Agentic AI-based services are the new Shadow IT.
Uncategorized
60
Posts
45
Posters
0
Views
-
Agentic AI-based services are the new Shadow IT. Change my mind.
I'm a bit old school, so: do you have the Excel sheets to prove it?
-
@briankrebs im actively pitching a talk called 'claude is your insider threat now'
@Viss @briankrebs Would love to watch if/when it's online
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs I mean, when the shadow outshines the object, is it a shadow anymore?
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs Why? You are correct đ
-
@briankrebs I mean, when the shadow outshines the object, is it a shadow anymore?
@danielkennedy74 That reminds me of some optics: See Obscured Airy pattern @ https://en.wikipedia.org/wiki/Airy_disk
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs I have to admit.... earlier this week I spent like 5 hours trying to get this Ubiquiti camera system to work. I tried everything I could think of.
finally, I just gave ssh access to claude code, set it on no-permission-necessary and told it to keep trying to get those cameras online until they work. then went out and had a nice dinner with my wife, a couple glasses of wine.
Came back to shut the thing off.... all set worked perfectly. Still running.
so. If you folks don't think you can be replaced (at least partially) with AI, think again.
-
@briankrebs I am also really curious how many people have aggressively violated various privacy laws by feeding stuff into various LLMs for "summary" and "analysis".
Frankly it should be a much larger compliance nightmare than it is. (Or, I suppose, it *is* a ginormous compliance nightmare and just right now everyone's thinking it isn't. Incorrectly)
-
@SecureOwl @briankrebs I will confess to playing random songs on a coworker's Alexa when they checked in their personal home Alexa key into a corporate git repository.
@ai6yr @SecureOwl @briankrebs
Random songs? Not Rick Astley? -
@wordshaper @briankrebs Unfortunately, I don't think the people doing this care or will ever care. Privacy laws tend to be a joke anyways and there is very little incentive for most people/companies to change. I don't think most governments even want that to change. It's better for them, allows more data collection, etc.
I wish I didn't have such a negative and cynical outlook on it all.
@mrmoore @briankrebs HIPAA has some teeth and frankly I would be shocked if a bunch of attorneys *haven't* violated their professional oaths. More importantly, while the US may be a privacy nightmare the EU and UK do have a bit more to say on the matter, with regulations that have teeth.
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs Was recently forced to sit through an AI booster presentation at work, where the presenter kept demonstrating the use of tools that are banned as per corporate policy.
Lots of management and IT in the meeting. No one spoke up. Security is deader than satire.
-
@briankrebs I am also really curious how many people have aggressively violated various privacy laws by feeding stuff into various LLMs for "summary" and "analysis".
Frankly it should be a much larger compliance nightmare than it is. (Or, I suppose, it *is* a ginormous compliance nightmare and just right now everyone's thinking it isn't. Incorrectly)
@wordshaper @briankrebs this is why i try to buy the drinks for our legal team. they care about privacy, and care at their wit's end.
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
@briankrebs I have personally witnessed people just blindly feeding secrets and sensitive data right into systems where they straight up say "we're gonna hoover up literally everything you feed us as data for 'training' and might spit it out verbatim to anyone who asks." In an organization that basically threatened Very Bad Things would happen to anyone who even *hinted* at information they deemed 'confidential' to anyone else.
-
Agentic AI-based services are the new Shadow IT. Change my mind.
@briankrebs Um no. Not today. I attend sprint demos on the daily to see how far our agentic AI insights have progressed. Not ready for primetime. I work with Fortune 500s and they are asking us questions which lead me to assume not much further development on their side. This will change but not this year or next year. My whole reasoning for saying this is due to data in multi tenant architectures. AI is very prone to making mistakes and there are liabilities.
-
@wordshaper @briankrebs this is why i try to buy the drinks for our legal team. they care about privacy, and care at their wit's end.
@dr_a @briankrebs I also am very fond of our legal team, and I am reminded I should make them some whiskey pie next time Iâm near. (Lawyers also, for the record, are fond of Baileyâs cream puffs and rum soaked piĂąa colada cakes. I suspect theyâre not fond of their own livers, but maybe itâs just the job)
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
@briankrebs how about the ones using bypass methods to do their work without realizing theyâre using a file transfer service that doesnât delete the data theyâre exfiling allowing any rando to download the company source code with no tracking
-
@briankrebs how about the ones using bypass methods to do their work without realizing theyâre using a file transfer service that doesnât delete the data theyâre exfiling allowing any rando to download the company source code with no tracking
@briankrebs devs arenât smart. We see you. Youâre fucking stupid and creating more work for the rest of us still capable of doing our jobs.
-
@mrmoore @briankrebs HIPAA has some teeth and frankly I would be shocked if a bunch of attorneys *haven't* violated their professional oaths. More importantly, while the US may be a privacy nightmare the EU and UK do have a bit more to say on the matter, with regulations that have teeth.
@wordshaper @briankrebs While HIPAA does have some teeth, it leaves a lot to be desired. There is a lot more ways around HIPAA than people imagine. I think EU is definitely better than the US in terms of privacy, you can already see many problems coming from EU. Parts of GDPR could be rolled back, Chat Control initiatives, etc.
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
@briankrebs just this afternoon a colleague and I were questioning whether the real âAI is coming for your jobâ was not âAI will replace youâ but âidiots with AI are going to tank your company and youâre all getting laid off when it collapsesâ.
-
I'd argue that very few companies have any real appreciation for how many of their employees are already feeding API keys and other stuff into fairly new and questionable agentic AI tools or platforms. So many companies are like, oh we're taking a wait-and-see approach to adopting AI. Meanwhile, half their dev team is doing critical development work on shared servers that have no authentication or limited (no 2fa) auth.
@briankrebs more disturbingly, there are also cases where users throw API keys at their agents, and then have the agents automatically generate/refresh access tokens for them because the user cannot be arsed to do the daily login/2FA dance.
Gli ultimi otto messaggi ricevuti dalla Federazione
-
@WuMing2 Mestre fa parte del Comune di Venezia e comunque il circolo Uaar è su base provinciale đ
-
@weirdocollector Grazie! Ci siamo formati mentre eravamo in fissa con i libri di Dune.
-
@ClayAdventuresontheShelf oggi Sgarbatella perchĂŠ pare ci sia una premier urlatrice e bizzosa!
-
@ferrante @giornalismo ma pure a prevenire brogli.... l'ufficio elettorale è in mano a piantedosi meloni
-
@repubblica @ambiente-la-repubblica-repubblica carovita meloni+37%
-
@dgar le lingue irlandese e maltese sono quelle ufficiali nella UE
-
Scommetti contro la bolla: l'indice azionario non-AI di Goldman Sachs
VenerdĂŹ #GoldmanSachs ha annunciato un nuovo indice azionario, #SPXXAI, che comprende le 500 principali azioni statunitensi di Standard & Poor's, escluse le societĂ di intelligenza artificiale
https://pivot-to-ai.com/2026/02/23/bet-against-the-bubble-goldman-sachs-non-ai-stock-index/
-
Accenture: verrai promosso o licenziato utilizzando l'intelligenza artificiale
"La multinazionale di consulenza manageriale #Accenture adora i chatbot. L'amministratore delegato Julia Sweet ha dichiarato, durante la conference call sui risultati finanziari di settembre 2025, che l'azienda stava "licenziando" il personale che non adottava completamente i chatbot"
https://pivot-to-ai.com/2026/02/25/accenture-youre-promoted-or-fired-on-using-the-ai/
