Shining a spotlight on Shadow AI

Despite InfoSec and compliance teams' concerns, employees and CEOs both realize the
productivity benefits of using ChatGPT at work and are pushing hard to adopt it.
In the wake of this technological shift, we're seeing corporate clash over AI
usage policies and a rise in shadow IT
use of ChatGPT ("Shadow AI").

At Blueteam AI, it's our mission to enable safe and secure
adoption of ChatGPT in the enterprise. We're building a suite of tools to help, and
along the way we've interviewed dozens of professionals from InfoSec and compliance
teams. Here are some of the common pain points we've heard and
how we've addressed them in Blueteam AI's network monitoring.

  • What are we not aware of?
    • Can we shine a light on the shadow AI in our organization?
    • What departments and teams are using it?
  • What are the opportunities and risks?
    • Where is generative AI useful?
    • Am I leaking sensitive information?
  • How can I protect myself?
    • How do I enforce DLP policies on AI usage?
    • How can I monitor for policy violations?

What are we not aware of?

Can we shine a light on the shadow AI in our organization?

To address security concerns, we've heard a number of companies considering
on-premise deployments of large language models (LLMs). However, this approach
does not address the shadow AI problem where employees choose to use
unsanctioned AI services like Github Copilot and ChatGPT.

By analyzing outbound network traffic to AI services, we can
identify AI usage even if it is not explicitly approved by central IT.

Pie chart of network traffic to AI services

Measurement of network traffic outbound to AI services. Here, the majority of AI usage is for Github Copilot.

What departments and teams are using it?

We've heard CEOs issue mandates to integrate AI into department workflows, but how can we
quantify the adoption of AI across the organization?
Segmenting the traffic by hosts enables us to identify which individuals / teams / departments
are using AI at work and how much they are using it.

Bar chart of AI service network traffic segmented by client host IP

AI service network traffic segmented by client host IP.

What are the opportunities and risks?

Where is generative AI useful?

We've heard that developers are using Github Copilot to write code, but where
can we expect to see the most productivity gains?
Does it benefit some roles more more others?

Bar chart of Github Copilot usage by programming language

Github Copilot usage by programming language. Typescript/React has the highest usage, suggesting front-end developers are benefitting most.

And in order for management to effectively rebalance headcount after AI
adoption, we need to know how AI improves productivity across different team's code

Bar chart of Github Copilot usage by code repository

Github Copilot usage by code repository.

Am I leaking sensitive information?

It's no secret
that conversations with ChatGPT are used to train the model. While ChatGPT has an option to disable training
data collection:

Screenshot of ChatGPT's data controls settings.

ChatGPT's data controls settings for disabling training.

It's up to individual employees to remember to enable this setting.
How compliant are my employees, and where are remediations necessary?

Bar chart of requests with training disabled setting

ChatGPT requests segmented by client host IP and colored by whether the training disabled setting is enabled. A false setting (blue) indicates non-compliance and a potential data leak.

How can I protect myself?

By combining our AI network monitoring with our API middleware stack, we can go
beyond traffic analysis and take action to enforce data loss prevention (DLP)
and threat protection policies on generative AI

How do I enforce DLP policies on AI usage?

Configure a DLP policy to detect the presence of sensitive data like personally identifiable information (PII)
and take actions to nudge the user, block the request, or automatically redact the data from the request.

Screenshot of creating a policy on Blueteam AI

Creating a policy on Blueteam AI to automatically detect and redact PII from traffic to AI services.

How can I monitor for policy violations?

As AI usage becomes more prevalent, it's important to monitor for policy violations so you can
receive timely alerts and proactively address them before they become a problem.

Screenshot of alerts page on Blueteam AI

Automatically generated alerts for detected policy violations.


AI network monitoring with Blueteam AI

Screenshot of a dashboard from Blueteam's AI network monitoring.

Blueteam's AI network monitoring is a network appliance that performs
deep packet inspection of network traffic to AI services in order
to gain visibility and control over AI usage on corporate networks.

