Cyber News was published on www.darkreading.com. Publication date: Thu, 30 Nov 2023 23:19:27 +0000


Cyber News related to What Lurks in the Dark: Taking Aim at Shadow AI

Shadow AI poses new generation of threats to enterprise IT - Unsanctioned AI, also known as shadow AI, poses even more challenges. Shadow AI is just like every other stripe of shadow IT - unsanctioned technology that corporate employees deploy ad hoc and use in ways unknown to or hidden from an organization's ...
8 months ago Techtarget.com
How to Eliminate Shadow IT and Achieve a Secure SaaS Environment in 2023 - The prevalence of Shadow IT has grown exponentially over the years, with most organizations being unaware of the security risks of unauthorized cloud applications. Shadow IT is any application or cloud service being used by employees for business ...
1 year ago Thehackernews.com
What Lurks in the Dark: Taking Aim at Shadow AI - Security teams are confronting a new nightmare this Halloween season: the rise of generative artificial intelligence. Generative AI tools have unleashed a new era of terror for chief information security officers, from powering deepfakes that are ...
10 months ago Darkreading.com
Tracking Everything on the Dark Web Is Mission Critical - COMMENTARYOne of the standard cybersecurity tools today is to relentlessly check the Dark Web - the preferred workplace for bad guys globally - for any hints that your enterprise's secrets and other intellectual property have been exfiltrated. It ...
6 months ago Darkreading.com
CVE-2021-47553 - In the Linux kernel, the following vulnerability has been resolved: sched/scs: Reset task stack state in bringup_cpu() To hot unplug a CPU, the idle task on that CPU calls a few layers of C code before finally leaving the kernel. When KASAN is in ...
4 months ago Tenable.com
Aim Security Raises $10M to Secure Generative AI Enterprise Adoption - PRESS RELEASE. TEL AVIV, Israel-(BUSINESS WIRE)-Aim Security, an Israeli cybersecurity startup offering enterprises a holistic, one-stop shop GenAI security platform, today announced $10 million in seed funding. Aim Security was founded by ...
8 months ago Darkreading.com
Cybercrime Groups Offering Six-Figure Salaries for IT Talents - Increasingly, organized crime organizations are operating as businesses rather than criminal organizations, advertising jobs on the dark web with a number of advantages for members. A recent Kaspersky study found that 61% of job ads posted by hacking ...
1 year ago Cybersecuritynews.com
Best of 2023: Combo Lists & the Dark Web: Understanding Leaked Credentials - In today's interconnected, cloud-based world, user credentials are the keys that grant entry to the house that stores an organization's digital treasure. Just as burglars pick the lock on a physical house, cybercriminals use stolen credentials to ...
9 months ago Securityboulevard.com
Mozilla Firefox's Premium Dark Web Monitoring Solution - Mozilla, renowned for its commitment to an open and secure internet, has recently made a strategic foray into unexplored realms with the introduction of a subscription-based dark web monitoring service. This bold move signifies the organization's ...
7 months ago Cysecurity.news
Employee Use of 'Shadow IT' Elevates Cyber Attack Risks for Indian Firms - In India, a recent report indicates that approximately 89% of companies faced cyber incidents within the past two years. Alarmingly, 20% of these breaches were attributed to the utilization of shadow IT, as per findings from a study. This surge in ...
9 months ago Cysecurity.news
Target Says Data Sold on Dark Web Is Outdated, Likely Released by Third Party - In a recent incident, retail giant Target reported that a subset of customer credit card data sold on the 'dark web' appears to be outdated and likely to have been from a third-party data security breach. ...
1 year ago Therecord.media
Report: Developers are most in demand on dark web - Hacker gangs often operate like businesses - they have salaries, working hours, clients and employees. To compete in a growing market, they are constantly looking for new talent with better skill sets, and they often use the same methods as ...
