{"data":{"id":"12ddd4b4-74d1-461a-bcfa-667c9c442dc4","title":"A 5-step approach to taming shadow AI","summary":"Shadow AI refers to unauthorized use of AI tools by employees without proper oversight, which creates risks like exposing sensitive data and making unreliable decisions. Most organizations lack formal AI risk frameworks (only 23.8% have them in place), allowing these unsanctioned tools to spread unchecked. The source recommends using a structured methodology like the NIST AI Risk Management Framework combined with visibility tools to discover, assess, and control AI usage across an organization.","solution":"The source outlines a five-step approach: (1) Uncover and inventory shadow AI using targeted questionnaires, traffic analysis, and log inspection to identify which AI systems employees are using; (2) Standardize assessment using the NIST AI Risk Management Framework's four functions (govern, map, measure, manage) to evaluate risk in business terms; (3-5) Steps not fully detailed in the provided excerpt. For governance specifically, the source states: 'assign clear ownership, decision rights and acceptable-use rules for data handling and AI outputs.' The source also recommends AI safety training for all employees (not just engineers) who interact with sensitive data or production systems.","labels":["safety","policy"],"sourceUrl":"https://www.csoonline.com/article/4143096/a-5-step-approach-to-taming-shadow-ai.html","publishedAt":"2026-03-11T10:00:00.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"info","attackType":[],"issueType":"news","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":[],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-03-11T10:00:00.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}