Managed AI tools to curb data leakage risks

By Beatriz Marie D. Cruz, Reporter

PHILIPPINE organizations should deploy managed artificial intelligence (AI) tools to avoid cyberattacks caused by shadow AI practices and lessen the risk of data leakage, according to US-based cybersecurity company Netskope.

“Rolling out a managed AI solution reduces your risk of data leakage significantly because managed AI allows for monitoring while giving the employees the flexibility and speed they need at work,” Netskope Regional Director Kunal Jha said on the sidelines of an event earlier this month.

“If these users are continuing to work with unapproved generative AI (GenAI) applications, that’s creating another big area of vulnerability.”

Shadow AI, or the use of AI applications or systems without the formal approval of an organization’s IT teams, could expose personal data and violate organizations’ privacy regulations.

Risks are heightened as many employees typically resort to using their personal accounts when using AI tools to boost productivity.

“Most cybersecurity incidents are because of a weak link, which is the human being making a mistake, and not necessarily out of malicious intention,” Mr. Jha said.

About 47% of GenAI users globally are still accessing tools via personal, unmanaged accounts, according to the latest Netskope Threat Labs’ Cloud and Threat Report.

“Attackers, conversely, will exploit this fragmented environment, leveraging AI to conduct hyper-efficient reconnaissance and craft highly customized attacks targeting proprietary models and training data,” according to the report.

Mr. Jha also noted the rise of AI agents that are “smart enough to find a way around organizations’ restrictive policies.”

He also highlighted the need for data sovereignty regulations to avoid risks associated with cross-border data leakage.

“Since many AI models are hosted overseas, organizations are now looking at hosting bespoke, on-premise private deployments of AI,” he said.

Some employees also use unauthorized AI tools due to the lack of trust or training on company-regulated GenAI systems.

“Trust really comes from the guardrails that you put into place in terms of what data is uploaded,” Mr. Jha said, noting the importance of training employees when using managed AI tools.

“These form part of best practices on how to actually improve productivity while using a GenAI application without leaking any of your personal data or the company’s sensitive data.”

While Philippine organizations are among the most proactive in terms of evaluating and rolling out AI tools, the country’s cybersecurity readiness “is not where it needs to be,” Mr. Jha said.

The Philippines remains a key area of investment for Netskope, with its local talent of over 100 employees serving functions like finance, back-end shared services, and threat hunting, he added.