This issue is rated MEDIUM severity because it involves unauthorized tools that may expose sensitive data but does not directly indicate a vulnerability. The real-world impact depends on how these tools handle and store data.
The organization has discovered 47 unauthorized AI tools in use across various departments, posing a potential security risk due to uncontrolled data handling and potential compliance issues.
Affected Systems
- Marketing, Engineering, Product Teams' Systems
Remediation
- Conduct an audit to identify all functionalities of the unauthorized AI tools and assess their compliance with organizational security policies.
- Develop a formal process for evaluating and approving new AI tools based on security and privacy impact assessments.
- Implement monitoring solutions to track usage and data flow through these tools, ensuring compliance and mitigating risks.
Stack Impact
This issue does not directly affect specific services like nginx or openssl. However, it impacts organizational data handling practices across various software environments.