BrianKrebsAgentic AI-based services are the new Shadow IT. Change my mind.
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
Dan Sugalski@briankrebs I am also really curious how many people have aggressively violated various privacy laws by feeding stuff into various LLMs for "summary" and "analysis".
Frankly it should be a much larger compliance nightmare than it is. (Or, I suppose, it *is* a ginormous compliance nightmare and just right now everyone's thinking it isn't. Incorrectly)
dacavetroll@wordshaper @briankrebs What I'm seeing in US corporate circles is sort of what you would expect - focus on liability reduction rather than solutions because it's too early for solutions and they're too caught up in FOMO to say no. They buy a small number of vendor-supported AI tools with legal agreements that claim to keep all user data inside the purchased tenant, establish policy that all employees must use the purchased solutions, and block the rest at the proxy server.
@wordshaper @briankrebs This isn't in any way a fix but when they get sued in theory it reduces their payout.