Are we over-focused on AI controls while shadow AI spreads everywhere? : cybersecurityjump to contentmy subreddits<br>edit subscriptions<br>popular<br>-all<br>-users<br>| AskReddit<br>-pics<br>-funny<br>-movies<br>-gaming<br>-worldnews<br>-news<br>-todayilearned<br>-nottheonion<br>-explainlikeimfive<br>-mildlyinteresting<br>-DIY<br>-videos<br>-OldSchoolCool<br>-TwoXChromosomes<br>-tifu<br>-Music<br>-books<br>-LifeProTips<br>-dataisbeautiful<br>-aww<br>-science<br>-space<br>-Showerthoughts<br>-askscience<br>-Jokes<br>-Art<br>-IAmA<br>-Futurology<br>-sports<br>-UpliftingNews<br>-food<br>-nosleep<br>-creepy<br>-history<br>-gifs<br>-InternetIsBeautiful<br>-GetMotivated<br>-gadgets<br>-announcements<br>-WritingPrompts<br>-philosophy<br>-Documentaries<br>-EarthPorn<br>-photoshopbattles<br>-listentothis<br>-blog
more "
reddit.com cybersecuritycomments
Want to join? Log in or sign up in seconds.
limit my search to r/cybersecurityuse the following search parameters to narrow your results:<br>subreddit:subredditfind submissions in "subreddit"author:usernamefind submissions by "username"site:example.comfind submissions from "example.com"url:textsearch for "text" in urlselftext:textsearch for "text" in self post contentsself:yes (or self:no)include (or exclude) self postsnsfw:yes (or nsfw:no)include (or exclude) results marked as NSFWe.g. subreddit:aww site:imgur.com dog<br>see the search faq for details.
advanced search: by author, subreddit...
this post was submitted on 27 Mar 2026<br>60 points (95% upvoted)<br>shortlink:
Submit a new link
Submit a new text post
cybersecurity<br>joinleaveNOTICE:
This sidebar and rules are no longer being updated. To see the current sidebar and rules you must view them on new reddit.
https://sh.reddit.com/r/cybersecurity
a community for 14 years
MODERATORS
message the mods
0 · 53 comments<br>I've ripped and replaced a security product. Ask me anything.<br>21 · 77 comments<br>Mentorship Monday - Post All Career, Education and Job questions here!<br>188 · 17 comments
Bad cybersecurity by Secret Service agents put US officials at risk, inspector general says<br>27 · 6 comments
Chrome Ad Blocker with 10M+ Installs Found with Dormant Script Injection Capability<br>235 · 197 comments<br>Do businesses actually care about cybersecurity?<br>26<br>New details from the Snowden files found by the Libroot collective<br>50 · 11 comments<br>Hackers on Planet Earth - statement on AI<br>10 · 1 comment<br>DirtyClone (CVE-2026-43503): JFrog's catch on the DirtyFrag fix regression, with a detectable PoC<br>28 · 32 comments<br>How much does having FAANG experience help? Does it hold the same amount of weight as software developers?<br>33 · 35 comments<br>Five Eyes agencies say AI is shrinking the vuln-to-exploit window to "months, not years" — what are you actually changing?
Welcome to Reddit,<br>the front page of the internet.<br>Become a Redditorand join one of thousands of communities.
×
59<br>60<br>61
Are we over-focused on AI controls while shadow AI spreads everywhere?AI Security (self.cybersecurity)<br>submitted 3 months ago by chadwik66Security Awareness Practitioner
It feels like everyone is scrambling to secure AI systems that have gone through official procurement and security channels. Meanwhile, the bigger issues seems to be what's been adopted without any visibility.
Sure, prompt injection, hallucinations and MCP security all matter. But those feel like needles in haystacks compared to unseen adoption. There's a ton of AI tooling getting connected directly to APIs, Slack, email, databases and internal docs.
It's never reviewed. Never approved. And given overly permissive access.
And then it just sits there, accessing data forever.
Are we all over-optimizing on deep AI tech controls while missing the bigger visibility problem?
Curious if others are seeing the same, or if I've just been stuck in too many exec-level conversations.
45 comments<br>share<br>save<br>hide<br>report
all 45 comments<br>sorted by: best<br>topnewcontroversialoldrandomq&alive (beta)
Want to add to the discussion?<br>Post a comment!<br>Create an account
[–]msj817 22 points23 points24 points 3 months ago (1 child)<br>Yes and the same goes with AI inside of SaaS apps as well. Taking proactive steps to complete a Saas/AI inventory is crucial to build a baseline and watch diffs & adoption from there. There are browser tools to do this, across login types. That helps with human use and in some case machine use, if something like Claude starts leveraging the browser.
permalink<br>embed<br>save<br>report<br>reply
[–]chadwik66Security Awareness Practitioner[S] 8 points9 points10 points 3 months ago (0 children)<br>Claude in the browser exploiting an AI agent in Salesforce...how many CISO bingo cards was that on before today?!
permalink<br>embed<br>save<br>parent<br>report<br>reply
[–]Mooshux 10 points11 points12 points 3 months ago (12 children)<br>The focus mismatch you're describing makes sense organizationally but leaves a real gap. Official AI procurement goes through procurement, so security gets visibility. Shadow AI doesn't, so the credential surface is completely invisible.
The part that's underappreciated:...