惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

S
Secure Thoughts
Recent Commits to openclaw:main
Recent Commits to openclaw:main
H
Heimdal Security Blog
SecWiki News
SecWiki News
H
Hacker News: Front Page
N
News | PayPal Newsroom
L
LINUX DO - 最新话题
N
News and Events Feed by Topic
TaoSecurity Blog
TaoSecurity Blog
AI
AI
C
Cybersecurity and Infrastructure Security Agency CISA
Scott Helme
Scott Helme
PCI Perspectives
PCI Perspectives
S
Securelist
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
Cyberwarzone
Cyberwarzone
A
Arctic Wolf
Forbes - Security
Forbes - Security
T
Tor Project blog
Spread Privacy
Spread Privacy
WordPress大学
WordPress大学
I
Intezer
Martin Fowler
Martin Fowler
Help Net Security
Help Net Security
P
Proofpoint News Feed
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
Cisco Talos Blog
Cisco Talos Blog
Latest news
Latest news
博客园 - 司徒正美
W
WeLiveSecurity
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
V
V2EX
P
Palo Alto Networks Blog
Google DeepMind News
Google DeepMind News
IT之家
IT之家
阮一峰的网络日志
阮一峰的网络日志
V
Vulnerabilities – Threatpost
Jina AI
Jina AI
S
Security Affairs
Hacker News - Newest:
Hacker News - Newest: "LLM"
Simon Willison's Weblog
Simon Willison's Weblog
Project Zero
Project Zero
T
Threatpost
P
Privacy International News Feed
人人都是产品经理
人人都是产品经理
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Application and Cybersecurity Blog
Application and Cybersecurity Blog
博客园 - Franky
Hugging Face - Blog
Hugging Face - Blog
Apple Machine Learning Research
Apple Machine Learning Research