1 year ago Therecord.media
Dark Reading Debuts Fresh New Site Design - Here are some adjectives the Dark Reading team used to describe our revamped site that went live today: Elegant. The process almost always winds up injecting new life and fresh purpose into your mission, and that's what we've accomplished with Dark ...
10 months ago Darkreading.com
The Rising Tide of Cybercrime as A Service - Welcome to the era of Cybercrime as a Service, or CaaS, which, quite alarmingly, is like an online marketplace for cybercriminals and their services. Now, anyone with an internet connection and a chip on their shoulder - an unhappy customer, a ...
9 months ago Cyberdefensemagazine.com
CVE-2022-42332 - x86 shadow plus log-dirty mode use-after-free In environments where host assisted address translation is necessary but Hardware Assisted Paging (HAP) is unavailable, Xen will run guests in so called shadow mode. Shadow mode maintains a pool of memory ...
8 months ago
New Report: 85% Firms Face Cyber Incidents, 11% From Shadow IT - Over the past two years, 85% of companies globally have experienced cyber incidents, with 11% attributed to the unauthorized use of shadow IT. The figures originate from a recent study conducted by cybersecurity company Kaspersky, exposing a ...
9 months ago Infosecurity-magazine.com
Cybercrime Groups Offer Up to $20K/Month Jobs on the Dark Web - Cybercrime groups are increasingly running their operations as a business, promoting jobs on the dark web that offer developers and hackers competitive monthly salaries, paid time off, and paid sick leaves. In a new report by Kaspersky, which ...
1 year ago Bleepingcomputer.com
Understanding the Seizure of Dark Web Sites Linked to the Hive Ransomware - Recently, law enforcement seized several dark web sites linked to the Hive ransomware. The Hive ransomware is a potent form of malware that cybercriminals use to target organizations and individual computer users in order to demand a ransom for ...
1 year ago Bleepingcomputer.com
CVE-2023-34322 - For migration as well as to work around kernels unaware of L1TF (see ...
9 months ago
Zombie APIs: The Scariest Threat Lurking in The Shadows? - Designed to rapidly and seamlessly connect consumers and businesses to vital data and services, APIs power modern enterprises and applications. APIs are constantly in action, working in the background for when consumers finally book that dream ...
8 months ago Cyberdefensemagazine.com
Asia-Focused Dark Web Threat Intelligence Startup StealthMole Raises $7 Million - StealthMole, a startup providing dark web threat intelligence focused on the Asian region, has raised $7 million in Series A funding. The investment round was led by Korea Investment Partners, with additional support from Hibiscus Fund and Smilegate ...
5 months ago Securityweek.com
Hundreds of Network Operators' Credentials Compromised on Dark Web - Leaked creds of RIPE, APNIC, AFRINIC, and LACNIC are available on the Dark Web. After doing a comprehensive scan of the Dark Web, Resecurity discovered that info stealer infections had compromised over 1,572 customers of RIPE, the Asia-Pacific ...
8 months ago Cysecurity.news
CVE-2007-3832 - Buffer overflow in the AOL Instant Messenger (AIM) protocol handler in AIM.DLL in Cerulean Studios Trillian allows remote attackers to execute arbitrary code via a malformed aim: URI, as demonstrated by a long URI beginning with the aim:///#1111111/ ...
7 years ago
St. Lucie County Tax Collector Hacked by Ransomware Attacker 'Dark Cat' - Fort Pierce - Thursday November 16, 2023: A ransomware attack on the St. Lucie County Tax Collector was the initial cause of the network crash that has disrupted county internet services for the past two weeks. Tax Collector Chris Craft says no ...
10 months ago Wqcs.org
Why Infostealers are Stealing the Security Spotlight - The threat from Malware continues to escalate with infostealers, an increasingly popular variant. Research found that 24% of malware is now infostealers, and it's now one of the most popular topics on the cybercriminal underground. The malicious ...
10 months ago Cybersecurity-insiders.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)