惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

The Cloudflare Blog
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
人人都是产品经理
人人都是产品经理
C
Check Point Blog
有赞技术团队
有赞技术团队
H
Help Net Security
V
Vulnerabilities – Threatpost
N
News | PayPal Newsroom
Hacker News - Newest:
Hacker News - Newest: "LLM"
L
LINUX DO - 最新话题
Apple Machine Learning Research
Apple Machine Learning Research
博客园 - 【当耐特】
爱范儿
爱范儿
I
InfoQ
V
Visual Studio Blog
O
OpenAI News
Google DeepMind News
Google DeepMind News
S
Security Affairs
T
Troy Hunt's Blog
P
Palo Alto Networks Blog
Spread Privacy
Spread Privacy
Engineering at Meta
Engineering at Meta
雷峰网
雷峰网
N
Netflix TechBlog - Medium
Latest news
Latest news
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Webroot Blog
Webroot Blog
S
Schneier on Security
MongoDB | Blog
MongoDB | Blog
T
Tor Project blog
V2EX - 技术
V2EX - 技术
Security Latest
Security Latest
Cloudbric
Cloudbric
The GitHub Blog
The GitHub Blog
酷 壳 – CoolShell
酷 壳 – CoolShell
B
Blog RSS Feed
C
CERT Recently Published Vulnerability Notes
T
The Exploit Database - CXSecurity.com
P
Privacy International News Feed
S
Securelist
C
Cisco Blogs
博客园_首页
TaoSecurity Blog
TaoSecurity Blog
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Security Archives - TechRepublic
Security Archives - TechRepublic
P
Proofpoint News Feed
K
KPMG report finds enterprise disconnect between AI and its ROI | CIO
T
Threat Research - Cisco Blogs
阮一峰的网络日志
阮一峰的网络日志
S
Secure Thoughts

