惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

D
Docker
Simon Willison's Weblog
Simon Willison's Weblog
H
Help Net Security
F
Fortinet All Blogs
H
Heimdal Security Blog
S
Schneier on Security
L
LangChain Blog
博客园 - Franky
酷 壳 – CoolShell
酷 壳 – CoolShell
NISL@THU
NISL@THU
P
Palo Alto Networks Blog
J
Java Code Geeks
博客园 - 【当耐特】
The Last Watchdog
The Last Watchdog
W
WeLiveSecurity
www.infosecurity-magazine.com
www.infosecurity-magazine.com
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost
I
InfoQ
Recorded Future
Recorded Future
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
C
CERT Recently Published Vulnerability Notes
T
Tenable Blog
腾讯CDC
C
Check Point Blog
量子位
M
MIT News - Artificial intelligence
GbyAI
GbyAI
罗磊的独立博客
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
B
Blog
小众软件
小众软件
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
C
CXSECURITY Database RSS Feed - CXSecurity.com
Stack Overflow Blog
Stack Overflow Blog
P
Proofpoint News Feed
P
Privacy & Cybersecurity Law Blog
V2EX - 技术
V2EX - 技术
T
Threatpost
Engineering at Meta
Engineering at Meta
Attack and Defense Labs
Attack and Defense Labs
T
Tailwind CSS Blog
S
Securelist
The Cloudflare Blog
博客园 - 叶小钗
L
LINUX DO - 最新话题
T
Troy Hunt's Blog
C
Cyber Attacks, Cyber Crime and Cyber Security
爱范儿
爱范儿

