Adopting Zero Trust

Adopting Zero Trust

Adopting Zero Trust
Adopting Zero Trust
Shadows Within Shadows: How AI is Challenging IT
0:00
-48:12

Shadows Within Shadows: How AI is Challenging IT

S04 EP 04: Island’s Chief Customer Officer, Bradon Rogers, chats shadow IT and how AI is compounding the issue.
Elliot Volkman's avatar
Neal's avatar
Elliot Volkman
and
Neal
Mar 20, 2025
Share
Transcript

Catch this episode on YouTube, Apple, Spotify, or Amazon. You can read the show notes here.

Shadow IT has long been a challenge for organizations, with employees adopting unsanctioned applications to boost productivity or occasionally for more personal reasons (like playing games remotely). While businesses have made strides in managing these risks, a new wave of shadow IT has emerged—one powered by generative

This week, we chatted with Bradon Rogers, Island's Chief Customer Officer, to explore how AI is reshaping security challenges and how enterprise browsing solutions are evolving to address them.

Here are the key takeaways from the podcast discussion on shadow AI and enterprise security:

Key Takeaways

  • AI is Accelerating Shadow IT Risks

  • AI is embedded within approved enterprise applications, making its presence less obvious.

  • Some AI-powered tools automatically opt users into data sharing or model training.

  • Enterprise data may be cross-contaminated with other customers’ data, raising security and compliance concerns.

  • AI-generated derivative data can bypass traditional DLP solutions, making data loss harder to detect.

  • Application boundaries prevent corporate data from leaking into personal AI tools.

  • Instead of outright blocking AI, companies should guide users toward sanctioned AI environments.

  • Transparency is key: employees need clear communication on AI risks and corporate policies.

Editor’s Note

This is your annual notice that we will be at RSAC, and we do plan to record an episode or two if possible. We’ve received a bunch of pitches to meet with guests but have not yet scheduled anything. If you want to record on-site, please be sure to pitch stories instead of people. I am also looking for potential guests for Microsoft’s Threat Intelligence Podcast and possibly another larger one if you have a non-vendor global CISO handy. Slide into my inbox if you have something of interest: elliot @ elliotvolkman[.]com.

Outside of that, swing by the Palace hotel where we’ll be hosting plenty of auxiliary sessions including a threat intel panel on Wednesday morning.

Shadow IT: Then and Now

“It’s like shadows within shadows now… You've got the obvious generative AI destinations like ChatGPT, but then you’ve got other things that are less obvious, where generative AI is built into the application,” said Rogers.

Bradon traced the origins of shadow IT to employees seeking convenient tools that organizations had not yet provided. Early examples included cloud storage solutions like Dropbox, which employees used to bypass outdated or unavailable corporate alternatives. As businesses caught up and introduced secure, sanctioned solutions, traditional shadow IT concerns declined.

However, the rise of generative AI has created a new frontier. Unlike past shadow IT, AI-driven tools are often embedded within applications, making them less obvious. Employees now leverage AI chatbots, automated workflows, and content generators—sometimes unknowingly opting into AI models that use company data for training. This creates unseen vulnerabilities that IT teams must address.

The Challenges of AI-Driven Shadow IT

According to Bradon, AI-powered applications present unique risks, including:

  • Embedded AI: Many AI features are baked into existing, approved tools without clear notifications to users.

  • Global Data Pools: Enterprise AI models often rely on aggregated data, meaning sensitive information could be exposed beyond an organization's control.

  • Derivative Data Risks: AI can transform sensitive data into new formats, making traditional detection methods ineffective.

As AI adoption surges, businesses must implement policies that balance productivity with security. These policies must ensure that data remains protected while enabling employees to use AI responsibly.

“You’ve got end users trying to find cheat codes to do their jobs faster, executives pushing to gain a competitive edge—sometimes without fully understanding the risks—and providers embedding AI into products to stay ahead. That creates a complex security landscape.”

The Role of Enterprise Browsers in Security

One of the key takeaways from the discussion was how enterprise browsers, like those developed by Island, can help mitigate shadow IT risks while enhancing user experience. Bradon emphasized that enterprise browsers create secure environments for accessing corporate applications without sacrificing usability. Key benefits include:

  • Application Boundaries: Enterprise browsers define clear lines between corporate and personal apps, preventing unauthorized data movement.

  • Zero Trust Network Access (ZTNA): Instead of traditional VPNs, enterprise browsers provide secure, seamless access to internal applications without exposing the broader network.

  • Granular Policy Enforcement: Organizations can enforce AI-specific security measures, such as blocking sensitive data uploads to AI tools or directing downloads to secure corporate storage.

A Future-Proof Approach to Security

As AI-driven shadow IT continues to evolve, organizations must adopt security strategies that go beyond simple blocking mechanisms. Enterprise browsers offer a “say yes” approach—allowing employees to leverage innovative tools while maintaining security and compliance. By enforcing contextual policies and ensuring data stays within approved applications, businesses can navigate this new landscape with confidence.

Discussion about this episode

© 2025 Adopting Zero Trust
PrivacyTermsCollection notice
Start writingGet the app
Substack is the home for great culture