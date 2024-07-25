Security

Internet

See all Internet

IT

See all IT

Mobile Tech

See all Mobile Tech

Security

See all Security

Technology

See all Technology

Newsletters

See all Newsletters

Surge in ‘Shadow AI’ Accounts Poses Fresh Risks to Corporate Data

cybersecurity team in systems control room

The growing use of artificial intelligence in the workplace is fueling a rapid increase in data consumption, challenging the corporate ability to safeguard sensitive data.

A report released in May from data security firm Cyberhaven, titled “The Cubicle Culprits,” sheds light on AI adoption trends and their correlation to heightened risk. Cyberhaven’s analysis drew on a dataset of usage patterns from three million workers to assess AI adoption and its implications in the corporate environment.

The rapid rise of AI mimics previous transformative shifts, such as the internet and cloud computing. Just as early cloud adopters navigated new challenges, today’s companies must contend with the complexities introduced by widespread AI adoption, according to Cyberhaven CEO Howard Ting.

“Our research on AI usage and risks not only highlights the impact of these technologies but also underscores the emerging risks that could parallel those encountered during significant technological upheavals in the past,” he told TechNewsWorld.

Findings Suggest Alarm Over Potential for AI Abuses

The Cubicle Culprits report reveals the rapid acceleration of AI adoption in the workplace and use by end users that outpaces corporate IT. This trend, in turn, fuels risky “shadow AI” accounts, including more types of sensitive company data.

Products from three AI tech giants — OpenAI, Google, and Microsoft — dominate AI usage. Their products account for 96% of AI usage at work.

According to the research, workers worldwide entered sensitive corporate data into AI tools, increasing by an alarming 485% from March 2023 to March 2024. We are still early in the adoption curve. Only 4.7% of employees at financial firms, 2.8% in pharma and life sciences, and 0.6% at manufacturing firms use AI tools.

A significant 73.8% of ChatGPT usage at work occurs through non-corporate accounts. Unlike enterprise versions, these accounts incorporate shared data into public models, posing a considerable risk to sensitive data security,” warned Ting.

“A substantial portion of sensitive corporate data is being sent to non-corporate accounts. This includes roughly half of the source code [50.8%], research and development materials [55.3%], and HR and employee records [49.0%],” he said.

Data shared through these non-corporate accounts are incorporated into public models. The percentage of non-corporate account usage is even higher for Gemini (94.4%) and Bard (95.9%).

AI Data Hemorrhaging Uncontrollably

This trend indicates a critical vulnerability. Ting said that non-corporate accounts lack the robust security measures to protect such data.

AI adoption rates are rapidly reaching new departments and use cases involving sensitive data. Some 27% of data that employees put into AI tools is sensitive, up from 10.7% a year ago.

For example, 82.8% of legal documents employees put into AI tools went to non-corporate accounts, potentially exposing the information publicly.

Ting cautioned that including patented material in content generated by AI tools poses increasing risks. Source code insertions generated by AI outside of coding tools can create the risk of vulnerabilities.

Some companies are clueless about stopping the flow of unauthorized and sensitive data exported to AI tools beyond IT’s reach. They rely on existing data security tools that only scan the data’s content to identify its type.

“What’s been missing is the context of where the data came from, who interacted with it, and where it was stored. Consider the example of an employee pasting code into a personal AI account to help debug it,” offered Ting. “Is it source code from a repository? Is it customer data from a SaaS application?”

Controlling Data Flow Is Possible

Educating workers about the data leakage problem is a viable part of the solution if done correctly, assured Ting. Most companies have rolled out periodic security awareness training.

“However, the videos workers have to watch twice a year are soon forgotten. The education that works best is correcting bad behavior immediately in the moment,” he offered.

Cyberhaven found that when workers receive a popup message coaching them during risky activities, like pasting source code into a personal ChatGPT account, ongoing bad behavior decreases by 90%,” said Ting.

His company’s technology, Data Detection and Response (DDR) understands how data moves and uses that context to protect sensitive data. The technology also understands the difference between a corporate and personal account for ChatGPT.

This capability enables companies to enforce a policy that blocks employees from pasting sensitive data into personal accounts while allowing that data to flow to enterprise accounts.

