/
Understanding the Uncontrolled AI tool usage (Shadow AI) risk

Understanding the Uncontrolled AI tool usage (Shadow AI) risk

BarracudaONE displays this risk when it detects that AI applications are actively being accessed within your environment without centralized AI governance and automated enforcement of policies.

Without automated enforcement, governance is left to manual policy updates that lag behind real-world usage. This means that users put your environment at risk by using AI applications that aren’t approved, or using approved AI systems in an unauthorized way.

Why this is a risk

AI systems can affect people, decisions, and data at scale. Without policies that are enforced in real-time, users may expose your organization to privacy violations that endanger your clients and your business.

Identifying this risk

To help you identify the tools affected, BarracudaONE displays:

  • The AI applications accessed

  • The number of times each application has been accessed

Resolving this risk

Resolving this risk involves enabling Barracuda SecureEdge to automatically implement and enforce automated AI application control in real time.

To resolve the Uncontrolled AI tool usage (Shadow AI) risk

  1. In the left navigation menu, select Home Home.png.

  2. In the Start mitigating risks section, do one of the following:

    • Select the Uncontrolled AI tool usage (Shadow AI) risk.

    • Select another risk, then use the arrows to navigate to the Uncontrolled AI tool usage (Shadow AI) risk.

  3. In the Start mitigating risks section, select the Uncontrolled AI tool usage (Shadow AI) risk.

  4. Do one of the following:

    • If Cisco Umbrella is your discovery source, enable enforcement with SecureEdge.

    • If SecureEdge is your discovery source, resolve the issue in SecureEdge.

When this criteria is met, the risk auto-resolves.

Once you have resolved this risk

Once you put a tool in place to enforce security policies in real-time, you can regulate and ensure AI is used in a way that is::

  • Safe - Doesn’t cause harm through errors or unsafe outputs

  • Secure - Doesn’t expose or leak sensitive data, or get exploited

  • Accountable - Ensures traceability for decisions and failures

  • Compliant - Meets privacy, security, and sector-specific rules

  • Reliable - Measures, documents, and continuously improves performance

We value your feedback.
If you have questions, suggestions, or feedback on our documentation, contact the Campus Product Documentation team.
For general product inquiries or technical support, please contact the global Barracuda Support team.