Who’s Experimenting with AI Tools in Your Organization?

Oct 23, 2023The Hacker NewsArtificial Intelligence / Cybersecurity

With the record-setting growth of consumer-focused AI productivity tools like ChatGPT, artificial intelligence—formerly the realm of data science and engineering teams—has become a resource available to every employee.

From a productivity perspective, that’s fantastic. Unfortunately for IT and security teams, it also means you may have hundreds of people in your organization using a new tool in a matter of days, with no visibility of what type of data they’re sending to that tool or how secure it might be. And because many of these tools are free or offer free trials, there’s no barrier to entry and no way of discovering them through procurement or expense reports.

Organizations need to understand and (quickly) evaluate the benefits and risks of AI productivity tools in order to create a scalable, enforceable, and reasonable policy to guide their employees’ behavior.

How Nudge Security can help

Nudge Security discovers all generative AI accounts ever created by any employee, and alerts you as new AI apps are introduced, so you can gain visibility into who’s using what, and guide employees towards best practices to mitigate AI security risks.

With Nudge Security, you can:

  • Discover and inventory the AI tools your employees are using
  • Get alerted when new AI tools are introduced
  • Accelerate security reviews to evaluate unfamiliar tools
  • Detect overly permissive OAuth scopes that could endanger corporate data
  • Nudge employees towards approved providers and better security practices
  • Share acceptable use guidance and collect policy acknowledgement

1. Get visibility of the AI tools your employees are using, from Day 1.

Given the explosive growth of tools like ChatGPT, your employees are most likely already using or experimenting with some type of AI product at work. To understand the role AI tools play for your organization, you need to know what’s already out there and stay on top of new tools as employees sign up for them.

With Nudge Security, you can get an immediate inventory of all the AI tools your employees are using, and set up alerts to notify you whenever a new AI tool is introduced. Nudge Security automatically discovers AI tools and other SaaS applications in your environment, and categorizes them by type for easy filtering, including the free, paid, and trial accounts that you might not be able to discover by relying on procurement processes or combing through expense reports.

2. Assess AI tools at a glance.

Nudge Security provides a summary view of each application to help you assess new AI tools quickly. You can see a short description of the app, find out how many accounts and integrations have been created by members of your organization, identify the original user, and check your users’ security hygiene. Drilling into each tab in the menu provides even more information to support your evaluations. As you complete your reviews, you can update statuses in the “Fields” section to keep track of statuses and approvals.

3. Accelerate security evaluations with added context.

For each app, Nudge Security provides additional security context that can help you evaluate new applications quickly and systematically, such as links to their terms of service and privacy policies, an overview of their breach history, and an inventory of their SaaS supply chain.

Nudge Security also alerts you to security incidents affecting the applications your employees are using so you can intervene swiftly to secure their accounts, integrations, and data.

4. Catch OAuth grants with overly-permissive scopes.

The ease of agreeing to an OAuth grant can entice users to hand over more access to AI tools than they might realize.

That’s why Nudge Security reveals the scopes each application has been granted and provides OAuth risk scores to help you identify risky OAuth grants quickly. The solution provide enough context to help you understand exactly what access and permissions each user has granted and what it means for your organization, so you can intervene if an application has too much access.

5. Reach users with guidance at the right time

Given the viral spread of AI tools, you have the best chance of changing users’ behavior by reaching them immediately when they sign up for a new app.

Nudge Security offers just-in-time interventions using automated nudges, so you can reach users immediately via email or Slack when they create a new account. As soon as a user signs up for an AI tool, you can “nudge” them to review and acknowledge your AI acceptable use policy, reaching them right when the information is most relevant and useful.

You can also nudge them toward using an alternative application that you’ve already determined is enterprise-ready, or prompt them to take a more secure action like setting up multi-factor authentication.

6. Collect usage feedback at scale to guide corporate policies.

If your corporate-sanctioned options aren’t sufficient for your users, or if you just want to keep a pulse on AI adoption at your organization, you need to understand how your employees are using these tools. Nudge Security helps you capture that information at scale, so you can make informed choices about how to manage AI adoption across your workforce. Whenever a user adds a new AI tool that you haven’t seen before, you can ask them for context on what they’re trying to do, which can help differentiate innocuous use cases from those that could put confidential or sensitive data at risk.

Balancing the benefits and risks of AI tools with Nudge Security

Your business needs AI to be competitive, which means your users need help determining which productivity tools are trustworthy and which ones could put corporate data at risk. Nudge Security is a platform for SaaS security that can help you assess new tools efficiently and nudge your users in the right direction so you can keep up with the pace of business.

Start free 14-day trial of Nudge Security

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.