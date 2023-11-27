It has been a full year since OpenAI's ChatGPT found its way into the vernacular of the day, quickly followed by Google's Bard and other generative AI offerings. Before you could say Rumpelstiltskin, it seemed employees, contractors, customers, and partners were all flexing their newfound shiny object — the AI engines employing large language models about which they had little knowledge.

People were amazed when these tools enhanced knowledge and accuracy and marvelled as well at the economy of time they could help create. They were equally amazed when the engine didn't have a clue and provided nonsense answers or hallucinations and thus proved to be a waste of time — but not for long.

The unintended consequences of querying AI engines soon reared their ugly head, as evidenced by the early 2023 incident at Samsung, who found trade secrets had been blithely uploaded into ChatGPT. While the information was apparently quite positive, the trade secrets weren't secret any longer as they had been shared with ChatGPT parent OpenAI and anyone making a similar query could (hypothetically) be benefiting from the engineer's input.

The rapid rise of shadow AI should come as no surprise

Samsung handled this discovery, in my opinion, in precisely the right manner. A big oopsie, and let's not let this happen again, we need to develop our own in-house capabilities so that trade secrets remain secret.

To all, including those with but a scintilla of experience in information technology provision and support, it was obvious that when the AI engines were availed to the masses, the headwaters which form the river of risk had a new mother source: the AI query engine. Shadow IT had a newborn sibling, shadow AI.

The arrival of shadow AI shouldn't really be a surprise, observes Alon Schindel, director of data and threat research at Wiz, who shared how it is analogous to "where cloud was five to 10 years ago: everyone is using it to some extent, but very few have a process to govern it."