Today in Tech Inside Shadow AI: The Hidden Cyber Threat Already Inside Your Company
Nov 20, 2025
Etay Maor, a cybersecurity expert and adjunct professor at Boston College, dives into the hidden dangers of Shadow AI in this insightful discussion. He reveals how unsanctioned AI tools are leaking sensitive company data, making AI the weakest link in security. Maor explores how attackers are jailbreaking AI models to optimize fraud, phishing, and deepfakes. He emphasizes the critical need for organizations to enforce AI policies, monitor usage, and train employees to prevent accidental data leaks and ensure robust defenses against evolving cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Shadow AI Is A Hidden Attack Surface
- Shadow AI is unsanctioned AI tools used by employees that IT often cannot see or secure.
- This hidden usage creates unmonitored attack surface and data-exfiltration risks for organizations.
AI Can Be The Weakest Link
- Etay Maor reframes the weakest link: AI can be weaker than humans because it makes mistakes and is easy to manipulate.
- Attackers may prefer targeting AI systems over humans due to predictable failures and insider-like risks.
Observe Before You Enforce AI Policy
- Start with observability: detect and see what AI tools employees use before making policies.
- Then contextualize, decide policies, and enforce them (OODA loop applied to AI use).