Governance

Shadow AI: The New Shadow IT For years, organizations have struggled with shadow IT—unapproved systems, tools, or cloud services deployed outside normal governance. In 2025, that problem quietly evolved into something far more complex and far more dangerous: Shadow AI. Employees are now spinning up unapproved AI agents, connecting them to sensitive data, granting them excessive permissions, or even embedding them into workflows without the organization’s knowledge. And because AI is both powerful and opaque, many of these risks remain invisible until something goes wrong. ...

Securing the Future: A First Look at SANS Critical AI Security Controls v1.1 Introduction Artificial intelligence is no longer experimental—it’s embedded in production workflows, critical infrastructure, and high-stakes decision-making. But while AI evolves rapidly, security practices have struggled to keep pace. Enter the SANS Critical AI Security Controls (v1.1)—a new framework aiming to establish foundational, adaptable, and actionable controls for securing AI systems. This blog breaks down the key components of the SANS draft, explains their relevance, and suggests first steps organizations can take today. ...