AI is Already in the Enterprise – With or Without Security

AI is now embedded across the enterprise. Employees use it regularly and extensively – to the point where companies depend on AI adoption to drive efficiency and business growth. As this dependency grows, so does the risk of unmanaged AI usage.

The problem isn’t AI adoption per se, but rather how AI is being adopted. Do security teams have visibility into AI usage? Are there clear guardrails in place? Unfortunately, many organizations would answer – no. But this is also when the approach to AI security starts to shift, and where CISOs start taking over.

AI isn’t just another SaaS tool, and CISOs are realizing that the risk model has changed – for good. Furthermore, these risks often fall outside existing security controls, opening a new world of challenges alongside current threats.  

To manage this, CISOs need clear priorities: understand where AI is being used, what risks it introduces, and how to manage them without slowing down innovation.

Here are the 6 risks every CISO should have on their radar:

1. Legacy Tools Can't See Shadow AI

AI usage is happening outside approved environments. Employees are using a wide range of AI applications without security oversight. Nothing new about this, but the speed and scale of AI usage is unprecedented.  

New AI applications appear daily, can be accessed instantly, and don’t require IT integration or procurement approval. Employees use native AI apps like ChatGPT, developers rely on AI coding assistants such as Claude Code, citizen developers are building custom AI apps, and even standard SaaS applications now integrate AI capabilities. Consequently, security teams have no way to know whether, where, or how AI is being used in the organization.

Enter Shadow AI.

Traditional discovery methods fail to capture the full scope of AI usage – resulting in blind spots. And without full visibility into AI applications and employee interactions, organizations face a critical AI discovery gap.  

The starting point is a visibility baseline, built on a comprehensive and accurate AI inventory. If security teams skip this – threat detection and policy enforcement will be incomplete, or worse, ineffective.

2. Private Data is Going Public

AI systems deliver value based on prompt input; the richer the context, the better the output. This means employees are entering sensitive information into public GenAI tools as part of their routine work.  

Internal documents, customer data, financial information, source code, and proprietary content are all being shared to generate better responses. While the employee's intent might not be malicious, the damage is already done.

Many of these AI systems operate outside enterprise control, and the data shared with them may be retained or reused for model training. Once data leaves the organization, security teams lose both visibility and the ability to enforce policies. This is also where traditional DLP tools fall short, as they were never designed to handle AI prompts or user interactions.

3. Adversarial Attacks Now Target GenAI Apps

GenAI systems can be manipulated through their inputs. Threat actors are already exploiting this via prompt injection, jailbreaks, and adversarial inputs – all designed to trick systems into producing incorrect, unintended, or harmful outputs.

As AI integrates into enterprise workflows, the stakes rise. When models connect to internal systems, manipulation is no longer limited to text output. Threat actors can exploit these integrations to gain full access into business systems and attack without restriction.

GenAI applications are part of the enterprise attack surface, and CISOs need to treat them as such. That means monitoring the full AI environment: inputs, outputs, integrations, and permissions – and policies that govern them.

4. AI Usage is Leaving Compliance Behind

Many organizations have already defined AI usage policies, however, the urgent issue is enforcement. AI usage is distributed across tools, teams, and environments, making consistent enforcement hard to achieve.

The regulatory landscape is also evolving quickly. Organizations are expected to demonstrate control over how AI is used, how data is handled, and how risks are managed. Manual processes can't keep up.

Without centralized visibility and automated enforcement, policies are merely theoretical guidelines, rather than actual controls. This can turn AI adoption into a compliance and security liability.  

5. AI Agents Can Cost – Operationally and Financially

AI is moving from passive assistant to active agent. AI agents are designed to act autonomously, but without proper controls, they can operate beyond their intended scope – a risk known as excessive agency.

Hallucinations or manipulated outputs can trigger real-world actions, and organizations need an effective way to govern AI agents and mitigate the risk of excessive agency. Ignoring this can quickly translate into financial loss and operational disruption.

Agent activity must be visible, auditable, and controlled.

6. AI is Happening Outside Approved Business Accounts

Employees often use personal accounts for AI tools because it's faster, simpler, and requires no setup. From a security perspective, this strips the enterprise of control, leaving no effective way to monitor usage, enforce policies, create an audit trail, or govern how corporate data is handled.

However, accountability remains. The organization is still responsible for how corporate data is used and what outputs are generated. To govern the organization’s AI environment, security teams need an effective way to ensure employees use licensed business accounts, rather than their unmanaged personal ones.

Bottom Line: The Challenge is Control, Not Adoption

AI adoption will continue. Blocking it is neither realistic nor a viable strategy. Across all six points, the gaps are consistent: limited visibility, inconsistent risk identification, lack of automation, and no real-time policy enforcement.

Addressing these challenges requires a unified approach to AI security – one that treats public GenAI, homegrown applications, and AI agents as a single ecosystem that must be continuously monitored and governed. CISOs who adopt this approach will be best positioned to support safe AI innovation without compromising security.