Citrix Blogs

Celebrating the Partners powering Citrix forward – Citrix Blogs What’s left for humans? – Citrix Blogs Why this moment feels different – Citrix Blogs Introducing Citrix Platform for Public Sector – Citrix Blogs how our partnership with Google has matured secure access for the browser era – Citrix Blogs When session recording stops scaling – Citrix Blogs A conversation with Cletis Earle – Citrix Blogs Imprivata Ready Certification validates Citrix Unicon: A practical guide for healthcare IT – Citrix Blogs Skills are all you need – Citrix Blogs UHMC customers now have expanded Citrix Secure Private Access entitlement – Citrix Blogs How CIOs turn post‑merger disorder into a synergy engine – Citrix Blogs why your AI strategy is focused on the wrong layer – Citrix Blogs Securing high privileged admin access doesn’t have to be complicated – Citrix Blogs What will knowledge work be in 18 months? Look at what AI is doing to coding right now. – Citrix Blogs Untangling spaghetti – Citrix Blogs Workers’ “second brains” break every assumption about how we secure knowledge work – Citrix Blogs Taming integration chaos (the core of M&A failure) – Citrix Blogs OpenClaw and Moltbook preview the changes needed with corporate AI governance – Citrix Blogs Three years. Five Use Cases. A Leader: Citrix – Citrix Blogs The hard truths about hospital consolidation: An M&A guide for IT leaders – Citrix Blogs Why Citrix is the most complete EUC platform – Citrix Blogs Sign in once, get more done: Why continuous identity is a strategic advantage – Citrix Blogs Security by design, proven by action with Citrix NetScaler – Citrix Blogs The invisible 80%—what corporate-led AI transformations can’t see – Citrix Blogs Workers don’t want to build automations. They want to delegate. – Citrix Blogs speed vs. security – Citrix Blogs AI will be THE interface to knowledge work. Here’s how we’ll get there. – Citrix Blogs Why I joined Citrix — and what it means for healthcare leaders – Citrix Blogs How the most successful CIOs are building successful merger and acquisition approaches – Citrix Blogs IT admits workers control AI. Workers admit they use it to leave at 5. – Citrix Blogs One identity. Every app. Now inside Citrix sessions. – Citrix Blogs Built-in AI intelligence that keeps IT focused – Citrix Blogs Everyone wants to provide your AI. Nobody wants to help you manage it. – Citrix Blogs Certificate lifetimes are shrinking—your business continuity doesn’t have to: Automating SSL/TLS at scale with NetScaler – Citrix Blogs Advancing Zero Trust at the browser – Citrix Blogs Citrix is headed to Microsoft Ignite 2025 as a Partner of the Year Finalist, top sponsor, and more! – Citrix Blogs Three trends reshaping how work happens – Citrix Blogs Our vision for secure access in a browser-first world – Citrix Blogs Will AI need to operate your legacy desktop apps or is direct file manipulation enough? – Citrix Blogs an executive blueprint for streamlined app delivery – Citrix Blogs AI just created 10,000 accidental citizen developers in your company. Welcome to the post-application era! – Citrix Blogs Why healthcare IT leaders are embracing Unicon + Imprivata – Citrix Blogs Windows 10 & IGEL OS 11 end-of-life: How Unicon OS turns deadlines into competitive advantage – Citrix Blogs The bitter lesson of workplace AI: Stop engineering, start enabling – Citrix Blogs If AI is normal technology, boring infrastructure is your best strategy – Citrix Blogs Innovation, efficiency, and the future of licensing – Citrix Blogs Worker-led AI isn’t shadow IT. It’s shadow strategy. – Citrix Blogs Everyone’s wrong about why enterprise AI is failing – Citrix Blogs Citrix Virtual Apps and Desktops 2507 Long Term Service Release is now available: Get current, stay ahead – Citrix Blogs If AI progress stopped today, we can still transform the enterprise with what we have – Citrix Blogs AI agents are the new insider threat. Secure them like human workers. – Citrix Blogs How NetScaler helps prevent a silent data breach decades in the making – Citrix Blogs What happens when AI agents score 100% in computing using benchmarks? – Citrix Blogs Citrix DaaS for Amazon WorkSpaces Core Managed Instances – Citrix Blogs Why AI agents will use the same desktops and apps as human workers – Citrix Blogs Modern applications need modern networking — Here’s what that means for your business – Citrix Blogs Powering your present, readying your future, and now available for all workloads – Citrix Blogs To understand AI’s future impact, check out this playbook from 150 years ago – Citrix Blogs The 7-stage roadmap for human-AI collaboration in the workplace (2025 edition) – Citrix Blogs Secure your business with Citrix and Google Chrome Enterprise Premium – Citrix Blogs AI agents need a secure place to work. The Citrix workspace is ready. – Citrix Blogs What’s New and Next with Citrix: Q&A from our May 2025 webinar – Citrix Blogs What if your CEO never sends the AI-first memo? – Citrix Blogs Your CEO just sent a company-wide “AI-First” memo. Now what? – Citrix Blogs Citrix and Nutanix team up to simplify virtual desktop management – Citrix Blogs eLux + Imprivata coming soon for healthcare and beyond – Citrix Blogs Rising costs. Aging hardware. One smart solution. – Citrix Blogs The desktop has dissolved. Now where does work live in 2025? – Citrix Blogs Citrix Virtual Apps and Desktops 2503 is now generally available – Citrix Blogs What does “AI” mean at Citrix? – Citrix Blogs Making sense of AI in the workplace: A starting point for leaders – Citrix Blogs Control the endpoint, control the experience – Citrix Blogs Why I joined Citrix and what I’m excited about – Citrix Blogs Citrix’s approach to Secure by Design – Citrix Blogs Citrix and NVIDIA partner to deliver AI Virtual Workstations – Citrix Blogs Welcoming Google Chrome Enterprise Premium into the Citrix platform – Citrix Blogs Apple M4 chip delivers another significant performance boost to Citrix VDA for macOS! – Citrix Blogs Updated STIG guidance for highly secure environments – Citrix Blogs It’s time to upgrade your hypervisor to XenServer 8! – Citrix Blogs Furthering our investment in the Citrix platform with the strategic acquisition of Unicon – Citrix Blogs Faster logins, more productivity – Citrix Blogs New optimization for Microsoft Teams in Citrix environments – Citrix Blogs Password spraying attacks on NetScaler/NetScaler Gateway – December 2024 – Citrix Blogs Citrix Secure Private Access delivers ZTNA in hybrid mode – Citrix Blogs Citrix strengthens zero trust security posture with strategic acquisitions of deviceTRUST and Strong Network – Citrix Blogs Ease your virtual machine device management with MCS & Intune – Citrix Blogs Free uberAgent training is now available on Pluralsight – Citrix Blogs Improved security, admin interfaces, and user experiences across the Citrix solution portfolio – Citrix Blogs Citrix ranked highest for all 4 Use Cases in the Gartner® Critical Capabilities for Desktop as a Service Report – Citrix Blogs Join us at Microsoft Ignite – Citrix innovations for the modern workplace – Citrix Blogs Improve user experiences and reliability with new expanded uberAgent entitlements – Citrix Blogs Citrix Secure Private Access now supports multi-session VDI – Citrix Blogs The new Citrix platform experience – Citrix Blogs Citrix Secure Private Access for ZTNA now supports Linux – Citrix Blogs Citrix Workspace app – いつの間に?Citrixへの入口がこんなに進化しました – Citrix Blogs Launch right into your Citrix environment with Desktop Lock – Citrix Blogs Making Policy Management Smarter and Simpler with Citrix Policy Sets – Citrix Blogs Image and Power Management Support for Azure Sovereign Air-gap – Citrix Blogs Think you have what it takes to be a CTP or CTA? Apply today! – Citrix Blogs How Citrix supports financial contact centers 24/7 – Citrix Blogs
Everyone’s worried about the wrong AI security risk – Citrix Blogs
Brian Madden · 2026-01-21 · via Citrix Blogs

Everyone’s worried about the wrong AI security risk

Everyones talking about Claude Cowork, a research preview from Anthropic which allows AI to operate your entire desktop, access your files, control your browser, and connect to hundreds of enterprise apps. You most likely have workers using it right now. And while there are many risks associated with random workers using Cowork in the enterprise, I feel that most IT professionals and corporate leaders are worrying about the wrong thing. 

The wrong risk 

When I talk to customers about AI security risks, I often hear fears like, “What if a worker pastes our secret recipe into ChatGPT and it ends up in the model?” Their fear is that corporate secrets will somehow get absorbed into the AI’s training data and then leak out to competitors through future responses. 

