←
Back to Blog
10/14/2025
-
XX
Minute Read
Shadow AI and the New Data Defense Paradigm: Insights from Our Data Defense Forum
Last month, we brought together some of the brightest minds in cybersecurity for our Data Defense Forum event. As someone who's been in the trenches of data security for years, I walked away from these conversations with a renewed sense of urgency and optimism about where we're headed.
The Fundamental Shift
The most striking theme across every session was this: traditional DLP is dead, and we need to stop pretending otherwise.
Nic Anton from Wiz put it perfectly when he said we need to "give ourselves permission to understand that maybe what we're doing today isn't going to cut it." Legacy architectures weren't built for the velocity of modern data movement, the sprawl of unstructured data, or the complexity of AI-driven workflows.
Clayton Smith from AWS drove this home with a simple observation: data has become the currency of business, yet most organizations still don't know where their confidential data actually lives. How can you protect what you can't see?
Three Critical Vectors of Data Loss
The conversation evolved beyond the usual "malicious actor" and "accidental leak" scenarios. We're now facing a third, more insidious vector: voluntary data sharing. Employees, eager to leverage new AI tools that promise productivity gains, are willingly uploading sensitive data to platforms they haven't vetted. They're not being malicious—they're just trying to get their jobs done faster.
This is where insider threat gets complicated. As Rinki Sethi, CSO at Upwind, eloquently explained, context and internal knowledge create unique risks. An IT admin downloading an entire Slack archive isn't necessarily doing anything technically wrong—until they upload it to a personal account. The tooling needs to understand not just what's happening, but whether it's appropriate given the user's role, the data's sensitivity, and the destination.
Data Lineage: The Missing Link
Here's what keeps me up at night: unstructured data is everywhere, and it's multiplying. It's in Slack threads, email chains, collaborative documents, and text messages. This data moves, transforms, and recombines in ways traditional DLP can't track.
Data lineage emerged as the critical missing piece. It's not enough to know that a file is sensitive; you need to understand its journey. Where did it originate? How has it been modified? Who has touched it? Where is it going?
When a finance document gets pasted into a marketing team's Slack channel, that context matters enormously. Modern data security must track that digital breadcrumb trail in real-time.
The AI Challenge: Moving at the Speed of Adoption
Joe Sullivan, previously CSO at Facebook, closed with a keynote that crystallized the AI dilemma we're all facing. Organizations are adopting AI at breakneck speed because they fear being left behind, and they're right to be concerned. But this creates massive security gaps.
The parallel to the iPhone era is apt. Remember when executives demanded email on their iPhones and security teams scrambled to retrofit protection? We lost that race. Now we're facing the same dynamic with AI, except the stakes are higher and the pace is faster.
Josh Stabiner, CISO at Vista Equity Partners, emphasized that AI adoption isn't optional; it's a competitive necessity. The question isn't whether to adopt AI, but how to do it safely.
The Human Element
Payman Armin, SVP & CISO at Xperi, made a crucial point about security culture: there can't be two sets of rules. If executives get special treatment, the entire security-first culture collapses. Everyone needs to play by the same rules, from the C-suite to individual contributors.
Real-time coaching emerged as a key concept. Rather than blocking users or punishing them after the fact, modern DLP should educate in the moment. When someone is about to paste sensitive data into an unsanctioned AI tool, that's the teachable moment, not three days later when the security team generates a report.
What This Means for Enterprise Security
The path forward requires three things:
- Visibility: You can't protect what you can't see. Invest in tools that give you real-time visibility into data movement across all channels, sanctioned and unsanctioned.
- Context is King: Static rules and labels aren't enough. You need to understand user behavior, data lineage, and intent to distinguish between legitimate business activity and genuine threats.
- Guardrails, Not Gates: Security should enable velocity, not prevent it.
Looking Ahead
The consensus was clear: we're at an inflection point. The organizations that get ahead of shadow AI, that implement intelligent data governance, and that embrace context-aware security will thrive. Those who cling to legacy approaches will struggle.
The technology exists to solve these problems. Data lineage tracking, context awareness, real-time coaching: these aren't vaporware concepts. They're capabilities that forward-thinking organizations are already leveraging.
The question is: will your organization be proactive or reactive?
The Data Defense Forum brought together security leaders from Facebook, AWS, Wiz, Vista Equity Partners, Upwind, and Xperi to discuss the future of data security in the AI era. For more insights from the forum, visit our events page.