Shadow generative AI

The productivity improvements of generative AI cannot be understated. When organizations outright ban generative AI or are slow to adopt it, employees will find ways to use consumer grade (scope 1) applications. This has led to an explosion of shadow generative AI in organizations, creating unmanaged and uncontrolled data risks. A dual approach needs to be taken here:

Provide approved tooling to the workforce. By offering sanctioned AI tools, organizations can reduce shadow AI usage while simultaneously improving visibility into how generative AI is being used.
Build out sufficient observability in the organization. Organizations should invest in security lakes and AI monitoring dashboards to track violations of corporate AI policies. This includes monitoring active models, costs, prompt inputs and outputs, and the enforcement of security guardrails. Endpoint monitoring solutions should be deployed to detect unauthorized use of shadow generative AI, providing a better compliance and security posture.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

Managing data access for data science teams

Continual evaluation and best practices