Luckily this isn’t really how large language models work. Your Tuesday afternoon prompt about Q3 projections doesn’t get folded into GPT-5’s knowledge base. That said, the “secrets absorbed into the model” scenario is still (by far!) the #1 risk I hear! 

But there’s a bigger risk to AI use in the workplace that people aren’t thinking about. 

The real risk is what AI does, not what it learns 

Employee-focused AI is evolving from “tool” to “assistant” to “coworker.” Claude Cowork illustrates this perfectly, as it moved from “AI that answers questions” to “AI that takes actions.” 

Claude Cowork does so much more than just chatting with workers. It operates their computer and has access to their files, browser, email, calendar, and any other enterprise apps they’ve connected. (Microsoft’s Copilot agents work the same way, as do Google’s Workspace agents and the dozens of other agentic tools hitting the market.) 

I’ve been tracking this progression for months now—from simple prompt-and-paste, through AI gaining ambient awareness of your screen, to AI actually operating your computer on your behalf. We’re now firmly in the stages where AI agents execute multi-step workflows across real enterprise systems while workers only half pay attention. This means: 

  • Whatever permissions the worker has, the AI has. 
  • Whatever systems the worker can touch, the AI can touch. 
  • Whatever mistakes the worker could make, the AI can make. (Just faster and at scale!) 

This latest batch of AI tools change the threat model completely. 

The breach won’t be exfiltration. It’ll be execution. 

What’s the first actual breach is going to look like? 

  • An AI agent, operating on behalf of a worker, pastes internal data to a public site. 
  • An AI agent, operating on behalf of a worker, deletes something important. 
  • An AI agent, operating on behalf of a worker, forwards a confidential document to an external email address because the worker’s voice command while walking down the street was slightly ambiguous. 
  • An AI agent, operating on behalf of a worker, is super gullible and falls for a prompt injection at some remote site which says it should bcc: all emails to itself from now on. 
  • Etc. 

This isn’t an AI model problem. This is a workflow execution problem. In all these cases, the AI didn’t absorb corporate secrets into its training data, it just did something with those secrets that the worker didn’t quite intend or because they weren’t fully supervising it. 

Workers don’t see the risk and therefore don’t care 

Many workers feel pressured to do more with less. They’ve got a pile of tasks—many which feel tedious and not particularly important—and suddenly this AI Cowork thing shows up that can knock them out faster. Why would they be worried about risk? This isn’t some weird AI in the cloud, Claude Cowork lives on their computer, works with their files, and operates in their browser. It feels personal, safe, and contained. This is local. It’s theirs! 

Whenever IT releases a policy memo saying workers shouldn’t use unapproved AI tools, it feels abstract and overly cautious. Workers just don’t see the actual risk (an automated AI agent with a worker’s permissions operating semi-autonomously across enterprise systems). 

Even the warnings from Anthropic in the Cowork product itself (there are lots!) don’t really land with workers. After all, AI apps have been warning users for years that AI can make mistakes, and so far, it’s been fine. These warnings are now so pervasive that they’re not even noticed anymore, so why should a worker think Claude Cowork is any different or riskier? 

Can’t IT just monitor things better? 

Security tools that “watch everything the worker does” exist. When AI is that worker, everyone welcomes that level of monitoring. Go ahead and record the screen, log every action, and review every output. That feels appropriate for AI workers. 

But when humans are the worker, those same monitoring tools cause revolts. (Remember the backlash from Microsoft Recall before it even went live?) Workers don’t want their employer watching every keystroke and mouse click. 

So what happens with something like Claude Cowork, where a human worker and AI worker operate in the same workspace? How do you know what’s human activity or AI activity? When do you enable the invasive monitoring and when do you back off? How do you tell the difference between a human making a mistake and an AI making a mistake on a human’s behalf? 

IT departments aren’t set up for this. They’ve been getting away with thinking “AI worker security is somewhere way down the road.” Claude Cowork shows that these are conversations we need to start having today. 

This has to be solved at the workspace, not the AI model 

If the risk was “LLM data leakage into training sets,” the solution would be better model training policies and data handling. That would be easy, as we could tell Anthropic, OpenAI, Microsoft, and/or Google to “be better” and we’re done. 

But since the actual risk is “AI agents executing actions in the work context”, that’s a workspace governance problem. That solution involves visibility into what agents are doing, what systems they’re touching, and what actions they’re taking on behalf of workers. 

This is why I’ve been writing about the workspace as the control plane. When AI operates everywhere (inside apps, inside browsers, inside the OS, inside standalone tools, just generally on the inside), the governance boundary has to be the workspace itself. 

This isn’t about blocking AI tools or forcing workers onto inferior “approved” alternatives. It’s about securing the space where AI and humans work together, regardless of which AI they’re using or how they’re using it. This is absolutely a solvable problem, but with a different solution than how we’ve solved IT security in the past. 


Read more & connect

Join the conversation and discuss this post on LinkedIn. You can find all my posts on my author page (or via RSS).

Brian Madden

Brian Madden is a VP & futurist at Citrix. He writes about the future of work, AI in the workplace, and the evolution of Citrix.