The latest Cloud Threat Report shows that employees using their personal accounts to access LLM tools such as ChatGPT, Google Gemini, Copilot and others has become one of the main channels for enterprise data breaches, with genAI-related data policy breaches averaging a whopping 223 per month, a double increase from last year. According to the report, the number of tips sent to generative AI applications in some organizations has increased six-fold in one year, with the head 1% enterprise submitting more than 1.4 million tips per month, which contain highly sensitive data such as source code, contract text, customer information and even credentials, which, once used for model training or secondarily stolen, will pose long-term irreversible risks to compliance and intellectual property rights. The commonality of this kind of Shadow AI is that it is "invisible and unmanageable": security teams tend to focus only on the official access to the big model, while ignoring the grey channels of browsers, personal accounts and mobile, and in the future it will be overlaid with personalized ads based on the context of the session and third-party plug-in ecosystems, which will further blur the boundaries of data. Enterprises should establish genAI usage policies and classification and grading norms as soon as possible, identify and block AI traffic with the help of CASB/SASE, prohibit personal LLM access by default for highly sensitive sectors, and introduce enterprise version of controlled LLM as an alternative, with supporting auditing and data minimization strategies.
