ISACA guidance on shadow AI and emerging technology risk highlights data breaches, privacy risk, and data leakage as major concerns when employees use unapproved public AI tools. Public cloud AI use can expose sensitive data through prompts, uploads, or output handling, making data leakage the greatest immediate concern from an audit and control perspective.
Option A is a concern because AI outputs can be inaccurate, but poor reliability usually does not create the same immediate confidentiality exposure as leaking internal data. Option B is less severe. Option C can matter in some use cases, but the most significant enterprise risk identified in ISACA’s public guidance is unauthorized disclosure of data.
References (Official ISACA):
ISACA, From Shadow IT to Shadow AI: Navigating the New Frontier of Enterprise Risk.
ISACA, Navigating the Hype and Risk of Emerging Technologies.
ISACA, Collaboration and the New Triad of AI Governance.
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit