AI's wild west: the cybersecurity risks your IT team needs to know (and act on)

Remember the early days of cloud adoption? The panic, the shadow IT, the frantic attempts to get a handle on what employees were actually using. Well, strap in, because AI is that, but dialled up to eleven. We’re not just talking about new software; we’re talking about a fundamentally different way of interacting with information, and frankly, your IT team is now staring down a cybersecurity minefield. This isn’t about theoretical threats from a dystopian future; it’s about the messy reality unfolding in organisations right now.

I’ve been in those rooms—the ones where the post-mortem reports get read, detailing how a seemingly innocuous AI tool turned into a major data breach. I’ve seen the sheer bewilderment on IT managers’ faces as they realise their meticulously crafted security policies are about as useful as a chocolate teapot in the face of widespread, ungoverned AI use. This post isn’t here to scare you, but to give you a blunt, practical assessment of the cybersecurity risks AI introduces, and crucially, what your IT team needs to do about them.

The rise of ‘shadow AI’ and unapproved tools

Let’s be honest: your employees are already using AI. Probably dozens of tools you don’t even know about. They’re plugging company data into ChatGPT for summarisation, using Midjourney for quick graphics, or feeding sensitive customer information into some ‘productivity’ AI they found online. This is shadow AI, and it’s arguably the biggest immediate risk.

Why is it a problem? Because every time an employee uses an unapproved AI service, they are potentially:

• Exfiltrating data: Sending proprietary, confidential, or sensitive information outside your controlled environment. Think trade secrets, customer lists, or internal strategy documents. Once it’s in a third-party model, you’ve lost control.
• Introducing compliance nightmares: If that data includes personal identifiable information (PII) or protected health information (PHI), you’re looking at a breach under GDPR, CCPA, or other regulations. And good luck explaining to the regulator that you didn’t even know the tool was being used.
• Creating new attack vectors: Many of these tools are consumer-grade, with varying levels of security. They might be susceptible to supply chain attacks or simply have weak authentication mechanisms.

Your existing IT policies—the ones designed for traditional software and cloud services—simply don’t cut it anymore. They often lack the nuance to address the unique data handling and processing implications of generative AI. If you haven’t already, it’s time to seriously review your approach. We’ve talked about this before, in posts like The AI policy vacuum: why your old IT policy just wont cut it anymore and The policy problem, part 1: your IT policy in the age of AI—where to start (without panic).

Credential sprawl: a new kind of headache

AI isn’t just about web interfaces; it’s about integration. And integration often means Application Programming Interface (API) keys. Every time a developer or even an enthusiastic business user connects an internal system to an external AI service, they’re creating an API key. And another. And another.

This explosion of API keys leads directly to credential sprawl. Each key is a potential backdoor into your systems or a way for an attacker to misuse your AI services. Consider the implications:

• Massive attack surface: More keys mean more targets for attackers. Weakly secured keys, keys left in code repositories, or keys exposed in breaches become critical vulnerabilities.
• Management nightmare: How do you track thousands of API keys across dozens of AI services? Who owns them? When do they expire? What permissions do they grant? This isn’t just about users logging into SaaS; it’s about programmatic access at scale.
• Cost implications: Many AI services are usage-based. A compromised API key could lead to an attacker racking up huge bills on your account, not to mention using your resources for nefarious purposes.

I’ve written about this specific problem in depth, particularly in The API key problem: when every AI tool becomes a new security key headache (part 1: credential sprawl). It’s a mess, and it’s only going to get worse unless you get a grip on it now.

Unique AI model vulnerabilities: beyond traditional exploits

This is where AI security truly diverges from traditional cybersecurity. We’re not just worried about SQL injection or cross-site scripting anymore. AI models introduce entirely new classes of vulnerabilities that your traditional firewalls and antivirus software simply aren’t designed to detect or prevent.

Let’s look at a few:

• Prompt injection: This is a big one. An attacker crafts a malicious input (a “prompt”) that tricks the AI model into ignoring its original instructions, revealing sensitive information, or performing unintended actions. Imagine a customer service chatbot being prompted to reveal internal company policies or customer data.
• Data poisoning: Attackers subtly inject malicious data into the training datasets of AI models. This can lead to the model learning incorrect or biased behaviours, or even embedding backdoors that can be triggered later. If your organisation builds its own models, or relies on third-party models that allow fine-tuning, this is a serious concern.
• Model inversion/extraction attacks: These attacks aim to reconstruct sensitive training data from the model’s outputs, or to steal the model’s parameters entirely. If your AI model was trained on confidential data, this could be a major intellectual property or privacy breach.
• Adversarial attacks: Small, imperceptible changes to input data can cause an AI model to misclassify or misinterpret information. Think of a self-driving car misidentifying a stop sign, or an AI-powered security camera failing to recognise a threat.

These aren’t hypothetical. They’re real, documented attack vectors that require a deep understanding of AI’s underlying mechanisms. Your IT security team needs to understand these threats and how to mitigate them. It’s not just about securing the infrastructure around the AI; it’s about securing the AI itself.