Forbes - Innovation

Why Do Humans Have Fingerprints? Hint: It’s Not What You Think Booking.com Confirms Data Breach, Reservation PIN Codes Changed Why Major News Sites Are Blocking The Internet Archive’s Wayback Machine iPhone Fold Release Date: New Report Details Frustrating Apple News Comet Tracker: How To See Pan-STARRS And Three Planets On Wednesday NYT Mini Crossword Today: Tuesday, April 14 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Tuesday, April 14 (It’s A Little Unclear) Today’s Wordle #1760 Hints And Answer For Tuesday, April 14 Most Of The Microplastics In Urban Air Come From Tires Today’s Wordle #1759 Hints And Answer For Monday, April 13 NYT Mini Crossword Today: Monday, April 13 Hints And Answers NYT Pips Today: Hints, Answers And Walkthrough For Monday, April 13 The YC Chief Who Codes 10,000 Lines A Day Has A Simple Secret Samsung Expands One UI 8.5 Beta To More Galaxy Owners Why You Should Stop Using Your iPhone If It’s On This List Chamath Says Firms That Treat AI As A Strategy Hand Rivals Their Edge 3 Unexpected Habits Of Secure Couples, By A Psychologist The First Lamp That Folds Your Clothes Samsung’s Disappointing Price Update For Galaxy Phone Buyers 3 Subtle Signs Someone Is Falling In Love With You, By A Psychologist Do Mantis Shrimp See More Colors Than Humans? A Biologist Explains NYT Connections Answers Explained For Monday, April 13 (#1,037) NYT Connections Hints Today: Monday, April 13 Clues And Answers (#1,037) LEGO Luigi & Mach 8 (72050) Review: 2026’s Best Set Yet? Marc Andreessen Says AI Productivity Will Trigger A Hiring Boom 3D Printing Is The Ultimate Hack To Reduce Household Spending Apple iPhone Fold: Striking Design Revealed In Leaked Photos Apple Smart Glasses: New Leak Reveals A Major Design Twist To Beat Meta Tested: The AI Coming To The Rivian R2 Quordle Hints Today: Monday, April 13 Clues And Answers Companies And H-1B Employees Endure Immigration Waits At Consulates 3 Easy Ways To Turn Anxiety Into Sustained Focus, By A Psychologist Here’s The Most Affordable Humanoid Robot You Can Buy Now UFC 327 Results: 5 Biggest Takeaways From A Wild Night In Miami UFC 327 Results, Bonus Winners, Highlights And Reactions Dana White Announces Huge New Fight For UFC White House Today’s NYT Strands Hints, Spangram, Answers: Sunday, April 12 (Get Ready) Tesla ‘Model 2’ Rises From The Ashes Today’s Wordle #1758 Hints And Answer For Sunday, April 12 NYT Pips Today: Hints, Answers And Walkthrough For Sunday, April 12 Tyson Fury Vs. Arslanbek Mahkmudov Results: Highlights and Reaction NYT Mini Crossword Today: Sunday, April 12 Hints And Answers How Shadow AI Culture Is Destroying Your Business Venture Capital Funds That Market Like Startups Win More Deals Conor Benn Vs. Regis Prograis Results: Highlights and Reaction Samsung’s Disappointing Price Update For Galaxy Phone Buyers Artemis Reached The Moon. The Grid Can Reach The 21st Century A Biologist Explains How Archerfish Shoot Down Prey. Hint: Their Aim Rivals Human Throwing Is It Time For Apple To Forget About The MacBook Air NYT Connections Hints Today: Sunday, April 12 Clues And Answers (#1036) Trump’s 2027 Budget To Reshape U.S. Environmental And Energy Policy CDC Delays Reporting Of COVID-19 Vaccine Benefits—Here’s What To Know Oura Has Designed A Solution To A Big Smart Ring Problem Netflix’s Best New Show Has A Near-Perfect 95% Rotten Tomatoes Score Coachella 2026 Is Being Taken Over By Creator Streams Quordle Hints Today: Sunday, April 12 Clues And Answers This Startup Wants To Use AI To Help Digitize History How To Get The Best Shield In ‘Crimson Desert’ Microsoft Venom Attack Targets C-Suite Executives ‘Maul: Shadow Lord’ Sets Even More Star Wars Rotten Tomatoes Records 3 Ways Happy Couples Argue Differently, By A Psychologist Success For Leapmotor Might Have Negatives For Stellantis New Names Surface As Potential Rogue And Wonder Woman In The MCU And DCU 4 Reasons Artemis Mission Matters Even If You Think It Is Wasteful Fast ‘Crimson Desert’ Patch Adds New Moves, Shield Hiding And One Great Feature Why Do Humans Blush? An Evolutionary Biologist Explains The Signal We Can’t Control Apple iPhone Fold: Striking Design Revealed In Leaked Photos Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update iOS 26.4.1 Release: Crucial iPhone Feature Update Arrives, But No Security Fix Fury vs. Makhmudov Full Card, Ring Walk Times and How to Watch Can’t Stand Liquid Glass? This New Hidden iPhone Setting Is A Game-Changer Test-Driving The 2026 Changan Deepal S05: Italian Style Made In China NSA Warning—Reboot Your Internet Router Now Ways That Human-AI Collaboration Slides People Into ‘AI Brain Fry’ And Cognitive Downturns Stop Using These Networks—Google, NSA And TSA Warn NASA Changes Moon Plan: Landing Now Depends On SpaceX Or Blue Origin Samsung Expands One UI 8.5 Beta To More Galaxy Owners The Evolution Of Programmable Hardware At Xilinx NYT Mini Today: Saturday, April 11 Hints And Answers Today’s NYT Strands Hints, Spangram, Answers: Saturday, April 11 (You’re Putting Me On) Splashdown! NASA’s Artemis II Returns To Earth After Moon Mission Attention Is All You Need. The Human Kind Is Still The One That Counts Today’s Wordle #1757 Hints And Answer For Saturday, April 11 NYT Pips Today: Hints, Answers And Walkthrough For Saturday, April 11 Android Circuit: Galaxy S27 Pro Emerges, Honor 600 Pre-Order Offers, Pixel 11 Display Leaks Apple Loop: iPhone 18 Pro Leak, Urgent iOS Update, MacBook Neo Issues Morgan Stanley Has Mostly Positive Outlook On Tesla Robotaxi, FSD V15 Running Out Of AI Tokens Faster Than Ever? Here’s Why CoreWeave Shares Pop 13% After Anthropic Deal ‘Euphoria’ Season 3’s Rotten Tomatoes Score Crashes, Has Lost Key Player People Don’t Agree On What AI Can Do, But They Don’t Even Use The Same Product ‘Overwhelming’—Google Issues Gemini Update For Gmail Users NYT Connections Hints Today: Saturday, April 11 Clues And Answers (#1035) Quordle Hints Today: Saturday, April 11 Clues And Answers The Costly Dream Of Space-Based AI Infrastructure Can You See The Watcher In This ‘Daredevil: Born Again’ Shot? Adobe Attacks Underway—Windows And Mac Users Given 72 Hours To Update You Just Watched The Backdoor Pilot For ‘The Pitt: Night Shift’ Are Nicotine Pouches Like Zyn And VELO Safe To Use? A Doctor Answers Human Resources (HR) Is The Key To AI Success Per WalkMe ( SAP)
Why Shadow AI Is A Bigger Threat Than Claude Mythos
Tim Keary, C · 2026-05-11 · via Forbes - Innovation
Shadow AI

Shadow AI

getty

Anthropic’s powerful frontier AI model Claude Mythos, has raised serious concerns about the risks presented by AI-driven vulnerability discovery and exploitation. However, there’s reason to suggest that shadow AI might pose a bigger threat to enterprises in the short term.

While advancements in frontier models like Mythos threaten to accelerate vulnerability discovery, shadow AI leaves hidden entry points in enterprise environments that threat actors can exploit.

