What We Do in the Shadows…with Shadow AI: The Growing Business Risk of Unauthorized Artificial Intelligence Tools | McCarter & English, LLP

Here’s a summary of the article in an unordered list with 6 key points:

Emerging AI Use Among Employees: Many employers are implementing AI in their operations while some employees may use unauthorized AI tools without company policies in place, which can lead to unintended risks.
Shadow AI Risks: Employees using “Shadow AI” can lead to significant compliance and mitigation risks, especially if they use unsanctioned tools that do not meet privacy and security requirements.
Case Study: Community Bank Incident: The Community Bank reported a cybersecurity incident where nonpublic customer information was processed using an unauthorized AI tool, leading to regulatory and mitigation actions at significant cost and negative publicity.
Potential Enforcement, Litigation and Security Risks: The unauthorized use of nonpublic data on AI platforms can trigger a range of legal and compliance risks, including fines, penalties, lawsuits, and violations of various privacy laws and government requirements.
Governance and Training Requirements: Businesses need to establish secure, controlled AI governance frameworks involving IT, legal, and compliance teams, and ensure employees are well informed and trained on approved AI tool usage.
Incident Response and Vendor Policies: Companies should review incident response plans and update them to address AI-related data exposure, consider updating policies based on vendor guidelines, and ensure compliance with data privacy laws and regulations.