CISO dodges bullet protecting $8.8 trillion from shadow AI

VentureBeat’s exclusive interview with Sam Evans, CISO of Clearwater Analytics, reveals why enterprise browsers are quickly becoming the frontline defense against shadow AI in its many forms.   

Evans faced a critical challenge in October 2023. Standing before Clearwater Analytics’ board, he had to confront concerns that employees might inadvertently expose data that could potentially compromise the firm’s $8.8 trillion assets under management.  

“The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don’t manage,” Evans told VentureBeat. “The employee not knowing any different or trying to solve a problem for a customer…that data helps train the model.”

Here is our conversation with Evans, edited for length and clarity

VentureBeat: How do you see AI shaping cybersecurity today?

Evans: The attacks have become significantly more sophisticated. If you consider it from the perspective of a bad actor, the phishing emails and attempts we receive have become much more complex. However, AI also possesses response capabilities.

I like to explain it to our board, as the ultimate cat-and-mouse game. As bad actors start to use AI to advance phishing, or perhaps expedite the time it takes for exploits to emerge after vulnerabilities are announced, there’s the opposite side of security practitioners using AI to help advance how we respond.

VentureBeat: How is AI helping your defensive capabilities?

Evans: We’ve begun integrating AI into our security playbooks. By doing so, our security analysts now spend less time searching and hunting. The AI is involved in the security operations center (SOC) product, conducting its initial triage analysis and saying, “Based on previous things that we’ve seen and things in my model, this is where I’d like to guide you.”

On the defensive side, we’re really starting to see AI come into play. CrowdStrike, Sentinel One, Microsoft Defender, the traditional extended detection and response (EDR) products were using some machine learning, and they would get to a probability of maybe 85% that this could be a threat, but we’re not really sure. However, AI enriches the EDR engine’s ability to reach a higher probability rate of identifying a threat.

VentureBeat: What keeps you up at night when it comes to AI and cybersecurity?

Evans: The thing that does worry me quite a bit is the deepfakes. You read multiple stories about people using deepfakes to impersonate a CEO to initiate wire transfers. Those are concerning because they do look very, very real.

But the biggest concern? The worst possible thing would be one of our employees taking customer data and putting it into an AI engine that we don’t manage, and then it becomes data that helps train the model.

VentureBeat: How did you explain this shadow AI risk to your board?

Evans: I remember when one of the first board meetings I was in, they asked me, “So what are your thoughts on ChatGPT?” I said, “Well, it’s an incredible productivity tool. However, I don’t know how we could let our employees use it, because my biggest fear is somebody copies and pastes customer data into it, or our source code, which is our intellectual property.”

But I didn’t just come to the board with my concerns and problems. I said, “Well, here’s my solution. I don’t want to stop people from being productive, but I also want to protect it.” When I came to the board and explained how these enterprise browsers work, they’re like, “Okay, that makes much sense, but can you really do it?”

VentureBeat: Walk me through your evaluation and deployment process for Island.

Evans: After that October 2023 board meeting, we started a pretty long due diligence process. We took a look at some of the major vendors in the enterprise browser space.

I’ll share with you ultimately why we went with an Island. We needed to be able to control what browsers people are using on their endpoints. It doesn’t do any good to deploy an enterprise browser when somebody can go and download Opera or “Frank’s browser of the month” and use it, and it just bypasses all of the Island controls.

The other reason we went with Island was truly because of the speed of the deployment. I remember being on a call with Island salespeople, and they’re saying, “We believe we can get this deployed in your company in a matter of weeks.” I’m like, “Oh, that’s BS.”

VentureBeat: But they delivered?

Evans: They took it as a personal challenge! We started our Island deployment in April 2024 with about 200 people. We went the extension route first; the Island extension in Chrome and Edge.

It wasn’t until July when the board asked, “How is it going?” And I said, “How about I just show you?” I pulled up a screenshot because, you know, Murphy’s Law demos always fail. So I showed them screenshots, “Here I am on ChatGPT. I tried to paste something in. I got the prompt: ‘Island policy prevents you from doing this.’”

They’re like, “Wow, this is fantastic! But people can still utilize the tool to ask good questions?” I said, “Yeah, absolutely. They just can’t put data into it.”

VentureBeat: Do you feel that Island assures you and reduces the risk of Shadow AI?

Evans: It definitely has helped us get a handle on shadow AI. No security tool is 100% perfect. Having deployed Island, we definitely sleep a lot easier. We can feel reasonably comfortable that if an employee is going to an AI instance that we don’t have licensed, they can use it, but can’t paste data or upload files.

It’s also helped us identify where we have gaps. Employees found this really great AI widget thing, they come to the security team, “Hey, look, check this out.” And then we can come back to our product development teams and figure out how we help enable this, not just for our employees, but for our customers.

VentureBeat: How do you defend against deepfakes?

Evans: That’s a tough one to wrap your arms around. We have an excellent security awareness program. We ask employees to use common sense. Do you really think Sandeep Sahai, our CEO, is going to call you up and ask you to buy him Apple gift cards?

We’ve set up a lot of checks and balances, kind of like the two-person buddy check system. There’s no technology solution for something like that. It’s a human problem that we’ve had to implement a human solution.

VentureBeat: What advice would you give other CISOs facing shadow AI?

