Latest news with #ShadowAI
Globe and Mail
a day ago
- Business
- Globe and Mail
IBM Report: Canadians' Data Security Under Increased Threat, While Breach Costs Surge
AI Can Help Businesses Save Millions and Protect Consumer Data MARKHAM, ON, July 30, 2025 /CNW/ -- Data breaches in Canada are becoming more costly and complex, with organizations paying an average of CA$6.98 million per breach in 2025, according to the latest IBM Cost of a Data Breach Report. This represents a 10.4% increase from CA$6.32 million in 2024, reflecting the growing financial impact of security incidents. Among the report's findings is the rise of unsanctioned AI– known as Shadow AI – which amplify risks, escalate costs, and expose sensitive consumer data. Often introduced by employees using unapproved AI systems, shadow AI creates vulnerabilities and compliance issues for businesses.
Yahoo
09-07-2025
- Business
- Yahoo
Shadow AI emerges in the enterprise
This story was originally published on CIO Dive. To receive daily news and insights, subscribe to our free daily CIO Dive newsletter. Shadow AI is sprawling in the enterprise as workers bring their own AI tools to work, according to ManageEngine data. The company surveyed 350 IT decision makers and 350 professionals in the U.S. and Canada for the Tuesday report. More than 4 in 5 tech leaders say employee AI tool adoption is outpacing the capacity of IT teams to properly vet the applications for safety, according to the report. Meanwhile, 3 in 5 workers say they're using unsanctioned AI tools more than they were last year. Nearly two-thirds of decision makers identify data leakage or data exposure as the top risk surrounding shadow AI, according to the report. Businesses have poured countless resources into deploying AI tools in the enterprise, tailoring existing services with priority use cases and baking in data privacy guardrails. Employees who bring unsanctioned, consumer-grade tools to work threaten to expose corporate data and expand cybersecurity risks. One-third of surveyed employees say they've entered confidential client data into AI tools outside of approved company platforms, while 37% have plugged private company data into external AI systems. 'Shadow AI represents both the greatest governance risk and the biggest strategic opportunity in the enterprise,' said Ramprakash Ramamoorthy, director of AI research at ManageEngine, in a release. 'Organizations that will thrive are those that address the security threats and reframe shadow AI as a strategic indicator of genuine business needs." As AI use — sanctioned or otherwise — spreads across businesses, clear and enforced governance policies remain a pending matter for nearly half of businesses. Another looming gap is training, with 60% of employees recommending more education on the risks involved in AI use. To deter employee use of unapproved tools, businesses have pushed to make sanctioned AI platforms available quickly. Mondelēz International put Amazon Q, a generative AI-powered assistant, in the hands of its developers. Adoption spurred faster development times and eased training for new hires. Recommended Reading AI raises CIO cyber anxieties
National Post
08-07-2025
- Business
- National Post
Shadow AI as a Strategic Advantage: ManageEngine Report Points the Way Forward
Article content 97% of IT Decision Makers See Significant Risks of Shadow AI, While 91% of Employees See No Risk, Little Risk, or Risk That's Outweighed by Reward Article content AUSTIN, Texas — ManageEngine, a division of Zoho Corporation and a leading provider of enterprise IT management solutions, today released its report, The Shadow AI Surge in Enterprises: Insights from the U.S. and Canadian Workplace. Based on a survey of IT decision makers (ITDMs) and business employees, the report investigates the rise of shadow AI—unauthorized AI tools used for work—and identifies critical gaps that organizations need to close if they want to reduce the risks of shadow AI and turn it into a strategic advantage. Article content The rise: 60% of employees are using unapproved AI tools more than they were a year ago, and 93% of employees admit to inputting information into AI tools without approval. The risks: 63% of ITDMs see data leakage or exposure as the primary risk of shadow AI. Conversely, 91% of employees think shadow AI poses no risk, not much risk, or some risk that's outweighed by reward. The rewards: Summarizing notes or calls (55%), brainstorming (55%), and analyzing data or reports (47%) are the top tasks employees complete with shadow AI. Generative AI text tools (73%), AI writing tools (60%), and code assistants (59%) are the top AI tools ITDMs have approved for employee use. Article content 'Shadow AI represents both the greatest governance risk and the biggest strategic opportunity in the enterprise,' said Ramprakash Ramamoorthy, director of AI research at ManageEngine. 