According to a survey conducted by WalkMe in 2025, 78% of employees admit to using AI tools that were not approved by their employer. At the same time, the number of ungoverned tools has skyrocketed, with Reco finding that organizations average 269 shadow AI tools per 1,000 employees.

Each of these tools can leak information to unauthorized third parties. Rapid AI adoption has come at the cost of security and defenders now need to adapt to a fast-moving threat landscape in which AI tools can be targeted with prompt injection attacks and other exploits.

Getting To Grips With Shadow AI

Poor governance has been a problem since the start of the AI race. Shortly after the release of ChatGPT, Samsung had a security incident in which an engineer pasted source code into ChatGPT. The incident resulted in a company-wide ban on employees using the chatbot.

Now, as agentic AI picks up steam and machine identities continue to multiply across the enterprise, it’s becoming harder to mitigate risk. For instance, IBM’s 2025 Cost of a Data Breach report found that 63% of organizations lacked AI governance policies to manage AI or prevent the proliferation of shadow AI. This widespread lack of governance is increasing the risk of exploitation by cybercriminals.

MORE FOR YOU

Harman Kaur, CTO of Tanium, an autonomous IT company, told me in a video interview that the siloed vulnerability management, endpoint management and patching defenders have been doing is “no longer really an option."

“We really, really don’t have time to react to things. Security can’t be just focused on security. And more importantly, if they’re going to be leveraging AI, they need data from the other teams to actually give it the full context of what’s happening,” Kaur said.

Kaur says that the biggest risk today is people, as individuals build their own solutions and then connect them to different business tools that CISOs might not have visibility into. Not having an understanding of where an organization’s data going, can be a significant risk.

How Much Risk Does Shadow AI Present?

One of the biggest challenges in addressing shadow AI lies in defining the scope of risk. It’s not just the tools that employees use that security teams need to track, but every piece of infrastructure that has access to protected data. Each company has a different risk profile, depending on the tools and infrastructure in use.

“Shadow AI is bigger than employees using an unsanctioned chatbot at work. It includes unmanaged AI infrastructure deployed outside traditional governance controls, AI features abstracted behind application interfaces, and cases where users do not even realize they are interacting with an LLM,” Gabriel Bernadett-Shapiro, a distinguished AI research scientist at enterprise cybersecurity platform SentinelOne, told me via email.

“When AI becomes another abstraction within the software stack, organizations lose the ability to understand what data is being processed, what systems the model can access, what actions it can take, and who is accountable when something goes wrong,” Bernadett-Shapiro said.

Bernadett-Shapiro notes that the risk becomes more acute when AI moves from generating text to performing actions. Chatbots that answer a question based on company documentation are low risk, a model connected to tools, files, APIs, code repositories, ticketing systems, browsers, or internal knowledge bases can potentially shut down a business.

To address the issue, Bernadett-Shapiro suggests that companies should treat shadow AI as an enterprise visibility and exposure management problem. Teams need to know where AI is being used, including applications containing embedded AI, teams deploying models and which systems can access sensitive data or perform actions.

The Identity Challenge

The nature of identity in the enterprise is changing. While machine identities aren’t new, a new wave of AI agents entering the workplace has the potential to increase complexity.

"Shadow AI isn’t just unsanctioned tools. It’s unsanctioned identities. Every AI agent an employee spins up becomes an active actor inside your environment, authenticating, pulling data, and executing across systems,” Roy Katmor of identity security platform, Orchid Security, told me via email.

Katmor says addressing shadow AI requires a shift in how teams operate. Firstly, they should move from access visibility to behavior observability by focusing on what identities actually do inside applications, not just how they log in. Secondly, he says to treat AI agents as first-class identities by discovering them, assigning ownership and enforcing least privilege early.

Thirdly, organizations can look to remove embedded credentials and reduce excessive permissions that create shortcuts in the environment. He also says companies should look to build auditability before deployment so identity activity is visible and explainable in real time, rather than reconstructed after an incident.

Securing Shadow AI Agents

Of course, shadow AI is just the tip of the iceberg. As AI agents perform more tasks autonomously in the workplace, defenders are going to need to maintain visibility. “Shadow AI is a big risk,” Artyom Poghosyan, CEO and cofounder of cloud privileged access management provider Britive, told me in a video interview.

He said there have been multiple examples of how an agent deployed on a developer laptop was able to utilize the access and credentials of the user to enter production databases and delete data.

For Poghosyan, the first step is really to understand what’s out there, where agents are deployed and operating. Agents also introduce more complex risks. “I think one big risk is how agents can creatively figure out access laterally," using a credential to move across multiple systems.

He says what’s most important here isn’t just discovering agents, but also being able to put guardrails and secure mechanisms in place around the agent. Implementing privileged access management is one way to provide visibility over agents while controlling capabilities.