The governance void: why your old policies fail

I’ve said it before, and I’ll say it again: your existing IT policies are not enough. The rapid adoption of AI has created a massive governance void. Most organisations simply haven’t updated their frameworks to account for AI’s unique risks around data handling, intellectual property, bias, and accountability.

This void leads to:

• Lack of clear responsibility: Who is accountable when an AI model makes a mistake, or when an employee uses an AI tool inappropriately? Is it IT, legal, the business unit, or the individual?
• Inconsistent usage: Without clear guidelines, employees will make their own decisions about what AI tools to use and how to use them, leading to a patchwork of practices and wildly varying security postures.
• Regulatory non-compliance: Regulators are increasingly focusing on AI. Without a robust governance framework, you’re exposing your organisation to fines and reputational damage.

Filling this void isn’t easy, but it’s essential. You need an AI-specific policy framework, not just a tacked-on amendment to your existing IT policy. Start with a practical AI usage policy, like the one I discussed in The AI Policy Toolkit, Part 1: What a Practical AI Usage Policy Really Looks Like.

Data privacy and regulatory compliance: AI’s new frontier

Every piece of data fed into an AI model, especially a third-party one, has privacy implications. If your organisation operates in Europe, GDPR is a constant companion. If in California, CCPA. And new AI-specific regulations are emerging globally.

Feeding sensitive data—customer records, employee information, proprietary business intelligence—into a third-party AI model without proper due diligence is a recipe for disaster. You need to ask:

• What happens to my data? Is it used to train the vendor’s models? Is it stored? For how long? Where is it stored?
• Who has access to it? What are the vendor’s internal security practices?
• What are the data transfer mechanisms? Are they secure and compliant with cross-border data regulations?

This isn’t just about your data; it’s about the data of your customers and employees. Your organisation remains the data controller, even if processing is outsourced to an AI service. The buck stops with you. Don’t let the allure of AI’s capabilities blind you to your fundamental privacy obligations.

Practical steps for IT and security teams

Okay, so the landscape is a bit grim. But it’s not hopeless. Your IT and security teams are not powerless bystanders. Here’s what you need to start doing, now:

1. Discover and assess AI usage: You can’t secure what you don’t know about. Implement tools and processes to identify what AI applications and services your employees are actually using. Shadow AI isn’t going away, but you can shine a light on it. This requires a combination of technical discovery and open communication with business units.
2. Develop a robust AI usage policy: This is non-negotiable. It needs to clearly define acceptable and unacceptable uses of AI, specify approved tools, and outline data handling requirements. Make it practical, not punitive. We’ve covered this extensively, including in The policy problem, part 2: the AI usage policy template—why you need one (and what to put in it).
3. Implement secure access and credential management: Centralise the management of API keys and AI service accounts. Use identity and access management (IAM) solutions. Enforce least privilege principles. Rotate keys regularly. Treat AI credentials with the same (or greater) rigour as your most sensitive system access tokens.
4. Educate and train your workforce: Your employees are your first line of defence. They need to understand the risks of shadow AI, prompt injection, and data leakage. Regular, engaging training—not just a tick-box exercise—is crucial. Your cyber security training needs an AI update, as I’ve noted in AI Cyber Security Training: Why Phishing Drills Wont Cut It Anymore.
5. Build internal AI security capabilities: This isn’t just a vendor problem. Your security team needs to understand AI-specific vulnerabilities. Invest in training for your security architects and engineers. Consider hiring specialists or working with consultants who genuinely understand AI security, not just traditional cyber. If you’re looking at external help, check out Hiring an AI security consultant? What to ask (and what to avoid).
6. Integrate AI security into your overall cyber security roadmap: AI security isn’t a standalone project; it’s an integral part of your wider cyber security strategy. It needs to be woven into your risk assessments, incident response plans, and compliance frameworks. See Integrating AI into Your Cyber Security Roadmap: Its Not a Separate Plan.

It’s not ‘more of the same’

Some might argue that AI security is just ‘more of the same’—another flavour of application security, or that vendors are solely responsible for securing their models. And frankly, that’s a dangerous delusion. While some principles carry over, AI introduces fundamentally new attack vectors, data handling paradigms, and governance challenges that traditional cybersecurity playbooks simply don’t cover. Relying solely on vendor assurances or your existing security stack is like bringing a knife to a gunfight. You need internal vigilance, new strategic thinking, and a proactive approach to these specific AI risks.

We’re in the messy middle of AI adoption, and the cybersecurity landscape is evolving at a breakneck pace. Ignoring these risks won’t make them disappear; it will only make their eventual impact more severe. Your IT team isn’t just on the hook; they’re on the front line. It’s time to equip them properly.

Don’t let AI’s promise turn into a security nightmare. Share this post with your leadership and IT team, then start the conversation about your organisation’s AI security posture. Need help drafting your AI governance policy? Let’s chat.