What is Shadow AI?
Shadow AI. What does that mean? It sounds ominous and scary, but in reality, it’s much scarier than you think. Shadow AI refers to the unauthorized and unmonitored use of AI products that you use at work that your company is unaware of. It’s a giant problem that’s getting worse day by day. There’s the ethical use of AI, and then there’s its little cousin, called shadow AI, which doesn’t really care much for ethics.
The 9 to 5 and Everyday Life
I’m going to present three scenarios that may occur in an average workday, and I want you to consider why these might be a red flag for the company you work for, even if they don’t seem like a big deal to you.
1) There’s a fundraiser coming up in a few weeks, and you’ve been assigned to create brochures that are going to be handed out to visitors and coworkers. You log into ChatGPT on a company computer with your personal account, upload your company logo and information, and then prompt “Generate a brochure for my company fundraiser,” and bam, we’re good to go!
2) You’re on your break at work with a coworker and you decide to have some fun and generate memes with ChatGPT on a personal account and on a company computer. You have the best time ever, and you vow to share this with everyone in the department in the next newsletter because they need to see it!
3) You’re understaffed at work, you’re stressed out, and you’re running behind on charting patient information. You have an idea and decide to log in to your personal ChatGPT account on a company computer, upload patient information, and then prompt it to organize the information into a table. Now you’ve caught up, and you can finally breathe!
Examination Time!
Did you see the issues here? They are little things that happen every single day. We will examine these scenarios and explain what went wrong.
Scenario 1: You logged into a personal account and uploaded private company assets into a public cloud to generate a brochure. That information will now be stored and used by whoever! That’s a huge security risk, and you were unaware of it because you were trying to resolve an issue you were experiencing at the time.
Scenario 2: You used a personal account to generate memes that you’re now going to share in the internal newsletter. You have no idea where these images originated from, and you may make your company liable for copyright infringement if someone decides to pursue legal action against you for using those images.
Scenario 3: You used a personal account on a work device and then uploaded sensitive patient information into a public cloud that others can now see. This is a huge breach of HIPAA and you just potentially jeopardized someone’s identity with your actions. PHI and PII are now out in the wild.
What Now?
These scenarios are becoming way too common in the workplace with the emergence of AI. The issue is that everyone wants to learn, explore, and make workflows more efficient. The problem with this is that your IT and security teams are not aware of it, and you’re putting your organization in hot water if something does happen.
How do you avoid these situations? Be careful when using various AI products in the workplace and at all costs do not use your trusty personal Chat GPT account. Your company may have its own enterprise license, so all you need to do is ask, and it may be provided to you.
Lastly, direct all questions about AI and its use to your IT, security, or AI governance teams. It’s the wild west right now, and you want to make sure you’re keeping yourself and others safe. AI isn’t evil, so be wise yet kind when using it; both you and our future machine overlords will end up happy in the long run.
