Rajat Bhargava is an entrepreneur, investor, author and currently CEO and cofounder of JumpCloud.
Enterprises are facing a new kind of digital divide due to the rush to adopt AI. This divide isn’t between those who have the technology and those who don’t. A divide now exists between what IT departments can see and what they can’t.
As generative AI tools proliferate and employees experiment with everything from code generation to data analysis, traditional IT visibility is breaking down. This isn’t just another shadow IT problem. Just a few years ago, if an employee signed up for Dropbox without telling IT about it or going through a centralized procurement process, the risk was smaller. Documents may have been uploaded, and a subscription may have added a marginal fee, but the fallout was limited.
Today, employees going outside of IT channels may involve feeding proprietary code into public AI models, training personal instances on company data or running unofficial large language models on shadow cloud infrastructure—all with implications for security, compliance, budget, intellectual property and more.
The IT landscape has fundamentally shifted. Workers are using AI for a variety of functions, yet nearly half of executives admit they don’t know how often, or for what, their employees use it. Without a clear and accurate understanding of—and control over—AI in the IT environment, enterprises are opening themselves up to serious risk.
Successful incorporation of AI isn’t about implementing more restrictive controls; it’s about building infrastructure and processes that provide visibility and governance without impeding the transformative potential of AI and other emerging technologies.
Beyond Traditional Shadow IT
The era of simple cloud app management is over. Today’s enterprise technology stack is, by design, a complex web of AI models, APIs and microservices. Though some of this complexity is implemented deliberately to execute organizational strategy, the reality is that much of it operates outside traditional visibility tools.
This isn’t happening just because employees are trying to get around IT. Rather, the pace of AI innovation has outstripped traditional procurement and governance processes. When a new AI tool can potentially save hundreds of development hours or unlock competitive insights, waiting months for security review and approval can feel like an unnecessary blocker to teams under pressure to deliver results.
The Dynamic Risk Landscape
The technical challenges enterprises are facing as we head into 2025 transcend traditional security concerns. While data breaches and compliance violations remain critical threats, we’re now confronting additional issues like:
• An opaque AI model supply chain that makes monitoring and mitigating vulnerabilities more complex.
• Hackers disguising malicious inputs as legitimate user prompts.
• Models trained on proprietary datasets that risk leaking intellectual property by memorizing and reproducing confidential content.
It’s not surprising that concerns about AI-enhanced attacks are what’s keeping risk professionals up at night.
The rise of edge computing and IoT has further complicated matters. Each smart endpoint is a node that could be leveraging AI for data analysis—often with minimal oversight. From manufacturing floors to corporate offices, these systems are processing sensitive data and making automated decisions that could impact operations, safety and compliance.
How To Adapt To The New Normal
The good news is that regulatory efforts are evolving in response. Beyond GDPR and privacy regulations, we’re seeing the emergence of AI-specific governance frameworks. But it’s not enough. Organizations looking to stay ahead need to demonstrate active control and visibility not just over their data but over how AI will be integrated across their entire IT ecosystem.
Enterprises should adapt their approach to visibility and control for this new reality by focusing their attention on several key areas:
AI-Aware Asset Discovery
Traditional asset management tools aren’t equipped to handle the complexity of modern AI deployments. Organizations need systems that can identify not just where AI tools are being used but how they’re being used—including model lineage, training data sources and inference patterns.
Zero Trust For The AI Era
Modern zero-trust architectures need to evolve beyond identity and device verification. They must account for AI model authenticity, training data provenance and inference result validity.
Streamlined AI Governance
Rather than trying to prevent shadow AI adoption, successful organizations are creating fast-track approval processes for vetted AI tools and platforms. This includes preapproved model repositories, standardized evaluation frameworks and clear guidelines for different types of AI use cases.
Modern Procurement Frameworks
Traditional software procurement processes don’t work for AI tools. Organizations need new frameworks that can evaluate modern risks while moving at the speed of innovation.
The Path Forward In 2025
The challenge of IT visibility has evolved from a security and compliance issue to a fundamental business challenge. Organizations that can effectively monitor and govern their IT operations while enabling rapid innovation will likely have a significant competitive advantage.
The key is to find the right balance between innovation and control. Innovation can’t take priority over security. That balance will be different for every organization, but is essential for all.
Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?