Surprising Twist in Who’s at Fault

Cyberhaven analyzed the prevalence of insider risks based on workplace arrangements, including remote, onsite, and hybrid. Researchers found that a worker’s location impacts the data spread when a security incident occurs.

“Our research uncovered a surprising twist in the narrative. In-office employees, traditionally considered the safest bet, are now leading the charge in corporate data exfiltration,” he revealed.

Counterintuitively, office-based workers are 77% more likely than their remote counterparts to exfiltrate sensitive data. However, when office-based workers log in from offsite, they are 510% more likely to exfiltrate data than when onsite, making this the riskiest time for corporate data, according to Ting.

Jack M. Germain

Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Related Stories
policymakers discussing guidance for artificial intelligence
Think Tank Issues Guidance for AI Policymakers
May 22, 2024
tech executives planning for generative AI
AI Forcing Many Companies To Rethink Their Data-Crunching Ways
April 30, 2024
Generative AI in business
Experts Say Workplace AI Bans Won’t Work
August 16, 2023
More by Jack M. Germain
view all
Panasonic ET FMP50 Series Media Processor live setting
AV Tech Innovations Transforming Higher Education
July 19, 2024
Acer Chromebook Plus 516 GE
Acer Chromebook Plus 516 GE Redefines Gaming Style, Computing Performance
July 9, 2024
cybercrime hackers
Bring Your Own AI to Work Creates a Field Day for Cyberattackers
July 8, 2024
Bridgewater State University Cyber Range
Bridgewater State Cybersecurity Program Sets Bar for Applied Training
June 10, 2024
Post-Open Licensing Could Offer Software Devs Funding Alternatives
May 7, 2024
project management software solutions
CoordinateHQ Takes the Noise Out of Project Management Systems
May 3, 2024
Generative AI in business
How To Leverage Gen AI Without Losing the Corporate Shirt
April 16, 2024
Diverse group of young colleagues making decision to buy a personal computer for business
Business Buyer’s Guide for a Better PC Purchase
April 11, 2024
browser security to secure the enterprise
Menlo Secure Cloud Browser Enables a Safer Enterprise Workspace
February 20, 2024
mobile app security
Mobile Security Firms Fortify Defenses as App Attacks Accelerate
February 5, 2024
More in Security
student and parent using computer
Balance, Not Mandates, Needed To Keep Kids Safe Online: Report
June 4, 2024
Noorio B310 wireless home security camera with 2K resolution: review
Noorio B310 AI-Powered Camera Spotlights Better Outdoor Security
October 13, 2023
tech innovation
The Magic Presented at HP Imagine 2023
October 9, 2023
opne source vulnerabilities
Qualys Discovers Critical Linux Flaw ‘Looney Tunables’
October 4, 2023
More Linux Malware Means More Linux Monitoring
September 15, 2023
Atlas VPN Linux Leak Exposes Users’ IP Addresses
September 7, 2023
passwordless computing
The Realities of Switching to a Passwordless Computing Future
September 5, 2023
When Betting on Linux Security, Look at the Big Picture
August 28, 2023
robocall incoming on a smartphone
Researchers Reveal Method To Stifle Malicious Robocalls
August 10, 2023
Winees L1 2K solar-powered security camera
Winees L1 2K Solar Security Camera Has Good Performance, Flawed App
July 20, 2023

How much has the July 18 global tech outage affected you?
Loading ... Loading ...