Evans: This isn’t just about blocking, it’s about enablement. Bring solutions, not just problems. When I came to the board, I didn’t just highlight the risks; I proposed a solution that balanced security with productivity.

Welcome to the shadow AI arms race

Evans’ insights reveal how quickly shadow AI has become an existential threat to every data-intensive business.  

“We see 50 new AI apps a day, and we’ve already cataloged over 12,000,” Itamar Golan, CEO of Prompt Security, told VentureBeat, quantifying what security teams are calling their worst nightmare since ransomware.

The onslaught of unauthorized AI use and apps has triggered intense competition among security vendors. “Most traditional management tools lack comprehensive visibility into AI apps,” Vineet Arora, CTO of WinWire, explained to VentureBeat, pinpointing exactly why shadow AI flourishes as legacy security architectures are blind to it.

The vendor ecosystem has crystallized into four distinct battlegrounds, each with its weapons and weaknesses.

Enterprise browsers lead the charge. Foremost among them is Island, which recently raised a $250 million funding round, a vote of confidence from the investor community. While Island bets on pre-encryption visibility, Google Chrome Enterprise attacks shadow AI differently, weaponizing its market dominance and Google’s security stack. Chrome Enterprise Premium delivers data loss prevention (DLP) controls that block data flows to ChatGPT and other AI tools, prevent cross-profile contamination and enforce real-time content scanning. The platform exposes shadow AI usage patterns while blocking both accidental pastes and deliberate exfiltration. Strategic partnerships with Zscaler and Cisco Secure Access amplify Chrome’s reach to create an ecosystem where zero-trust principles extend directly to AI interactions.

SASE/SSE platforms deliver enterprise-scale defense. Netskope and Zscaler bring scale to shadow AI defense through their cloud-native security access service edge (SASE) architectures. Both platforms process billions of transactions daily across global infrastructures, with Netskope specifically advertising its ability to monitor AI application usage across enterprises. Their key limitation: When 73.8% of workplace ChatGPT usage occurs through personal accounts, SSL/TLS encryption prevents platforms from inspecting content, forcing them to rely on traffic patterns and metadata, leading to visibility gaps where shadow AI operates undetected.

Traditional DLP vendors struggle to adapt. Legacy vendors Forcepoint and Microsoft Purview have a strong legacy to trade on when it comes to battling shadow AI. Forcepoint claims 1,700-plus classifiers while Purview leverages AI to triage tasks. But here’s the problem: They’re retrofitting 20th-century architectures for 21st-century threats. These platforms excel at compliance checkboxes and policy templates but fail to keep up with AI’s quicker pace.

As Daren Goeson, Ivanti’s SVP of product management for UEM told VentureBeat: “AI-powered endpoint security tools can analyze vast amounts of data to detect anomalies and predict potential threats faster and more accurately than any human analyst.” Traditional DLP operates at audit speed. Shadow AI moves at machine speed.

Specialized solutions fill critical gaps. Innovation thrives in the niches that legacy vendors ignore. One example is Ivanti Neurons, which delivers comprehensive device discovery through its UEM platform, exposing shadow AI hiding in endpoints that traditional tools miss. Mike Riemer, Ivanti’s Field CISO, sees the bigger picture: “Security professionals will effectively leverage the capabilities of gen AI to analyze vast amounts of data collected from diverse systems.” Nightfall, for its part, targets developer teams with transformer models, claiming 2x detection accuracy for API based AI tools.

Comparing Shadow AI Defense Solutions

Vendor	Type	Key Strengths	Limitations	Best For
Check Point Harmony	Browser extension	Leverages existing infrastructure	Limited to extension	Check Point customers
Forcepoint	Traditional DLP	1,700+ classifiers, regulatory compliance	Legacy architecture	Highly regulated industries
Google Chrome Enterprise	Enterprise browser	Market dominance, native integration	Less specialized controls	Google Workspace organizations
Island	Enterprise browser	Pre-encryption visibility, zero latency, Rapid deployment	Higher cost per user	Enterprises with sensitive data
Ivanti Neurons	UEM Platform	Comprehensive device discovery	Not browser-specific	Asset management focus
Microsoft Purview	DLP Platform	Native Microsoft integration, AI-powered triage	Microsoft-centric	Microsoft 365 enterprises
Netskope	SASE/SSE Platform	Comprehensive coverage, 370+ AI app monitoring	Post-encryption complexity	Large distributed enterprises
Nightfall	AI-Native DLP	2x detection accuracy, Transformer models	API-only approach	Developer-centric teams
Talon Cyber Security	Enterprise Browser	Browser + extension options	Newer to market	Security-conscious SMBs
Zscaler	SASE/SSE Platform	536B daily transactions, true zero-trust	Cloud-only approach	Cloud-first organizations

VentureBeat analysis

What’s driving the market to move so fast? VentureBeat’s analysis found 74,500-plus shadow AI apps actively deployed across major consulting firms alone, and that’s growing 5% monthly. By mid-2026, that number could hit 160,000. Each represents a potential data breach, compliance violation, or competitive intelligence leak.

Arora’s prescription cuts through vendor hype: “Organizations must define strategies with robust security while enabling employees to use AI technologies effectively. Total bans often drive AI use underground, which only magnifies the risks.”