Who is watching your shadow employee?

It often starts with convenience. An employee downloads an artificial intelligence (AI) tool promising to triage emails and automate routine responses. Within minutes, it is connected to the company’s inbox, quietly ingesting data, learning workflows and acting on the user’s behalf. Just like that, the company has hired a new shadow employee – off payroll, completely hidden and dangerously unpredictable.

This scenario is now more common than ever, an emerging pattern across modern workplaces.

AI adoption is surging in APAC, with 96 percent of organizations planning to invest in the company this year. While this will improve efficiency in the long-term, going through official approval processes takes time. Meanwhile, impatient workers are taking matters into their own hands. In Singapore, 68 percent use AI frequently at work, but only 14 percent use company-provided tools exclusively. It begs the question: Is your company data being used to train chatbots and public databases right now?

The difficulty in tracking Shadow AI

Previously, business leaders were worried about “Shadow IT”: the use of unsanctioned applications to automate work. While these apps are contained in one place, “Shadow AI” is more elusive. Think of your company as a high-security office building, where most cybersecurity tools are guards watching the front door. Shadow AI is like a trusted employee who is already inside, freely wandering into the CEO’s office to read private files and walking back to their desk without triggering the alarm.

Employees may even be creating Shadow AI accidentally without malicious intentions. For instance, your developers may be using a company-approved Coding Assistant software but entering sensitive info into the in-built AI assistant pop-up. This creates a grey area between sanctioned and unsanctioned applications which is incredibly difficult to catalogue using traditional “block and allow” lists.

DNS as the single source of truth

CISOs are up against a trojan horse, with unsanctioned AI tools using legitimate processes to mask their behaviour. But even the most disguised Shadow AI has weaknesses. Every legitimate program, including Shadow AI, uses the Domain Name System (DNS) to communicate internally and externally.

To identify shadow employees, one just needs to look for anomalies in the company’s DNS logs. One clue could be a sudden surge in traffic to a specific AI domain, signalling that a new agentic tool is being integrated into a workflow. Lookup patterns that follow a perfect mathematical sequence are another sign that Shadow AI is calling APIs in the background while the human user is fast asleep.

But monitoring the DNS goes beyond just reactively identifying shadow employees. Pre-emptive intelligence can stop the threat before access is granted in the first place. For instance, if employees attempt to connect with an unsanctioned GenAI, DNS tools automatically redirect them to a safe and approved application. Instead of an IT worker manually monitoring all traffic in and out of the network, predictive DNS tools can filter out the noise and flag the most urgent patterns for review.

Technical tools are only part of the solution

While DNS monitoring is a vital tool, it would be dangerous to assume that technology can catch everything. As with any cybersecurity strategy, humans remain as the weakest link. Training employees and fostering an AI-positive work culture are the core foundations to keep Shadow AI out.

Organizations should set explicit policies on approved use cases and data boundaries for AI tools. A clear list of approved AI tools and logins removes any ambiguity about whether using a personal account is acceptable for work tasks. Putting these guidelines into place must be an immediate priority, not an afterthought.

Instead of creating fear around the risks of using AI, empowering employees to suggest new tools for adoption can also improve compliance with the rules. By transforming your workforce from a potential liability into a vigilant human firewall, you close the gaps that even the smartest DNS monitoring might miss.

Cracking down on Shadow AI

The question is no longer whether your employees are using AI, but whether they’re doing it in front of you or behind your back. People now expect to find the same assistance from AI in the workplace which they already use at home.

Tackling the Shadow AI surge requires a mix of technical and human intervention. Close monitoring of the company’s network with pre-emptive DNS solutions can identify rogue applications that are hiding in plain sight. However, this must be supplemented by good governance and employee education.

AI isn’t a tool to be feared or banned. By building safe and visible pathways, CISOs can stop trying to police the shadows and start leading towards a secure, AI-powered future.

Lee Anstiss is Regional Sales Director – South East Asia & Korea (SEAK) at Infoblox.

TNGlobal INSIDER publishes contributions relevant to entrepreneurship and innovation. You may submit your own original or published contributions subject to editorial discretion.

Featured image: GuerrillaBuzz on Unsplash

AI agents will not just support customer journeys in Southeast Asia; they will redesign them