Shadow AI
Coverage of Shadow AI in the Nexus archive.
- What 2026 DBIR Confirms: Attacks Are Living in the Browser
The 2026 Verizon DBIR report highlights that phishing, shadow AI, malicious browser extensions, and credential theft are increasingly occurring within web browsers, underscoring significant security vulnerabilities at the browser layer.
- What 2,000 Exposed Vibe-Coded Apps Reveal About the Limits of Most Security Stacks
The article discusses how Shadow AI has evolved from employees using ChatGPT to building full applications without security or IT involvement, exposing new risks. The 'The Shadow Builders' report highlights these vulnerabilities in existing security stacks.
- Bosses blinded by confidence about shadow AI use by workers
Over half of businesses experienced AI-related security incidents or close calls in the past year, driven by employees using unapproved AI tools (shadow AI). Despite this, 90% of executives overestimate their visibility into AI tool usage, with 52% of knowledge workers admitting to using unauthorized AI tools.
- 5 Steps to Managing Shadow AI Tools Without Slowing Down Employees
Employees commonly use 3-5 AI tools daily without IT review, including writing assistants, coding copilots, and meeting summarizers. These tools enhance productivity by enabling faster workflows, though their unreviewed use raises management challenges.
- Learning from the Vercel breach: Shadow AI & OAuth sprawl
The Vercel breach highlights risks from third-party OAuth integrations, showing how a compromised app can expose customer environments. Push warns that OAuth sprawl and Shadow AI practices amplify security vulnerabilities.
- Glasswing Secured the Code. The Rest of Your Stack Is Still on You
Glasswing has secured code, but vulnerabilities persist in other areas like shadow IT, SaaS, and emerging shadow AI. Attackers can exploit these without needing advanced AI models.
- Browser Extensions Are the New AI Consumption Channel That No One Is Talking About
A new report from LayerX reveals that AI browser extensions are a significant, overlooked security threat, highlighting a critical blind spot in AI security discussions that focus on 'shadow' AI and GenAI consumption.
- The Hidden Security Risks of Shadow AI in Enterprises
Employees are adopting AI tools without IT approval, leading to security risks as these tools operate outside security controls, creating blind spots in what's termed shadow AI. This mirrors the shadow IT phenomenon but introduces new vulnerabilities.
- Shadow AI in Healthcare Is Here to Stay
The article discusses the persistent use of AI tools by medical professionals to manage increasing workloads in healthcare. It emphasizes the need for organizations to enhance security protocols to mitigate risks associated with AI adoption.