A360
Key Takeaways✦ Atlas AI
01
Many employees are using public generative AI tools despite company bans, creating significant data leakage risks as sensitive information enters unsecure external models, potentially compromising intellectual property.
02
The rise of autonomous 'agentic AI' introduces complex security and compliance challenges, as organizations struggle to monitor and audit these self-deciding systems for accountability and control.
03
Organizations often overestimate their AI readiness, lacking robust governance and security frameworks, which makes strong identity and access management crucial for mitigating 'shadow AI' risks and ensuring accountability.
Atlas AI
Unauthorized employee use of public generative AI tools is becoming widespread, creating new governance and security headaches for IT leaders.
A Gartner survey cited by The Register found that 69% of organizations believe employees are using prohibited public GenAI tools, and about half say the activity continues even where bans are in place. The behavior spans public large language model (LLM) services as well as AI-enabled sosourcesware-as-a-service applications adopted by teams outside approved IT channels.
Data leakage and IP exposure concerns
A primary risk is data leakage when employees enter sensitive company information into external AI services. The Register report warns that such data may be stored outside an organization’s security perimeter and could be used to train future models, potentially exposing intellectual property and other confidential material.
Agentic AI adds auditing and compliance complexity
The rise of agentic AI—systems designed to operate more autonomously and make decisions with limited human oversight—adds another layer of difficulty. Monitoring agent actions, tracing decision paths, and maintaining auditability can be challenging, especially at scale.
The source also notes ongoing concern across the industry about accountability if an AI agent takes an incorrect action that results in data exposure, including questions over who authorized the action and how organizations can investigate and reverse it.
Governance gaps can amplify risk
The report highlights a potential mismatch between how mature organizations think they are in AI adoption and how prepared they are internally to deploy it safely. Lacking clear governance frameworks, a well-defined view of security posture, and practical AI usage guidelines by department can increase the likelihood of shadow AI-related security and compliance incidents.
Why identity and access management matters
Stronger identity and access management (IAM) is presented as a key mitigation step. A consistent identity foundation can help organizations improve visibility into what humans and non-human entities are doing across the enterprise environment, enabling better monitoring, accountability, and oversight as AI usage expands.