'Organizations that will thrive are those that address the security threats and reframe shadow AI as a strategic indicator of genuine business needs. IT leaders must shift from playing defense to proactively building transparent, collaborative, and secure AI ecosystems that employees feel empowered to use.' Article content Identifying the Shadow AI Gaps Article content To turn the use of shadow AI from a liability into a strategic advantage, IT leaders need to close the gaps in education, visibility, and governance revealed by the report. Specifically, a lack of education around AI model training, safe user behavior, and organizational impact is driving systematic misuse. Blind spots continue to grow in organizations, even as IT teams move to approve and integrate AI tools as quickly as possible. Meanwhile, shadow AI proliferates due to inadequate enforcement of established governance policies. Article content 85% of ITDMs report that employees are adopting AI tools faster than their IT teams can assess them. 32% of employees entered confidential client data into AI tools without confirming company approval, while 37% entered private, internal company data. 53% of ITDMs say employees' use of personal devices for work-related AI tasks is creating a blind spot in their organization's security posture. Only 54% of ITDMs report their organizations have implemented clear, enforced AI governance policies and actively monitor for unauthorized use, while 91% have implemented policies overall. Article content Proactively managing AI means harnessing employee initiative while maintaining security. It delivers the business value discovered in shadow AI but does so via AI tools that are approved by IT. To that end, ITDMs and employees make several strategic recommendations in the report. Article content 63% of ITDMs advise integrating approved AI tools into standard workflows and business applications, 60% suggest implementing clear policies on acceptable AI use, and 55% suggest establishing a list of vetted and approved tools. 66% of employees recommend setting clear policies that are fair and practical, 63% recommend providing official tools that are relevant to their tasks, and 60% advise providing better education on understanding the risks. Article content 'Shadow AI is a fatal flaw for most organizations,' said Sathish Sagayaraj Joseph, regional technical head at ManageEngine. 'IT teams can't manage risk they can't see—and they can't enable business value that users won't divulge. Proactive AI management unites IT and business professionals in their pursuit of common, organizational goals. That means employees are equipped to understand and avoid AI-related risks, and IT is empowered to help them use AI in ways that drive real business outcomes.' The full report, The Shadow AI Surge in Enterprises: Insights from the U.S. and Canadian Workplace, is available for download here. Article content Survey Methodology Article content In May 2025, ManageEngine commissioned independent market research agency Censuswide to conduct a study of 350 ITDMs and 350 working professionals across the U.S. and Canada, employed in organizations with at least 500 employees and $10M in annual revenue. The survey explored AI usage patterns, security concerns, and governance gaps, with a focus on real-world behaviors across organizations of varying sizes and industries. Article content About ManageEngine Article content Article content Article content Article content Contacts Article content Media Contact Article content Article content Ahana Vissa Article content Article content Article content
Forbes
25-06-2025
- Business
- Forbes
Securing SaaS In The Age Of AI: What CISOs Need To Know
Galit Lubetzky Sharon was Head of the Stategic Center of the IDF's Cyber Defense Division and is now the Co-Founder & CEO of Wing Security. AI is everywhere. It's driving productivity, accelerating workflows and powering SaaS for every department. But while AI tools are making life easier for teams, they are also creating new opportunities for cybersecurity attacks. The unpleasant truth is that the security implications of AI are growing fast. CISOs and security teams need to understand where these risks are emerging and get ahead of them fast. Shadow AI is the new shadow IT. AI-powered apps are entering your SaaS stack often without approval from your security team. Tools that seem harmless, such as writing assistants, meeting notetakers or document summarizers, can plug directly into your SaaS environment and access sensitive data. Some of these tools request broad access to emails, file storage or chat platforms. Others quietly collect user inputs. If they are operating outside