Pervasive AI Presence: Over 80% of Businesses Impacted

In today's digital landscape, the unauthorized use of AI tools within organizations, known as Shadow AI, poses a significant risk to data security. Recognizing this, XM Cyber, a leading Israeli cybersecurity company acquired by the German Schwarz Group in 2021, is expanding its Continuous Exposure Management platform to cover the entire attack surface of AI.

Shadow AI, a phenomenon where employees use AI tools without approval or control by IT or security teams, is increasingly prevalent. Over 80% of the organizations examined show signs of shadow AI activities, across all areas of the organization. This unmanaged use of AI tools can lead to data breaches, with one in five companies experiencing a security incident related to shadow AI, according to IBM's "2022 Cost of a Data Breach" report, increasing the average cost of data breaches by $670,000.

XM Cyber's solution aims to address this issue by visualizing all attack paths to critical resources, allowing organizations to focus on the 2% of fixes that can actually block relevant attack paths. The expanded platform will detect and alert Shadow-AI activities, uncover vulnerabilities in cloud AI services like Amazon Bedrock, Google Vertex, and Azure OpenAI, and identify techniques for collecting credentials.

The platform will also assess risks on devices using MCP servers, a common target for cybercriminals. Given the increasing use of AI in organizations, with 78% of AI users bringing their own tools to work, XM Cyber is developing functions to detect shadow AI within its exposure management platform, which already covers on-premises, cloud, Kubernetes, and OT environments.

The importance of exposure management in healthcare cybersecurity cannot be overstated, especially as cybercriminals are expected to increasingly target healthcare in 2025. Shadow AI poses far-reaching risks, as tools can process sensitive data like proprietary code, customer data, financial models, or login credentials, without leaving any traces.

In addition to addressing Shadow AI, the expanded platform will also ensure compliance with regulatory requirements such as the EU AI regulation or NIST AI risk management. Compliance offers little protection, as employees continue to upload sensitive data to unmanaged AI services, even in heavily regulated industries like Healthcare, Finance, and Consulting. Traditional security tools often miss the majority of shadow AI activities due to encrypted browser traffic and insufficient logging on unmanaged end devices.

In conclusion, XM Cyber's expansion of its platform aims to provide a comprehensive solution for organizations to secure their AI infrastructure, protect sensitive data, and prevent data breaches caused by Shadow AI. As AI usage in organizations continues to increase, the need for such solutions becomes increasingly important.