Shadow AI is the second-most prevalent form of shadow IT in corporate environments, 1Password’s latest annual report has revealed.
Based on a survey of over 5,000 IT/security professionals and knowledge workers in the US, UK, Europe, Canada and Singapore, the report shows that over a quarter (27%) of the polled workers use AI-based applications that their employer did not buy or approve, and over a third (37%) follow company AI policies “most of the time”.
“The data suggests that companies lack considered and detailed AI usage policies, as well as the means to enforce them,” 1Password pointed out. Also, a non-negligible percentage of workers isn’t even aware that their company has an AI policy at all!
Employees’ knowledge of their company’s AI policy (Source: 1Password)
Businesses must move from reacting to AI risks to anticipating them, the company advised. This means:
- Implementing continuous monitoring for unsanctioned AI tools and agents and establish the ability to block them before harm occurs
- Security and IT teams must create clear, practical AI use policies and ensure that everyone knows about them and understands them
- When employees are spotted using unauthorized tools, organizations should learn why employees use them and offer secure alternatives that meet the same needs
- Organizations must design access and security controls with future AI (including agentic AI) in mind.
Turning offensive techniques into defensive ones to deal with Shadow AI
Dutch security company Eye Security has come up with an interesting concept that could help tackle the problem of employee awareness regarding AI policies and nudge them to make the right choice.
Prompt Injection for Good is an open-source prototype tool organizations can use to test prompts that can be embedded into company documents and email signatures, to trigger compliance warnings when employees use personal AI tools with company data. (They’ve also made available an interactive tool for users to test the concept.)
“The idea is that the end-user will get a clear disclaimer, written by the company’s CISO,” Eye Security CTO Piet Kerkhofs explained.
Example of a defensive prompt injection in a company PDF (Source: Eye Security)
The user will be informed about the risks and consequences of their action and will (hopefully) reconsider when they are about to upload corporate docs to unsanctioned AI platforms again.
The company released the framework to allow for regular testing of defensive prompts against the newest LLM models. The framework syncs with all popular AI platforms and provides easy integration to test embedded prompts in corporate documents, in bulk, and provide a scoring overview. And as LLMs and their guardrails get updated, it can help defenders to continuously test and adjust their prompts.
“The tool we released shows the concept of ethical prompt injection, which is broadly applicable in DLP tools, by simple embedding a specific payload into corporate documents. We hope that vendors start testing and experimenting and that this concept gets implemented in production – that’s why we shared our research and source code publicly,” Kerkhofs told Help Net Security.
The company is aware that this solution and their tool are imperfect. “This tool does not address employees copy-pasting sensitive data into unsanctioned LLMs. The only way to govern that is to use browser extensions that track AI use within the browser, but this brings obvious privacy concerns as well,” Kerkhofs noted.
Nevertheless, they hope that this prototype will make organizations consider using this (usually) offensive hacking technique to protect their data proactively, and will prompt the creation of even better solutions.
Subscribe to our breaking news e-mail alert to never miss out on the latest breaches, vulnerabilities and cybersecurity threats. Subscribe here!
