Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools – TechNewsWorld

By Jesse 0 Comment

Beyond ChatGPT: Shadow AI Risks Lurk in SaaS Tools – TechNewsWorld

Uncategorized


Unapproved use of ChatGPT and other generative AI tools is creating a growing cybersecurity blind spot for businesses. As employees adopt these technologies without proper oversight, they may inadvertently expose sensitive data — yet many managers still underestimate the risk and delay implementing third-party defenses.
This type of unsanctioned technology use, known as shadow IT, has long posed security challenges. Now, its AI-driven counterpart — shadow AI — is triggering new concerns among cybersecurity experts.
Melissa Ruzzi, director of AI at SaaS security firm AppOmni, says AI can analyze and extract far more information from data, making it more dangerous than traditional shadow IT.
“In most cases, broader access to data is given to AI compared to shadow IT so that AI can perform its tasks. This increases the potential exposure in the case of a data breach,” she told TechNewsWorld.
Employees’ rogue use of AI tools presents unique security risks. If the AI models access an organization’s sensitive data for model training or internal research, that information can unintentionally become public. Malicious actors can also obtain private details through model vulnerabilities.
Ruzzi noted that employees encounter various forms of shadow AI, including GenAI tools, AI-powered meeting transcriptions, coding assistants, customer support bots, data visualization engines, and AI features within CRM systems.
Ruzzi emphasized that the lack of security vetting makes shadow AI particularly risky, as some models may use company data without proper safeguards, fail to comply with regulations, and store information at insufficient security levels.
Ruzzi added that Shadow AI emerging from unapproved GenAI tools presents the most immediate and significant security threat. It often lacks oversight, security protocols, and governance.
However, effectively identifying and managing this “hidden” shadow AI in any form has potential security implications. Organizations should invest in a powerful security tool, like ChatGPT, that can go beyond detecting direct AI chatbot use.
“AI can keep up with the constant release of new AI tools and news about security breaches. To add power to detections, security should not only rely on static rules that can quickly get outdated,” she recommended.
Ruzzi highlighted the risks posed by AI tools embedded within approved SaaS applications. Those hidden AI tools are unknown or unapproved for use by the company, even though the SaaS application itself is.
“AI features embedded within approved SaaS applications impose a special challenge that can only be detected by powerful SaaS security tools that go deep into SaaS configurations to uncover shadow AI,” she said.
Traditional security tools, such as cloud access security brokers (CASBs), can only uncover SaaS app usage and direct AI usage, including tools like ChatGPT. These are security policy enforcement points between enterprise users and cloud service providers.
As noted earlier, shadow AI can lead to compliance violations concerning personal information. Some regulatory frameworks that impact organizations include the European Union’s General Data Protection Regulation (GDPR), which governs the processing of personal data. In the U.S., the California Consumer Privacy Act/California Privacy Rights Act (CCPA/CPRA) is similar to GDPR but for California residents.
Shadow AI can violate GDPR principles, including:
Organizations are accountable for all data processing activities, including those of unauthorized AI.
For companies that handle health care data or provide health-related services in the U.S., the Health Insurance Portability and Accountability Act (HIPAA) is the most important in protecting sensitive patient health information.
“Shadow AI can lead to violations of consumers’ rights to know, access, and delete their data and opt out of selling their personal information. If shadow AI uses personal data without proper disclosures or consent, it breaks CCPA/CPRA rules,” Ruzzi said.
“If shadow AI systems access, process, or share protected health information (PHI) without proper safeguards, authorizations, or business associate agreements, it constitutes a HIPAA violation, which can lead to costly lawsuits.”
Many other jurisdictions have data privacy laws, such as the LGPD (Brazil) and PIPEDA (Canada), as well as various U.S. state laws. Organizations must ensure that shadow AI complies with all applicable data protection regulations, taking into account both their own locations and those of their customers.
Avoiding legal conflicts is essential. Ruzzi urged organizations to assess and mitigate risks from unvetted AI tools by testing for vulnerabilities and establishing clear guidelines on which tools are authorized.
She also recommended educating employees about shadow AI threats and ensuring they have access to vetted, enterprise-grade solutions.
As AI evolves and becomes more embedded across applications, shadow AI will introduce more complex security risks. To stay ahead, organizations need long-term strategies supported by SaaS security tools that can detect AI activity across applications, accurately assess risks, and contain threats early.
“The reality of shadow AI will be present more than ever. The best strategy here is employee training and AI usage monitoring,” she concluded.
Jack M. Germain has been an ECT News Network reporter since 2003. His main areas of focus are enterprise IT, Linux and open-source technologies. He is an esteemed reviewer of Linux distros and other open-source software. In addition, Jack extensively covers business technology and privacy issues, as well as developments in e-commerce and consumer electronics. Email Jack.
Please sign in to post or reply to a comment. New users create a free account.

