There’s a new security risk out there, and it’s come to be known as The Shadow AI Problem.
It suggests that the next major corporate data breach may not come from a sophisticated nation-state actor or a phishing campaign, but rather from an employee asking an AI chatbot to read or summarize sensitive company data.
That’s the reality Itamar Golan has spent the last two years building a company around. As co-founder and CEO of Prompt Security (acquired by SentinelOne earlier this year for $250 million), he has become one of the voices warning of the gap between how fast enterprises are adopting AI and how little they understand about where their data is going. According to him, most CISOs focus on traditional attack vectors, but the real risk is employees pasting IP addresses into unauthorized tools.
Prompt Security’s platform now detects nearly 20,000 distinct AI applications operating across enterprise environments. Golan clarified that the figure isn’t plugins or product variants, but 20,000 separate entities. “Today, essentially almost any SaaS application, website, native application running on your endpoint… we are converging towards a landscape where any one of those will be an AI application by itself,” he told me.
The visibility problem is one thing, but the training problem is another. Prompt Security’s research found that roughly 40% of AI applications, when surveyed at the configuration level, are set by default to train on the data they receive. “Not only has confidential data leaked out of your organization,” Golan explained, “it’s now potentially becoming part of the model’s brain.” Details like corporate strategy, personnel data, or legal documents will be available for everyone to see - and there is no obvious retrieval mechanism once embedded in a model’s training run.
The sectors most exposed are also the typically traditional ones that are now moving fastest to catch up: Financial services, insurance, and legal firms are adopting AI precisely because it performs exceptionally well on their core workflows. “They find themselves in this very tricky situation,” he told me. “On the one hand, they are adopting AI the fastest, and the potential gain is immense, but the risk of making a mistake is so big as well.”
It is a distinctly Israeli problem to be working on. Golan mentioned that when he surveyed the security stacks of Fortune 500 CISOs while building Prompt, he found that around 60% of the tools on their lists were built by Israeli companies. Startup Nation has given the world Check Point, CyberArk (acquired by Palo Alto Networks), and Wiz (acquired by Google). Now, Prompt Security, as part of SentinelOne, is trying to secure the AI layer that sits above all of them.
“We cannot stay blind,” Golan concluded. “We must admit that our employees are using hundreds or thousands of AI applications. A big portion of those are able to train on the data we are sharing with them.” Acknowledging that reality, he argues, is the first step to acting on it.
