Nederlands
Deutsch
Employees use AI tools long before company policy catches up. For IT leaders this is not a future challenge but a present-day reality. Yet the risks and the solutions for shadow AI differ fundamentally from what we are used to with shadow IT.
In the January edition of InfoSecurity Magazine, Jan Marsman, Senior Solution Architect Cyber Security EMEA at Momentum, shares his view on this trend. Below the core takeaways, with practical pointers for IT and security leaders.
Shadow IT versus shadow AI
The parallel is clear: employees use tools that sit outside the official IT environment. But the toolkit has changed. Blocking a website or cloud app was a workable measure for shadow IT. For shadow AI it is not enough.
"With shadow IT, you can lock down a domain and the problem is largely gone," Marsman summarises. "With shadow AI, the data may look innocent at first glance but becomes context-rich the moment a prompt is sent. You need to see who sends what data, where to, and in which context."
To keep shadow AI manageable without stifling AI adoption, you need real-time analysis.
Jan Marsman, Senior Solution Architect Cyber Security EMEA
The three concrete risks
Marsman identifies three patterns we see returning in practice:
- Business-sensitive information that lands as input in external AI applications and stays there indefinitely.
- Customer and supplier data leaking through prompts or through integrations that were not reviewed by IT.
- Datasets gradually enriched to a level that looks harmless in fragments but becomes damaging when combined.
Why Cato's approach fits this problem
The technical challenge is that real-time analysis of AI traffic costs significant compute. Centralised inspection introduces latency, and latency disrupts user experience. Cato Networks solves this with a distributed Neural Edge: NVIDIA GPUs integrated into every Point of Presence, across tens of data centres worldwide. Inspection happens where the traffic is.
For organisations operating internationally this is a real advantage. Read in our SASE International Guide how we shape this principle for mid-enterprise customers with dozens of locations.
When is this relevant for your organisation?
Momentum focuses on organisations that already feel the limits of the old security model: at least ten international locations outside the home country, mid-enterprise scale, and the desire to embed security in the network rather than bolt it on. One contract, one SLA, one point of contact across all countries. We are among the first partners worldwide to offer this Cato AI Security solution.
The message is not "ban AI". Marsman is clear about that: "Users will adopt it anyway. There is now a solution to make it safe." A closer look at our approach is available in the complete SASE guide.