Technewsworld Channels

Applications

Applications

Apple Goes All-In on a Privacy-Based AI Experience

Audio/Video

Audio/Video

Compelling New Headphones From Heavys and Sonos

Chips

Chips

Intel Announces New Tech To Battle in AI Market

Computing

Computing

Acer Chromebook Plus 516 GE Redefines Gaming Style, Computing Performance

Cybersecurity

Cybersecurity

Bring Your Own AI to Work Creates a Field Day for Cyberattackers

Data Management

Data Management

Brute Force Password Cracking Takes Longer, But Celebration May Be Premature

Developers

Developers

Post-Open Licensing Could Offer Software Devs Funding Alternatives

Emerging Tech

Emerging Tech

AI-Powered Robot Aims To Slash Cost of E-Commerce Deliveries

Exclusives

Exclusives

More Linux Malware Means More Linux Monitoring

Gaming

Gaming

Next-Generation Wi-Fi 7 Standard Expected To Be Finalized in Early 2024

Hacking

Hacking

Cat-Phishing, Living-Off-The-Land, Fake Invoices Top Q1 Cyberthreats: Report

Hardware

Hardware

The Copilot+ PCs Arrive: My Initial Impressions

Health

Health

SevaCare Blood Pressure Monitor Offers Affordable Home Health Assurance

Home Tech

Home Tech

For Infineon, AI Is the Key to IoT’s Potential

How To

How To

Upgrading to Ubuntu 24.04 LTS Noble Numbat: Step-by-Step Guide

Internet of Things

Internet of Things

AI, IoT, Quantum Security Among Top 10 Emerging Technologies: Forrester

IT Leadership

IT Leadership

Our Entire Approach to AI Is Flawed

Malware

Malware

Mobile Security Firms Fortify Defenses as App Attacks Accelerate

Mobile Apps

Mobile Apps

Balance, Not Mandates, Needed To Keep Kids Safe Online: Report

Operating Systems

Operating Systems

Windows 10 End of Life Could Flood Landfills With E-Waste

Privacy

Privacy

Mozilla Waves Red Flag Over Data Hungry Dating Apps

Reviews

Reviews

Beatbot AquaSense Pro: Just in Time for Summer, the Ultimate Robot Pool Cleaner

Science

Science

AI-Powered Software Offers Breakthrough for Treating Dyslexia

Search Tech

Search Tech

AI-Enhanced Searches May Pose Threat to Creators, Publishers

Servers

Servers

Disorganization, Not Cost, Fuels the IT E-Waste Crisis

Smartphones

Smartphones

Pundit Predicts Apple AI Will Be Bound to iPhone, Analysts React

Social Networking

Social Networking

Tech Coalition Launches Initiative To Crackdown on Nomadic Child Predators

Space

Space

Amazon’s Competitor to Musk’s Starlink Takes Critical Step Toward Deployment

Spotlight Features

Spotlight Features

How To Leverage Gen AI Without Losing the Corporate Shirt

Tablets

Tablets

Apple Muscles Up iPad Pro With M4 Silicon and Tandem OLED Display

Tech Buzz

Tech Buzz

How Apple Outperformed Google and Microsoft in AI Rollout

Tech Law

Tech Law

The Case Against Noncompete Agreements

Transportation

Transportation

Charging Station Software Essential to Sustainable EV Growth

Virtual Reality

Virtual Reality

Vision Pro Revives One-and-Done App Purchases

Wearable Tech

Wearable Tech

Apple Vision Pro Impressions: One Week Later

Women In Tech

Women In Tech

‘Women Don’t Play’ Confronts Gender Disparity in the Tech Industry

More from ECT News Network

E-Commerce Times

AI-Powered Robot Aims To Slash Cost of E-Commerce Deliveries
AI-Powered Robot Aims To Slash Cost of E-Commerce Deliveries
July 24, 2024
Solving the Profitability Challenge in Cross-Border E-Commerce
Solving the Profitability Challenge in Cross-Border E-Commerce
July 17, 2024
Amazon Sellers Gain Insight From Free Prime Day Playbook
Amazon Sellers Gain Insight From Free Prime Day Playbook
June 21, 2024

LinuxInsider

Wolfi Linux Might Be the Next Cloud Security Savior
Wolfi Linux Might Be the Next Cloud Security Savior
July 18, 2024
Enhancing Web Performance With Nginx Load Balancing on Linux Systems
Enhancing Web Performance With Nginx Load Balancing on Linux Systems
July 9, 2024
Essential Tips for Reliable Linux Backups
Essential Tips for Reliable Linux Backups
June 25, 2024

CRM Buyer

Coveo Report Reveals AI Search Enriches Customer Engagement
Coveo Report Reveals AI Search Enriches Customer Engagement
July 23, 2024
Next-Gen Super Bots Built To Enhance Customer Communications
Next-Gen Super Bots Built To Enhance Customer Communications
July 15, 2024
Negative Online Experiences Drive Customers To Competitors: Study
Negative Online Experiences Drive Customers To Competitors: Study
June 25, 2024