‘Shadow AI’ is real. Vanta wants to help manage it

The phenomenon dates at least to the era when certain daring professionals purchased newfangled gadgets called “PCs” and brought them to the office, well before having a computer on your desk was the norm. But the AI boom has made shadow IT more chaotic than ever. Many employers are pressuring staffers to embrace the technology without being terribly specific about best practices to use it productively and safely. Excited by the possibilities, workers may feed sensitive data into AI tools that are powerful but unpredictable. Even if everyone involved has the best of intentions, an infinite number of things could go awry. Christina Cacioppo [Photo: Courtesy of Vanta] According to Christina Cacioppo, cofounder and CEO of the trust management platform Vanta, about 70% of its 16,000-plus customers have some kind of shadow AI happening inside their organizations. “It’s basically what you’re talking about when someone within the company is charging ahead a new AI tool, and that tool, which might provide a lot of promise and value, hasn’t gone through a formal security review,” she says. Enter a new Vanta tool called the Vanta Agent for Risk. It maps out an organization’s vendors and tools, data and other assets; compliance responsibilities; and controls such as AI policies, aiming to provide a cohesive picture of their relationships and danger zones. The agent “understands all the different things that are happening in your company,” says Jeremy Epling, Vanta’s chief product officer. “Whether they’re third-party vendor risk that’s coming in from the outside, or it’s internal risk [involving] who has access inside the platform to different pieces of data.” [Image: Courtesy of Vanta] More than 4,000 integrations inform the agent’s reports. “We have over 1,400 tests that are continuously assessing the different sec