Hassan Khan
Before the most important company meeting, An AI chatbot might assist you in immediately polishing your presentation. However, such fast AI repairs can end up hurting your chances of impressing higher ups.
More workers are utilizing AI technologies to boost their productivity and finish jobs, however most of the time, businesses don’t approve of these tools. Employee usage of unapproved AI platforms and tools is known as “shadow AI,” and it puts the organization at risk of employees inadvertently disclosing private information on these platforms, leaving it open to cyberattacks or loss of intellectual property.
AI Shortcuts Put Data at Risk
According to Kareem Sadek, an associate in the consultancy division at KPMG in Canada that specializes in digital risk, businesses frequently take their time implementing new technology, which may lead workers to look for outside solutions like AI assistants.
According to Sadek, this so called shadow AI frequently infiltrates when consumers seek speed, ease of use, and intuitiveness.
However, both large and small Canadian firms are finding these illegal instruments to be a pain.
According to Robert Falzon, the director of technological development at cybersecurity company Control Points Software Technologies Ltd., “firms are finding it difficult to make sure that the intellectual property they own remains protected and that they avoid disclosing confidential data about their company’s operations, about their clients, or about their consumer foundations.”
According to Falzon, A lot of AI users are unaware that anytime they engage with chatbots, their information and chats are being saved and utilized for improving the applications.
AI Chatbots Risk Exposing Sensitive Data
For instance, a worker may divulge private financial information or secret research on unauthorized chatbots to create infographics without realizing that the sales figures are suddenly accessible to other parties. Knowing that the info wasn’t intended to be freely accessible, someone else can stumble into it when using the chatbot to explore the same topic.
“It’s possible that the AI will go back into its resources and instruction and discover that bit of information about your business that discusses the outcomes and just casually give that to that individual,” Falzon stated.
Falzon emphasized that hackers use the same tools as everyone else.
AI Risks Spike for Canadian Firms
Twenty percent of the firms questioned in a July report by IBM and the U.S.based cybersecurity research center Ponemon Institute reported experiencing a data breach as a result of security events utilizing shadow AI. Compared to those who had security problems employing approved AI products, it represents a seven percentage point increase.
The study found that the median cost of a data breach in Canada rose by 10.4%, climbing from $6.32 million in March 2024 to $6.98 million by February 2025.
Sadek of KPMG stated that governance over the usage of AI in the workplace must be established.
“It’s not the technology that fails, but the absence of proper governance,” he said.
Zero Trust Approach Reduces AI Risks
According to Sadek, this might entail forming an AI committee with representatives from several departments, including marketing and legal, to examine tools and promote adoption with appropriate restrictions.
According to him, guardrails should be based on an AI framework that supports the values of the business and provides answers to difficult queries on bias, accuracy of data, and security, among other issues. According to Falzon, embracing a zero trust mentality may be one example. This entails not putting your confidence in any gadgets or applications that the business has not specifically approved.
According to him, the zero trust strategy lowers risk and restricts what an employee can and cannot enter into a chatbot. Falzon, for instance, stated that Check Point staff members are not permitted to enter research and development data; if they do, the system will limit access and alert the user to the dangers.
Chatbots Can Leak Private Client Data
According to Falzon, “that will help ensure that customers are informed and aware of the risks they take, but also ensure that those risks are reduced by technological protections at the back end of it.”
According to experts, raising knowledge about AI tools is essential to reducing tensions between workers and their employers.
However, cybersecurity concerns cannot be totally eliminated by internal tools.
During his cybersecurity assessment, researcher Ali Dehghantanha claimed that he was able to gain access to private client data by breaking into the internal chatbot of a Fortune 500 firm in just 47 minutes. He was employed by the corporation to assess the security of their internal chatbot and determine if it might be tricked into disclosing private information.
According to the researcher, an instructor and Canadian Research Chair in information security and intelligence on threats at the University of Guelph, “it had access to quite a number of business internal files, as well as exposure to conversations that various collaborators were using due to its nature.”
According to him, corporate chatbots are heavily used by large banks, law firms, and supply chain corporations for internal communications, email answers, and guidance; nevertheless, many of these systems lack adequate security and testing.
Businesses Must Budget for AI Risks
When using AI technology or implementing internal tools, businesses must allocate funds, he continued. “Always take the entire cost of operation into account, not just for AI, but for any technology,” the researcher stated. “How to safeguard and safeguard it is one aspect of that cost of ownership.
“That cost is considerable for the AI right now,” he stated.
Balancing AI Benefits and Data Risks
Falzon stated that firms must provide their employees the resources they require since they can no longer prevent employees from utilizing AI.
He said, “They want to make sure that they’re not posing more harm than the advantages that they offer and that issues like data theft don’t occur.”