of monitored processes, they increase your organization's exposure, and you won't even know about it. Make sure you know if the apps in your stack utilize AI and understand the potential risks of that exposure. AI integrations can go from access to exploitation. AI tools often require deep access to functions, including admin-level permissions, API keys or OAuth tokens. Once granted, this access is hard to track and even harder to revoke. If a connected AI tool is compromised, the attacker also inherits its permissions. A single compromised integration can become a foothold into your SaaS ecosystem and allow attackers to move laterally from there. This is why it's so important to be aware of the permissions granted to AI apps and monitor to ensure those permissions are removed when no longer needed. Weak privacy laws create long-term exposure. AI privacy regulations are still evolving in many regions. As a result, vendors have broad leeway in how they collect, process and store your company's data. Without strong legal protections or vendor transparency, sensitive internal information shared with AI tools can end up being stored, reused or even incorporated into the training datasets of your competitors. This means your product road map, brand terminology or financial models could become part of someone else's model training process. It's important to assess the data policy of your AI vendor to make sure it aligns with your company policy. AI is helping attackers move faster. On top of the risks discussed above, attackers are also using AI to scale and enhance their attacks. From tailored phishing emails to automating credential stuffing across multiple platforms, AI has lowered the barrier for launching large-scale identity-based attacks and increased their success rate. These attacks are more efficient, are harder to detect and often mimic legitimate activity with alarming accuracy. What used to be one-off attacks can now be executed at scale with minimal effort. So, the same way that AI is accelerating your work, it is accelerating breaches. There is no time to wait for an airtight security policy around AI. The time to implement strategies and tools is now. Can you have safe AI in your organization? AI adoption is not slowing down, and simply avoiding AI is not realistic and not the goal. What you can do is focus on visibility, control and consistent enforcement. You can only secure what you can see. Identify all AI-powered tools in use across your organization, including embedded features and third-party integrations. A strong SaaS security posture management (SSPM) solution can help uncover what might otherwise go undetected. AI tools often request more access than they actually need to serve their intended purpose. Review access scopes closely and apply least privilege policies. Pay attention to any tool requesting access to documents, calendars, messaging platforms or admin-level functions. When in doubt, reject. Most employees want to do the right thing but might not understand the risks. Provide practical, easy-to-follow guidelines and provide training. Do not assume that employees are reading memos or organization-wide emails. Any tool that processes your company's data is a vendor and should be vetted accordingly. This means conducting risk assessments, reviewing how data is handled and requiring security controls and adherence to compliance standards. Achieve a safe AI reality. With AI, the risks are getting more complex, but SaaS security can still be controlled. My advice is not to fear AI, but to approach it with a clear strategy. By understanding the risks, establishing clear policies and implementing the right tools, you can enable productivity and innovation without compromising on your security. The threat landscape is changing. Is your SaaS security agile enough to change with it? Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
Yahoo
12-02-2025
- Business
- Yahoo
Torii Unveils 2025 SaaS Benchmark Report, Exposing the True Cost of Shadow AI & SaaS Sprawl
NEW YORK, February 12, 2025--(BUSINESS WIRE)--Torii, the leader in SaaS Management, has unveiled its highly anticipated 2025 SaaS Benchmark Annual Report, exposing the staggering financial and security threats posed by Shadow AI and unchecked SaaS sprawl. Based on exclusive first-party data from hundreds of organizations, the report highlights how businesses are struggling with a dramatic rise in Shadow IT—now dominated by AI-powered tools. Most businesses today recognize the threat of Shadow AI—unsanctioned AI use outside IT governance—but few realize how pervasive it already is. Because these tools often rely on proprietary company data, they pose significant security and compliance risks, and since they often use a consumption-based pricing model, they can