How are you adapting your strategies to manage risks associated with shadow AI?

We've introduced targeted training to help management and IT understand the risks associated with AI tools. This is crucial for maintaining control over the tools used by our workforce, especially as we integrate more AI solutions to support our service delivery. Additionally, with the introduction of the European AI Act, we've had to collaborate closely with our legal and procurement teams to ensure that our vendor risk assessments and contracts reflect these new legal requirements.

From a third-party risk management perspective, identifying genuine AI capabilities involves asking specific questions and reviewing terms and conditions with vendors. The challenge is not just technical but also scales with the number of third parties we work with. Ensuring that we have accurate data to make informed decisions is a continual challenge.