MeriTalk

Eliminating Silos in IT/OT Cybersecurity Is a Funding Challenge, Not a Technical One The FedRAMP High Supply Crisis Is a Federal Security Problem – Not a Procurement Footnote How More Tightly Focused Software Development Initiatives Will Unlock Innovation Across Government Transforming Federal Cybersecurity Through Private Sector Innovation Evolving Zero Trust and Embedded AI – Federal Government Cybersecurity Predictions for 2026 Unlocking AI’s Potential in High-Assurance Environments Accelerate Agentic AI in the Federal Government: Top Takeaways Why Congress Must Reauthorize the Technology Modernization Fund Make Cybersecurity a Key Ingredient of Modernization How Spectro Cloud’s PaletteAI Secure helps agencies scale AI securely, compliantly, and confidently Fix the Foundation: How Hybrid Cloud and Trusted Data Enable Government AI New Google Workspace Cost-Saving Offer Available for U.S. Federal Government Reinventing FedRAMP in the Age of AI Balancing Security and Efficiency: The Federal IT Dilemma in the AI Era Meeting Evolving State and Local Cyber Threats Enhancing U.S. Government Operations with AI and Human-Centered Design How FinOps Can Help Agencies Slash Cloud Costs in 5 Steps Will Quantum Computing Weaken or Strengthen Cybersecurity of Federal Systems? Improving Citizen and Federal Employee Experience with Virtual AI Assistants Strategies for Securing the Federal Supply Chain Reframing the U.S. Government’s Approach to Cybersecurity Oversight Three Steps Agencies Can Take to Meet Government’s AI Requirements The Impact of NIST’s PQC Standardization on the Federal Cybersecurity Ecosystem Generative AI is Revolutionizing Federal Government Operations NIST’s new PQC Algorithms and What They Mean for Federal Agencies Addressing the U.S. Quantum Labor Shortage Before It’s Too Late How a Community Vigil Approach and Secure by Design are Critical to Software Cybersecurity Addressing the Talent Shortage: How Digital Government Improves Satisfaction, Retention Here’s What We Can Learn (and Do) About Cybercrime from FBI’s Latest Internet Crime Report Implementing AI Assurance Safeguards Before OMB’s December Deadline The Next AI Wave: Quantum AI CDM’s Evolution to Non-Traditional Technology: Why Now and How Will it Succeed? Customer Expectations Require Agencies to Raise the Bar on Customer Experience, Report Shows Applying for Government Benefits Shouldn’t Be Difficult When It Comes to Identity Verification Four Federal Software Supply Chain Security Trends to Watch FedRAMP Baseline Transition Points to OSCAL-Native Tools What Zero Trust Means for Modern Government: Best Practices for Key Tenets Four Ways to Handle the IT Funding Crunch Agencies Need to Get Creative to Fill the Cyber Workforce Gap Customer Identity trends report shows control trumps convenience Federal Agencies Making Strides Toward Sustainability and Climate Action Executive Order 14028 | Improving the Nation’s Cybersecurity Depends on Data | All Data is Security Data Applying Geospatial Intelligence, AI/ML to Climate Change Challenge My Cup of IT: Angry at Arthritis, Hunting for Cures How the Federal Government Can Help Combat a Fragmented Internet Accelerating Cybersecurity for US Critical Infrastructure Getting in on the Ground Floor of the ‘New Observability’ Comply-to-Connect is Key to Zero Trust for DoD How Will Upcoming Cryptocurrency Regulations Affect Industry? My Cup of IT: Cup Cake for Kushner? Launching a New Era of Government Cloud Security Managing IT Complexity in Federal Agencies Agencies Must Modernize Zero Trust Approaches to Achieve Optimal Protection Five Essential Metrics for Measuring Federal Government CX Unlocking the Benefits of 5G and Beyond The Federal Factory of the Future: How AI is Transforming Manufacturing The Quantum Impact on Cyber How Next-Gen Computers Will Transform What’s Possible for Federal Government Agencies Must Take an Authentic Approach to Synthetic Data Biometrics and Privacy: Finding the Perfect Middle Ground Two-Way Street: Why Officials and Constituents Are Equally Responsible for Securing the Midterms The “Programmable World” Will Bring the Best of the Virtual World Into the Physical One Cyberattacks are a Common Occurrence and the Costs are Higher Than Ever Increasing Equity Through Data and Customer Experience The AI Edge: Why Edge Computing and AI Strategies Must Be Complementary How Metaverses and Web3 can Reshape Government Four Emerging Technology Trends set to Impact Government Most 5G Enables AI at the Edge Plugging Cyber Holes in Federal Acquisition Resilient Critical Infrastructure Starts with Zero Trust The Evolution of Government Tech Procurement Under CMMC 2.0 Zero Trust Requires Continuous, Tested Security for Federal Agencies How Multi-INT Fusion Accelerates Mission Intelligence for Real-Time Decision Advantage Three Things to Consider for Responsible AI in Government Legislation, White House Orders Show Agencies Opportunity for Hybrid Cloud Creating an Effective Framework for DoD’s Software Factories Realizing Upsides for Digital Security in the Hybrid Workplace A Future With AI and ML: The Power of Workforce Education Five Tips to Begin MFA Integration and Embrace Zero Trust The Vital Intersection Between Equity and Digital Transformation Equity as a Platform: Applying a New Mindset to Scale Innovation Harnessing the Right Data for Evidence-Based Equity From EO to Action: Human Factors of Enabling a Cyber Safety Review Board For Equity in Government Services, It’s Time to Change the Paradigm Critical Questions to Ask When Considering Explainable AI (XAI) for Your Federal Agency The Telework Model for Government: COVID Lessons for Building an Effective Workforce DevSecOps: 4 Steps for Mitigating the Next Cyber Attack in Your Federal IT Environment Better Cyber Hygiene Helps, but Federal Security Needs SASE Lift DoD, Feds Plot Top Cyber, Cloud Priorities for 2022 Cloud-Native Government: How to Transform With Intention DoD and VA Health Networks Face Growing Threat From Medical-Device Vulnerabilities New Federal Cybersecurity Requirements: How Agencies Should Implement a Zero Trust Architecture Protecting Our Nation Through Big Data Analytics Three Ways COVID-19 Altered Federal, State IT Budget Allocations Ransomware is More Than a Cybersecurity Issue From Me to We: Take the Mission Further With Multiparty Systems Anywhere, Everywhere: Integrating Your Virtual Workplace ‘I, Technologist’: Empowering Innovators in the Federal Workforce Mirrored World: Digital Twins Report for Duty Across Government Stack Strategically: Rearchitecting Government for What’s Next
AI Is the Solution to Stop AI Data Theft
MeriTalk Sta · 2025-05-13 · via MeriTalk

