Out of the shadows: How can vendors combat shadow AI?

Shadow AI is when employees use AI without it being sanctioned or monitored by their employer, and it’s a big problem for businesses, particularly as AI becomes more widely adopted and is used for more functions. It can come as a result of businesses banning the use of AI and employees using it anyway – one study showed that 45% of employees admitted to doing this – or from employees just preferring to use different tools to the ones their business ratifies. Multiple studies have been conducted on the scale of shadow AI, but one by Netskope last year found  60% of employees are using personal, unmanaged Generative AI apps, even as businesses roll out the use of enterprise-wide AI.

‍

As shadow AI becomes more problematic and prevalent, there is an opportunity for vendors supporting clients in detecting and managing shadow AI and, in doing so, ensuring their product is not a model used in secret, but one chosen by organizations; signed off by procurement as the tool of choice.

‍

The risks of shadow AI are significant. We know that AI can go wrong, and that significant consequences can occur when that happens. But when employees are using platforms that their companies don’t even know about and cannot monitor, those risks multiply. As well as the potential for inaccurate outputs and poor-quality work, it exposes employers to data leakages, in addition to regulatory and compliance weaknesses. For example, it makes it impossible for a business to provide a regulator with an audit trail of where and how data has been shared. In the event of a data breach, it could leave that business open to regulatory penalties, legal action and reputational damage. 

‍

At RAIDS, we’re working with vendors and developers of AI models to add a continuous monitoring layer, giving them a security seal that they can use as assurance of the safety of enterprise customers. We’re developing the RAIDS AI plugin, which will detect and flag shadow AI inside the enterprise. When an AI vendor has the plugin, RAIDS collaborates with the vendor to set a baseline for the product, enabling the plugin to monitor for shadow behavior or activities that deviate from the baseline. It runs in the background and triggers an alert when there’s any deviation, enabling the user organization to act before any damage is done. As a result, by partnering with us, vendors can ensure they have this built-in security layer, meaning their clients have peace of mind that the AI they’re deploying is being consistently monitored, and that any shadow AI activity can be detected.

‍

For vendors, this represents a significant commercial opportunity. Discussions around AI compliance, the EU AI Act and continuous stories of AI going rogue are pushing AI safety up the agenda. Businesses are waking up to the fact that they are responsible for what their AI does and that not implementing or ignoring AI is no longer an option. Now, they are looking for tools that have that safety layer built in; technology that they can trust to operate correctly and safely. Vendors that can demonstrate they’re covered by the RAIDS system, which will continuously monitor in the background for deviation and flag it before any harm can be done, are already miles ahead of competitors that can’t make that claim.

‍

It’s no longer enough to say you have a great AI model. You need to be able to say you have a great AI model that you can give assurance will operate safely.

Vendors – you can join RAIDS via AWS or get in touch to explore further.