Have you managed to effectively identify shadow AI usage through audits/assessments? What challenges are you facing with shadow AI management so far?

The challenge is distinguishing genuine AI capabilities from mere marketing hype. Many vendors claim to have AI technology, which might not be the case, as it could merely be basic functions dressed up as AI. This makes it difficult to understand what we are actually dealing with and whether it aligns with our needs and compliance requirements.

At this stage, we are in the early phases of addressing shadow AI by channeling our employees towards using approved tools. However, with over 30,000 employees, there are unique needs that may not be met by the selected tools, leading to potential dissatisfaction and continued use of unapproved AI tools. We are employing similar methodologies used in shadow IT management to detect unauthorized AI tools that appear in our environment. This includes enhancing our training programs, specifically targeting management and IT teams to understand the risks and implementing technical controls at endpoints to monitor activities.