undermine cost management. Importantly, while some instances of Shadow AI are new apps, many are AI-driven features within already approved software. Yet despite these differences, in many ways, Shadow AI is simply the next chapter in the same story of software governance. Since its founding in 2017, Torii has tackled SaaS sprawl with a visibility-first approach to SaaS Management. Today's AI surge is another form of ungoverned software that can be secured and optimized if it is first discovered. Torii remains the market leader, ensuring IT teams stay ahead of risks and inefficiencies before they escalate. Want to see how Shadow AI is silently driving up your costs? Read the full 2025 SaaS Benchmark Report here. The Cost of Unchecked SaaS Sprawl: Key Findings The surge in AI-driven tools is reshaping software ecosystems, adding new urgency to long-standing SaaS sprawl challenges. Shadow AI now accounts for the majority of newly unmanaged applications, further complicating visibility, cost tracking, and compliance efforts. Torii's SaaS Benchmark Report quantifies the true scale of Shadow AI's impact, revealing just how pervasive and costly the issue has already become: Organizations manage an average of 668 applications—over half (54%) classified as Shadow IT – As software portfolios continue to expand, Shadow AI has fueled much of the 21% increase in total app counts across five company sizes since Q1 2024, intensifying visibility and cost challenges for IT teams. AI-driven tools make up the majority of unmanaged applications– The top four most frequently unmanaged apps in companies are 100% AI-driven tools, with four of the next five also AI-dependent. This unchecked AI adoption outside IT oversight makes cost tracking nearly impossible due to unpredictable consumption-based pricing models. 61% of SaaS applications are inactive, yet companies continue paying for them – Many of these applications have had no active users in the last 30 days, yet they still carry active, paid licenses. At the same time, both average and median SaaS contract values have increased year-over-year, making renewals a crucial opportunity for cost containment and right-sizing entitlements. "The extent of Shadow AI and underutilized applications that would have gone unnoticed without Torii is staggering," said Uri Haramati, CEO and Co-Founder of Torii. "Organizations don't realize how much budget waste and compliance risk is hidden in their software stacks. This report highlights how Torii is giving IT leaders the visibility, insights, and automation they need to stay ahead—before costs and risk spiral out of control." Torii Customers Take Control of Shadow AI & SaaS Sprawl Torii customers rely on the platform's industry-leading, multi-source discovery and intelligent automations to gain unmatched visibility into their software ecosystem. By exposing hidden software, optimizing spend, and enforcing compliance, Torii ensures IT teams stay ahead of risks and inefficiencies before they escalate: Daryl Dore, Director of IT at Higher Logic, shares: "My first budget season I almost quit my job because it was so painful. With Torii, I only have to spend about four hours on it. Now, Finance relies on me to correct their budget because my data is more accurate." Joshua James, IT Operations Expert at Sennder, explains: "Torii gives us a central source of truth for all things SaaS. Now, we have control over our apps and expenses. I fully recommend Torii for its great SaaS detection, time-saving workflows, and comprehensive cost savings." Raveh Kahaner, Head of Global Procurement at HiBob, shares: "After deploying Torii I was taken aback by the huge gap between the SaaS apps we were managing, how many we believed existed, and the reality. We knew we were struggling to account for all of our SaaS apps, but had no idea there were hundreds of them left unaccounted for. Torii gave us that visibility." Torii: The Must-Have Platform for Tackling Shadow AI Torii's latest research highlights the critical insights that often go unnoticed until it's too late. Without the right tools, organizations struggle to uncover Shadow AI, hidden software costs, and compliance blind spots. Torii's discovery capabilities, cost-saving insights, and automation empower IT teams to take a proactive approach, shifting from reactive firefighting to strategic technology advisors. By revealing the true state of software environments, Torii helps businesses close compliance gaps, optimize spending, and drive operational efficiency with ease. To explore the full insights, access the 2025 SaaS Benchmark Annual Report here. For more information on how Torii is reshaping SaaS management, visit View source version on Contacts Media Contact: Lauren WhiteheadDirector, Product Sign in to access your portfolio
