Today in Tech Inside Shadow AI: The Hidden Cyber Threat Already Inside Your Company
Nov 20, 2025
Etay Maor, a cybersecurity expert and adjunct professor at Boston College, dives into the hidden dangers of Shadow AI in this insightful discussion. He reveals how unsanctioned AI tools are leaking sensitive company data, making AI the weakest link in security. Maor explores how attackers are jailbreaking AI models to optimize fraud, phishing, and deepfakes. He emphasizes the critical need for organizations to enforce AI policies, monitor usage, and train employees to prevent accidental data leaks and ensure robust defenses against evolving cyber threats.
AI Snips
Chapters
Transcript
Episode notes
Models Reflect Their Training Lens
- Different models give different answers because of training data differences, shown by asking about Taiwan.
- Etay Maor uses this to warn organizations to understand which model and training data they rely on.
Make Policies Layered And Granular
- Define layered policies: allow or block applications, restrict tenants, and limit specific actions like file uploads.
- Enforce content restrictions (e.g., no code, no medical or 16-digit numbers) to reduce leak risk.
Agentic AI Raises Permission Risks
- Agentic AI introduces new risk: agents acting autonomously can be given excessive permissions and sensitive access.
- Excessive agency plus rich personal data and payment access creates ripe targets for abuse.