Sunlight on Shadow AI: When Security Learns to Tinker—Rob T. Lee from the SANS Institute on AI Risk

Security teams face three conflicting demands: defining governance policies, utilizing AI in their own workflows, and protecting systems they don't fully understand. Most organizations default to a 'framework of no' that creates analysis paralysis, while the real competitive risk is standing still. The challenge is balancing the need to move fast with the responsibility to reduce risk.

• •Security leaders are asked to govern, use, and protect AI simultaneously without clear playbooks
• •The 'framework of no' (defaulting to rejection due to uncertainty) is the dominant but failing approach
• •Everyone feels behind, but most are actually running at a similar pace—the perception gap creates unnecessary pressure
• •Tech leaders are being asked to be 'Gandalf' with all the answers when this is genuinely new territory for everyone

The 'framework of no' drives employees to shadow AI—unsanctioned use across organizations. An MIT study found that the only organizations achieving ROI from AI are doing so through shadow AI. The solution is for security teams to act like lifeguards at a playground, watching and guiding rather than blocking experimentation.

• •MIT study shows ROI is only being achieved through shadow AI (unsanctioned use)
• •Security teams should adopt a 'lifeguard' model—supervise experimentation rather than prevent it
• •Default policy should shift from 'no unless approved' to 'yes unless there's clear reason for no' (55/45 split)
• •Employees fear job loss and won't ask permission if they expect rejection—creating silent risk

While organizations obsess over enterprise AI security, individuals are blindly sharing intimate data in personal AI interactions without understanding the risks. The Palisades fire arrest case demonstrated how ChatGPT logs can be subpoenaed as evidence. People treat AI like privileged communication when it's not, creating personal and legal exposure.

• •Personal AI use is creating significant privacy risks that users don't understand
• •ChatGPT conversations are not privileged communication and can be subpoenaed (demonstrated in Palisades fire case)
• •Training data toggles are often not disabled, meaning personal conversations may be used for model training
• •AI providers have responsibility to alert law enforcement when interactions suggest violence or illegal activity

Organizations created AI policies 2-3 years ago and haven't updated them as the technology evolved. Most lack agentic AI policies entirely. The biggest oversight is blocking connector integrations between already-approved enterprise tools, preventing employees from creating the workflows where real value emerges.

• •AI policies must be reviewed and updated every 6 months as technology evolves—most organizations haven't done this
• •Agentic AI is a major gap in current governance frameworks
• •Organizations block connections between approved tools (Outlook, Slack, Notion) even when all are under SSO
• •The real power of AI comes from workflow automation, which current policies inadvertently prevent

Security expertise was originally built through 'hacking'—tinkering with technology to understand what could go wrong. Security leaders must return to this experimental mindset rather than waiting for definitive playbooks. The gap between an 'expert' and a beginner is just two weeks of daily practice. Frustration is the signal that learning is happening.

• •Early cybersecurity (1996-2001) was built by people tinkering with technology, not following books
• •Security leaders must adopt a 'hacking mindset'—experiment personally before trying to secure it
• •The difference between an expert and beginner is just 2 weeks of daily engagement
• •Frustration is the indicator that learning is occurring—if you're not frustrated, you're either already there or don't care
• •30 minutes daily of hands-on experimentation is the recommended practice (like daily exercise)

Rob's personal approach mirrors longevity health practices: dedicate 30 minutes daily to AI learning through diverse channels including TikTok, Instagram, AI Daily Brief podcast, and bookmarking practical demonstrations. The key is treating it like reading the newspaper—a daily habit, not a weekend project. AI hackathons provide valuable community learning even for beginners.