By Fadi Fadhil, Field Chief Information Officer at Palo Alto Networks and former CIO for the City of Minneapolis

For many years, data retention has been a defensive game. To keep data safe, organizations have needed to protect their systems from outside cybersecurity threats like malware, phishing attempts, and ransomware attacks. This focus on guarding against intruders has spurred the creation of new systems that monitor cyberattacks and implement zero trust architecture, thereby helping prevent theft of critical or sensitive data.

But what if the biggest threat isn’t coming from outside intruders, but instead from the actions of your own employees?

When employees use new AI tools that promise to make them more efficient or productive at work, there’s no firewall system to prevent the sharing of data – knowingly or not – with bad actors embedded within these programs. This type of data theft happens without leaving any obvious trace – not only delaying organizational response but eliminating the chance to get that stolen data back.

Take school systems, for example. Schools across the country are consistently working with less funding and fewer staff than in the past. Stretched thin by competing demands on their time, an administrative employee at a high school might use a large-language model AI tool to help sort student demographic data to save time. What they may not know or remember is that the web-based AI tool they are using is not a part of the schools’ IT environment – meaning this student data is being shared with a third party that has no obligation to follow the school’s data guidelines. Students’ addresses, health records, grades and other identifying information are all at risk of being stolen by a threat actor.

As scary as it sounds, that’s the reality both public and private sector organizations across the country are facing with the rise of third-party AI tools. According to a recent Gallup poll, up to a third of U.S. employees are using AI in at least some of their work. That’s tens of millions of workers feeding possibly proprietary data into unknown third-party applications outside of their organization’s IT infrastructure, often without realizing how their inputs will be viewed, used, sold, or even stolen.

In the cybersecurity space, we recognize this phenomenon as “Silent AI,” or the hidden vulnerabilities associated with employee use of third-party AI tools. While uses for these tools may seem innocuous and even beneficial, like helping employees create to-do lists or organize information visually for ease of reading, they require users to share sensitive data outside of cybersecurity perimeters that IT departments can track. The use of AI programs has truly become the Wild West, and most organizations don’t have a sheriff. Once that data is outside of an organization’s systems, there’s no way to get it back.

The solution for Silent AI is to identify data sharing before it happens. Organizations need to have a solid understanding of which AI programs their employees are using so they can monitor what information is coming in and out of their networks. This can’t be accomplished with a patchwork of cybersecurity protections – rather, organizations must be able to look at their entire network to properly manage vulnerabilities.

But solving for Silent AI isn’t just about technology. Organizations both public and private also need to make a much larger investment in employee training around the risks associated with AI, including both the sharing of confidential information, and how this information can be an attack vector for more traditional forms of cyberattacks. And while employees can be a vulnerability themselves in cybersecurity systems when they make data sharing errors, employees can also be leveraged as a strength in developing a culture of vigilance around responsible, sanctioned use of AI tools that limit exposure to threat actors.

Addressing Silent AI doesn’t mean giving up on AI technologies altogether. These are important, useful tools that have very quickly become part of our everyday working experience and have made organizations more efficient. Instead, IT leaders and cybersecurity professionals need to set clearer parameters for which AI tools are safe to use, and how to use them. Then, they need the technology in place to monitor compliance with those policies and minimize risks.

The cybersecurity industry is already working on solutions. In my role as Field CIO, one of my department’s main goals is to help IT departments sleep at night by creating a holistic approach to their organization’s cybersecurity plans. We work with organizations to create comprehensive monitoring systems for their networks that can track whenever data leaves and who receives it. Because many of these systems are automated – using AI to track AI – IT infrastructure can detect or shut down sensitive data sharing almost immediately.

AI can be a silent threat, but there are still ways to manage its risks. As CIOs and CTOs across the country grapple with the consequences of using AI, cybersecurity systems need to be a part of their organizational policies. With the proper monitoring tools in place, the public sector can become more efficient and cut costs using AI while still protecting critical data.