Sunlight on Shadow AI: When Security Learns to Tinker—Rob T. Lee from the SANS Institute on AI Risk

Most security playbooks weren’t built for an era where AI moves faster than policy. Rob T. Lee says the default answer of “no” is creating a far bigger problem: shadow AI — widespread, unsanctioned usage that quietly exposes organizations to risk.

Rob T. Lee — Chief of Research & Chief AI Officer at the SANS Institute — joins Wade to unpack pragmatic ways leaders can move forward without breaking things. From the “tinker/hacker” mindset that helps teams learn, to treating security like a lifeguard (not a chokehold), Rob lays out the short, repeatable moves that actually get enterprises experimenting safely: enable small experiments, create accountability partners (not mythical “AI champions”), red-team your integrations, and make governance part of the daily routine.

In this episode you’ll hear:

• Why a blanket “no” to AI creates shadow AI and greater risk.
• How to flip policy toward a cautious “yes” and act like a lifeguard, not a jailer.
• Practical training tactics: 30 minutes a day, micro-projects, and hackathons.
• What good AI governance looks like — rules of acceptable use, vendor checks, red teams, and regulatory thinking.
• Why executives and boards need to be hands-on learners, not just hire an “expert.”
• The origins and purpose of the SANS Secure AI Blueprint and how to use it to align strategy, governance, and operations.

Guest: Rob T. Lee — Chief of Research & Chief AI Officer, SANS Institute