Does understanding how AI works matter to you?

Loading ... Loading …



Yes – I want to know how it makes decisions
Sometimes – depending on what it’s being used for
No – I only care about how well it works
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/medical-clinician.jpg
https://www.technewsworld.com/story/dexcare-ai-platform-tackles-health-care-access-cost-crisis-179751.html
DexCare AI Platform Tackles Health Care Access, Cost Crisis
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/AI-and-Copyright.jpg
https://www.technewsworld.com/story/the-tangled-web-copyright-ai-and-the-content-id-conundrum-179770.html
The Tangled Web: Copyright, AI, and the Content ID Conundrum
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/AMD-Advancing-AI-2025.jpg
https://www.technewsworld.com/story/amds-ai-surge-challenges-nvidias-dominance-179781.html
AMD’s AI Surge Challenges Nvidia’s Dominance
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/IBM-Quantum-Starling-Render.jpg
https://www.technewsworld.com/story/ibm-plans-large-scale-fault-tolerant-quantum-computer-by-2029-179779.html
IBM Plans Large-Scale Fault-Tolerant Quantum Computer by 2029
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/LLM-IT-tools.jpg
https://www.technewsworld.com/story/it-pros-extremely-worried-about-shadow-ai-report-179766.html
IT Pros ‘Extremely Worried’ About Shadow AI: Report
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/04/NTT-sign.jpg
https://www.technewsworld.com/story/ntts-upgrade-2025-event-a-showcase-of-possibility-without-purpose-179690.html
NTT’s Upgrade 2025 Event: A Showcase of Possibility Without Purpose
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/Apple-WWDC25-Liquid-Glass-hero.jpg
https://www.technewsworld.com/story/wwdc-apple-unifies-operating-systems-makes-ipad-more-pc-179773.html
WWDC: Apple Unifies Operating Systems, Makes iPad More PC
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/ambient-ai-device-future-computing.jpg
https://www.technewsworld.com/story/i-know-precisely-what-sam-altman-and-jony-ive-are-up-to-179789.html
I Know Precisely What Sam Altman and Jony Ive Are Up To
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/sysadmin-data.jpg
https://www.technewsworld.com/story/database-admins-see-brighter-job-prospects-amid-it-challenges-179313.html
Database Admins See Brighter Job Prospects Amid IT Challenges
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/AMD-Threadripper-9000-Series.jpg
https://www.technewsworld.com/story/amd-at-computex-2025-making-the-case-for-an-ai-powerhouse-179747.html
AMD at Computex 2025: Making the Case for an AI Powerhouse
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/06/development-team.jpg
https://www.technewsworld.com/story/smbs-face-costly-complex-barriers-to-cybersecurity-179711.html
SMBs Face Costly, Complex Barriers to Cybersecurity
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/AI-cross-device.jpg
https://www.technewsworld.com/story/the-ghost-in-the-machine-gets-a-body-with-jony-ive-openai-179760.html
The Ghost in the Machine Gets a Body With Jony Ive, OpenAI
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/brainwaves.jpg
https://www.technewsworld.com/story/apple-adds-brain-to-computer-protocol-to-its-accessibility-repertoire-179739.html
Apple Adds Brain-to-Computer Protocol to Its Accessibility Repertoire
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/06/smart-home-future.jpg
https://www.technewsworld.com/story/matter-and-infineon-redefine-smart-home-security-standards-179731.html
Matter and Infineon Redefine Smart Home Security Standards
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/02/botnet-attack.jpg
https://www.technewsworld.com/story/web-raiders-unleash-global-brute-force-attacks-from-2-8m-ip-addresses-179589.html
Web Raiders Unleash Global Brute Force Attacks From 2.8M IP Addresses
https://www.technewsworld.com/wp-content/uploads/sites/3/2024/08/AMD-headquarters-Santa-Clara.jpg
https://www.technewsworld.com/story/amds-embedded-edge-leadership-differentiation-and-ai-opportunity-179699.html
AMD’s Embedded Edge: Leadership, Differentiation, and AI Opportunity
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/global-interaction.jpg
https://www.technewsworld.com/story/from-networks-to-business-models-ai-is-rewiring-telecom-179778.html
From Networks to Business Models, AI Is Rewiring Telecom
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/03/Chat-AI.jpg
https://www.technewsworld.com/story/ai-chatbots-can-be-easy-prey-for-zero-knowledge-hackers-179652.html
AI Chatbots Can Be Easy Prey for ‘Zero-Knowledge’ Hackers
https://www.technewsworld.com/wp-content/uploads/sites/3/2024/02/mobile-app-security.jpg
