2023 was the year
AI went mainstream. A few years into the boom and AI tools are already deeply embedded into how we work.
9 in 10 companies report their employees use personal AI tools regularly. From simple tasks like writing emails to powering agentic systems that execute multi-step tasks autonomously, AI has not-so-subtly become the productivity engine behind the scenes of most organizations.
But there’s no such thing as a free lunch. With its use come growing gaps in security. While personal AI use in the workplace has become nearly universal,
only 4 in 10 companies actually have official LLM subscriptions. Shadow AI—unsanctioned AI tool use—forces a familiar tension I often hear from security leaders, sometimes every week: either block AI and lose productivity, or allow it freely and accept risk.
Neither extreme is ideal. Unapproved AI use slips in risks we can’t see, but outright blocking it all can take away useful productivity gains from your business.
So how do we actually solve this paradox, especially at scale?
There it is. AI is already part of the workday, so the real challenge is giving employees room to use it without opening the door to data exposure (not to mention compliance gaps). Here are four key areas to keep usage in check:
Everything starts here. If you want to manage AI risk, you need a clean inventory of what’s being used across your environment. That means being able to scroll through a live list of AI applications and quickly find:
This is where many teams get their first surprise—a long trail of unknown or sanctioned apps. Seeing which of these applications are gaining traction can also help better assess risk and prioritize the right gaps.
Once you know what’s in play, the next step is understanding the surfaced risk in context. Not every AI deployment is the same. Some models may be running in approved environments, while others could’ve spawned in places they shouldn’t—like a personal device.
Your analysis should answer:
Organizations need the ability to inspect activity inside AI tools like ChatGPT in real time. That includes monitoring prompts, uploads, and responses to detect when sensitive information may be exposed.
For example, a beginning prompt flows normally, but a prompt containing sensitive data is flagged and blocked before it can even leave the enterprise, meaning it never reaches ChatGPT. Bingo.
Some copilots and AI assistants use internal company data during inference, but without proper classification of that information there’s a risk that employees’ prompts could trigger AI to offer up information they shouldn’t have access to.
By classifying sensitive data and applying labels through integrations such as Microsoft Purview Information Protection, organizations can make sure data is consistently identified and protected. Teams can prevent data from being used in AI inference, avoid accidental exposure through AI chat prompts, and even sanitize said data before it’s used to train models.
Often overlooked, this step is perhaps the most critical, especially as enterprises scale AI usage.
Finally, organizations need the ability to enforce policies. Of course, this doesn’t mean blunt-force blocking. Effective teams actually rely on granular controls such as:
Control is what makes safe AI adoption possible and sustainable. Organizations get to apply consistent rules that protect their data, while employees get to use the AI tools that make them more productive. Everybody wins.
The
Symantec CloudSOC consolebrings all these capabilities together into one unified workflow: discovery, analysis, monitoring, classification, and control. With built-in support for two of the most used enterprise AI assistants—Microsoft Copilot and Google Gemini—organizations who deploy Symantec DLP Cloud gain real-time visibility, inspection, and enforcement across the AI tools employees actually use.
The outcome? What every security and business leader is ultimately aiming for: employees stay productive and innovative, while sensitive data remains secure across its lifecycle.
Watch these capabilities in action in my on-demand webinar: Securing the Proliferation of AI Applications.
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。