Back

#265

March 2, 2026

EP265 Beyond Shadow IT: Unsanctioned AI Agents Don't Just Talk, They Act!

Guest:

Alastair Paterson, CEO and co-founder @ Harmonic Security

Topics:

Artificial Intelligence

29:29

Subscribe at YouTube

Subscribe at Spotify

Subscribe at Apple Podcasts

Topics covered:

Harmonic Security focuses on securing generative AI in use. Can you walk us through a real, anonymized example of a data leak caused by employee AI usage that your platform has identified?
AI governance gets thrown around a lot. What does this mean in the context of Shadow AI? How should organizations be thinking about governing AI in light of upcoming AI regulations in the US and in the EU?
If we generally agree that employees are using AI tools before they are sanctioned, how can organizations control this? Network, API, endpoint?
Many organizations struggle with the "ban vs. embrace" debate for generative AI. Based on your experience, what's a compelling argument for moving from a blanket ban to a managed, secure adoption model? Can you share a success story where this approach demonstrably reduced risk?
The term "shadow AI" is often used interchangeably with "shadow IT" (but for AI-powered applications) but you've highlighted that AI is a different beast. What is the single biggest distinction between managing the risk of unsanctioned AI tools versus unsanctioned IT applications?
Looking forward, where do you see the biggest risks in the evolution of shadow AI? For instance, will the next threat be from highly specialized AI agents trained on proprietary data, or from the rapid proliferation of new, unmonitored open-source models?
Given the speed of change in this space, what's one piece of advice you'd give to a CISO today who is just beginning to get a handle on their organization's shadow AI problem?

Resources:

Video version
Harmonic Security research
Shadow AI Strikes Back: Enterprise AI Absent Oversight in the Age of Gen AI blog
Shadow Agents: A New Era of Shadow AI Risk in the Enterprise blog (RSA 2026 presentation coming!)
Spotlighting ‘shadow AI’: How to protect against risky AI practices blog
EP171 GenAI in the Wrong Hands: Unmasking the Threat of Malicious AI and Defending Against the Dark Side (aka “dirty bomb episode”)
A Conversation with Alastair Paterson from Harmonic Security video
The Dark Side of MCP: Security Risks and How to Regain Control of Agentic AI Workflowsblog

Do you have something cool to share? Some questions? Let us know:

language Web cloud.withgoogle.com/cloudsecurity/podcast
mail_outline Mail cloudsecuritypodcast@google.com
Twitter @CloudSecPodcast
Download podcast

Transcript

The discussion centered on the evolving landscape of Shadow AI and the practical challenges enterprises face as employees integrate generative AI into their workflows. Rather than focusing on theoretical "robot rebellions" or extreme "FUD" (Fear, Uncertainty, and Doubt), the conversation addressed the tangible risks of sensitive data exfiltration and the rise of shadow agents and citizen developers. The dialogue emphasized a shift from a "block-first" mentality to a managed adoption strategy, where security teams act as business enablers.

Detailed Conversation Analysis

1. The Reality of Modern Shadow AI

The conversation opened by debunking "sci-fi" risks in favor of immediate, observable threats. The primary risk identified is not malicious intent, but productivity-driven bypasses. Employees, including high-level executives and "Heads of AI," frequently bypass corporate restrictions by using personal devices and "consumer-grade" AI tools when official channels are blocked.

A notable example involved a law firm intern who inadvertently leaked sensitive client data by using a personal ChatGPT account to summarize meeting notes. In another instance, a designer at a battery technology firm uploaded proprietary IP to China-hosted AI platforms because Western models were restricted by corporate policy. This illustrates the Iron Law of Prohibition in IT: banning a tool often drives users toward more dangerous, unmonitored alternatives.

2. The Four Archetypes of Corporate AI Adoption

Organizations generally fall into one of four distinct buckets based on their AI stance:

The Prohibitors: Attempting to block all AI (often unsuccessfully).

The Pressured: Blocking AI but facing immense internal pressure to open access.

The Ungoverned: Open access due to cultural inability to block, but operating without visibility.

The Unaware: Open access with no perceived sense of risk.

Most enterprises currently fall into the middle two categories, struggling with the "control challenge" while acknowledging the existential necessity of AI for business competition.

3. Moving from "Block" to "Enable"

The "business case" for security has shifted. While traditional security (like threat intelligence) was often seen as a "nice-to-have," AI adoption is viewed as business-critical. A notable success story involved a 6,000-employee company moving from a restrictive "Co-pilot only" stance to a managed model. This resulted in a 72% reduction in data leakage and a 300% boost in AI adoption. By providing a "governance layer" that coaches and nudges users rather than simply breaking connections, the security team became a strategic partner rather than a roadblock.

4. Technical Controls & The Endpoint Shift

The group discussed where technical controls should reside. While CASB (Cloud Access Security Broker) and network-level blocks were the initial go-to solutions, the complexity of AI—including agentic workflows and local IDE integrations like Cursor—makes the endpoint and the browser the most effective control points. These locations provide the necessary context to understand user intent and offer real-time "nudges" to prevent sensitive uploads.

5. Emerging Threats: Shadow Agents & Citizen Developers

The conversation turned to the most concerning emerging trends:

Shadow Agents: General-purpose AI agents that employees voluntarily connect to corporate systems (like CRMs) to automate tasks. This creates unchecked data proliferation via protocols like MCP (Model Context Protocol).

Citizen Developers: Employees using AI to "vibe code" custom tools. While productive, this creates a "mess" of unmaintained, undocumented, and potentially insecure applications that persist long after the creator leaves the company.

Key Topic Timeline

Introduction and Tone Setting

Transition from "FUD" (Fear, Uncertainty, and Doubt) to realistic security concerns.

Introduction of Alastair Paterson and Harmonic Security's focus.

The Data Leakage Reality

Analysis of 22 million prompts and the 25% sensitivity rate.

Real-world examples: Law firm interns and IP leakage to foreign-hosted models.

The Iron Law of IT Prohibition

How banning "safe" AI tools leads employees to "shadow IT" and riskier alternatives.

The anecdote of the "Head of AI" using a personal laptop to bypass blocks.

Organizational Stances on AI

The four buckets of enterprise AI adoption.

The shift from "The No-Go" to "The Enabler."

Governance and Use Case Focus

The importance of understanding why employees use specific tools (e.g., recruiters using Cursor).

Moving away from seeing AI as just another "SaaS category."

Technical Implementation

The limitations of network/CASB controls.

The move toward endpoint-based visibility and user "coaching."

The Rise of Agents and Citizen Developers

Risks associated with Model Context Protocol (MCP) and connecting agents to CRMs.

The long-term maintenance and security debt of "vibe-coded" internal tools.

Closing Advice for CISOs

The opportunity for CISOs to become strategic business partners.

Recommendation for evidence-based security strategies over "vibes."

View more episodes