• •Curate TikTok/Instagram feeds entirely around AI content for daily micro-learning
• •Bookmark practical demonstrations (like Claude Skills) and experiment with them the next day
• •Treat AI learning like daily health habits—30 minutes consistently beats occasional deep dives
• •Attend AI hackathons even as a beginner—everyone is learning together, creating collective knowledge
• •Long-term professional health requires daily engagement with AI, similar to exercise for physical health

Organizations need 'accountability AI partners' per business unit, not mythical 'AI champions' who are expected to have all answers. Like having workout partners for different muscle groups, different departments (HR, finance, marketing) need their own learning communities. Small-form training should focus on immediately implementable tasks, not comprehensive overviews.

• •Replace 'AI Champions' with 'Accountability Partners'—people learning together, not experts with answers
• •Each business unit needs its own AI learning community (like arm day, leg day at the gym)
• •Different departments will move at different speeds—marketing typically leads, HR/finance lag due to data sensitivity
• •Training should enable immediate Monday implementation—create a PowerPoint from Slack messages, automate daily briefs
• •Start simple (automated reports) before attempting complex agent orchestration

SANS developed the Secure AI Blueprint by bringing experts together to admit collective uncertainty. The framework centers on three questions: How do we protect AI? How do we use it in daily work? How do we govern it? Organizations must first identify which pillar they're addressing before seeking solutions. Proper governance is like sleep for health—the foundation everything else depends on.

• •The blueprint emerged from expert summits where smart people admitted they don't have all answers
• •Three pillars: Protect (security), Utilize (operational use), Govern (policy/leadership)
• •Organizations must clarify which pillar they're addressing—most say 'all three' but need to prioritize
• •Governance is the foundation (like sleep for health)—without it, other efforts fail
• •Independent red teams should test AI integrations (e.g., Zapier connectors) for security validation

Governance means defining acceptable use policies tailored to your organization's data sensitivity and regulatory requirements. Hospitals face HIPAA constraints, marketing firms have looser requirements, most corporations fall in between. The EU 'right to be forgotten' creates technical challenges—you can't unbake a chocolate chip from a 175 billion parameter cookie. The workaround is query-time filtering rather than retraining models.

• •Governance varies by industry: hospitals (HIPAA) vs marketing firms (minimal regulation) vs typical corporations (customer data)
• •US innovates, EU regulates—international operations must navigate GDPR, EU AI Act, and data sovereignty laws
• •EU 'right to be forgotten' is technically challenging—can't remove individual data from trained models
• •Practical solution: filter at query time rather than retrain models when deletion is requested
• •Organizations must map vendor capabilities to their specific regulatory and strategic requirements

Rob challenges the common practice of boards hiring AI experts to inform strategy, arguing executives must personally engage with AI daily. Outsourcing AI knowledge is like setting internet strategy in the 90s without using email or browsers. Executives who use AI for simple tasks (photo editing) can connect dots to strategic decisions (marketing team sizing, cost savings). AI changes how you problem-solve, not just what tools you use.

• •Board members must personally use AI—outsourcing knowledge to experts abdicates strategic responsibility
• •Analogy: Setting internet strategy in the 90s without using email/browsers would be absurd
• •Personal use enables strategic insights—photo editing leads to questions about marketing team size and hiring needs
• •AI changes problem-solving methodology, not just tooling—requires new ways of thinking
• •Without personal experience, executives can't set informed strategy or proper governance

At AI conferences, the top concern isn't nation-state attacks—it's shadow AI. Current restrictive policies drive employees to unsanctioned use because they fear being left behind, especially after seeing companies like Accenture lay off 11,000 workers who 'couldn't be reskilled in AI.' This creates a panic state where workers use AI regardless of policy, generating the exact security risks organizations tried to prevent. The solution: enable experimentation with sunlight, default to yes, and have security act as lifeguards.

• •Shadow AI is the #1 concern at enterprise AI conferences—not adversarial attacks
• •Accenture's 11,000 layoffs for workers 'unable to reskill in AI' created industry-wide panic
• •Workers use AI anyway due to fear of being left behind, creating unmonitored security risks
• •Current policies create the exact risks they're designed to prevent
• •Solution: Enable experimentation with oversight ('sunlight'), default to yes, security as lifeguards not gatekeepers