https://www.technewsworld.com/story/collection-of-private-data-makes-mobile-apps-fat-target-for-hackers-179685.html
Collection of Private Data Makes Mobile Apps Fat Target for Hackers
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/mobile-biometric-security.jpg
https://www.technewsworld.com/story/security-is-not-privacy-part-1-the-mobile-target-179752.html
Security Is Not Privacy, Part 1: The Mobile Target
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/family-using-smartphones.jpg
https://www.technewsworld.com/story/americans-could-lose-7-of-their-lives-to-social-media-178276.html
Americans Could Lose 7% of Their Lives to Social Media
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/04/mini-PCs.jpg
https://www.technewsworld.com/story/powerful-mini-pcs-provide-efficient-replacement-for-desktop-computers-177532.html
Powerful Mini-PCs Provide Efficient Replacement for Desktop Computers
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/06/construction-drone.jpg
https://www.technewsworld.com/story/drones-set-to-deliver-benefits-for-labor-intensive-industries-forrester-179764.html
Drones Set To Deliver Benefits for Labor-Intensive Industries: Forrester
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/Meta-Llama-4.jpg
https://www.technewsworld.com/story/meta-llama-2025-the-open-source-ai-tsunami-179721.html
Meta Llama 2025: The Open-Source AI Tsunami
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/brand-management-team.jpg
https://www.technewsworld.com/story/ai-is-rewriting-the-rules-of-brand-management-179737.html
AI Is Rewriting the Rules of Brand Management
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/02/Apple-R-and-D-Austin.jpg
https://www.technewsworld.com/story/why-texas-is-the-ideal-home-for-apples-ai-data-center-179613.html
Why Texas Is the Ideal Home for Apple’s AI Data Center
https://www.technewsworld.com/wp-content/uploads/sites/3/2024/01/smartphone-user-perplexed.jpg
https://www.technewsworld.com/story/cell-phone-satisfaction-tumbles-to-10-year-low-in-latest-acsi-survey-179746.html
Cell Phone Satisfaction Tumbles to 10-Year Low in Latest ACSI Survey
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/07/laptop-user.jpg
https://www.technewsworld.com/story/screen-time-of-americans-above-global-average-study-179667.html
Screen Time of Americans Above Global Average: Study
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/03/Low-Earth-Orbit-satellites.jpg
https://www.technewsworld.com/story/low-earth-orbit-networks-pushing-geostationary-giants-to-innovate-179658.html
Low Earth Orbit Networks Pushing Geostationary Giants To Innovate
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/06/AI-robot-in-business.jpg
https://www.technewsworld.com/story/how-to-leverage-gen-ai-without-losing-the-corporate-shirt-179123.html
How To Leverage Gen AI Without Losing the Corporate Shirt
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/10/tug-of-war.jpg
https://www.technewsworld.com/story/arm-goes-to-war-against-qualcomm-stupid-squared-179438.html
Arm Goes to War Against Qualcomm: Stupid Squared
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/AI-entertainment-future.jpg
https://www.technewsworld.com/story/ai-and-the-algorithmic-muse-entertainments-next-act-179734.html
AI and the Algorithmic Muse: Entertainment’s Next Act
https://www.technewsworld.com/wp-content/uploads/sites/3/2022/02/open-source-community.jpg
https://www.technewsworld.com/story/democratic-ai-revolution-power-to-the-people-and-code-to-the-masses-179743.html
Democratic AI Revolution: Power to the People and Code to the Masses
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/05/5th-generation-Waymo-Driver.jpg
https://www.technewsworld.com/story/waymo-builds-arizona-factory-to-grow-robotaxi-fleet-179727.html
Waymo Builds Arizona Factory To Grow Robotaxi Fleet
https://www.technewsworld.com/wp-content/uploads/sites/3/2023/06/Apple-Vision-Pro-app-windows.jpg
https://www.technewsworld.com/story/apple-vision-pro-ecosystem-shows-sluggish-growth-179423.html
Apple Vision Pro Ecosystem Shows Sluggish Growth
https://www.technewsworld.com/wp-content/uploads/sites/3/2025/03/gripes-with-Apple.jpg
https://www.technewsworld.com/story/my-4-gripes-with-apple-and-why-wwdc-really-matters-this-year-179672.html
My 4 Gripes With Apple and Why WWDC Really Matters This Year
https://www.technewsworld.com/wp-content/uploads/sites/3/2024/03/software-coding-female.jpg
https://www.technewsworld.com/story/crashing-the-boys-club-women-entering-cybersecurity-through-non-traditional-paths-179666.html
Crashing the Boys’ Club: Women Entering Cybersecurity Through Non-Traditional Paths
Copyright 1998-2025 ECT News Network, Inc. All Rights Reserved.
Enter your Username and Password to sign in.

source

Jesse
https://playwithchatgtp.com