RSAC 2026: Shadow AI Is a Data Loss Risk

The easiest way to misunderstand shadow AI is to imagine rogue engineers experimenting with forbidden tools in some dark corner of the network. In reality, it looks much quieter: a writing assistant, a meeting summarizer, a browser plug-in, a spreadsheet feature, or an embedded AI capability nobody flagged as a security risk.

This is why one detail from CSO Online’s RSA 2026 recap lands so well. Singulr AI’s Shiv Agarwal reportedly noted that Grammarly was the most commonly discovered unsanctioned AI application in enterprise assessments. That does not make Grammarly malicious. Instead, it shows how ordinary productivity tools turn into unmanaged AI pathways — unremarkable, widespread, and easy to ignore.

In the same recap, Singulr AI reported finding between 350 and 430 AI services and features in active enterprise use, most of them never formally sanctioned. This is vendor data, not a universal benchmark. However, the pattern is familiar: employees adopt tools faster than governance models can keep up.

The Risk Is What Employees Put Into the Tool

Shadow AI is not about the tool itself. It is about the data flowing through it.

Employees paste customer records into summarizers because official workflows move too slowly. Developers feed stack traces into assistants — sometimes with credentials included. Sales teams upload contract language into writing tools. Managers summarize employee feedback through browser extensions. Nobody believes they are leaking data. They believe they are doing their job.

That is exactly why the risk is difficult to manage. Shadow AI looks like productivity until someone asks where the data went, whether it was retained, whether it trained a model, whether it crossed jurisdictions, and whether anyone can prove what actually happened.

Why Traditional DLP Struggles Here

Traditional data loss prevention assumes predictable channels and static rules: email attachments, file transfers, endpoint movement, and cloud uploads. Shadow AI breaks those assumptions.

Instead, interactions happen inside browsers. Prompts replace files. Users paste text, upload screenshots, generate summaries, or retrieve internal context. At the same time, AI features appear inside existing platforms or through extensions installed for convenience.

Microsoft’s RSAC 2026 Edge for Business announcement highlights this shift. Employees actively use consumer AI tools at work, often exposing sensitive data that those tools may retain or use for training. In response, Microsoft emphasizes auditing and blocking prompts or uploads when sensitive data is detected — not banning AI, but controlling how data moves into unmanaged systems.

Shadow AI Shows Up at the Data Layer

The monitoring layer rarely labels something as “AI.” Instead, it reveals the behavior that feeds it.

For example, shadow AI may appear as unusual exports, repeated access to sensitive tables, new service accounts, bulk retrieval before prompt submission, or query patterns that deviate from normal behavior. Even sanctioned tools can create shadow-like risk when users connect personal accounts, link the wrong data sources, or bypass enterprise controls.

This is where organizations often get it wrong. They focus on discovering AI tools while ignoring the underlying data activity. Tool inventory matters, but it is not enough. Teams must also understand which sensitive data gets accessed before it flows into AI workflows.

Static Board Reporting Cannot Keep Up

The RSA recap quoted Singulr AI’s Richard Bird making a blunt point: a monthly board report becomes useless when the risk profile changes between morning and afternoon. This is not a reporting problem — it is a control latency problem.

Shadow AI evolves constantly. New tools appear, existing platforms add AI features, employees switch accounts, and vendors embed AI into previously ordinary workflows. As a result, a static report might list ten approved tools, while real activity shows dozens of unmanaged access paths.

Boards do not need longer reports. They need better evidence: which tools are active, which data is exposed, which identities are involved, which controls apply, and how behavior has changed since the last review.

The Market Is Rebuilding DLP for AI

The industry has already started adapting. CrowdStrike and AWS recognized Jazz as the winner of the 2026 Cybersecurity Startup Accelerator for its AI-driven data loss prevention approach. This does not crown a single winner. Instead, it signals a broader shift: DLP is moving toward context, behavior, and data flow rather than static rule sets.

This pressure is necessary. Shadow AI cannot be governed through policy alone. It requires detection, context, and enforcement at the point where sensitive data is accessed and moved.

The Practical Response Is Governed Adoption

Banning AI is the lazy answer. It also tends to fail, because people who need productivity will find another route. The better answer is governed adoption: approved tools, clear data boundaries, runtime monitoring, and controls that reduce exposure without forcing employees into absurd workarounds.

• Inventory sanctioned and unsanctioned AI tools, including embedded features and browser extensions.
• Classify sensitive data so employees and controls know what should not be submitted casually.
• Monitor database access patterns that may feed AI prompts, summaries, exports, or uploads.
• Mask sensitive values where AI workflows only need context, categories, or aggregate information.
• Provide approved AI paths that are fast enough for real work, not ceremonial portals nobody uses.
• Audit and block high-risk data movement into unmanaged AI tools where necessary.

What This Looks Like in Practice

A support manager needs to summarize a messy customer escalation. The approved internal workflow takes too long, so they paste ticket notes into a consumer AI tool. The notes include customer names, account details, and internal remediation plans. The manager is not trying to leak data. They are trying to survive the workday.

The failure is not only user behavior. The failure is that sensitive data was easy to retrieve, easy to paste, and hard for the organization to observe. Shadow AI is usually a data-governance failure before it becomes a disciplinary issue.

Where DataSunrise Fits

DataSunrise helps bring shadow AI risk back to the data layer, where the exposure begins. Sensitive Data Discovery helps organizations identify PII, PHI, financial records, and other sensitive categories across databases and platforms. Activity Monitoring provides visibility into how users, applications, and service accounts interact with databases. Dynamic Data Masking can reduce exposure when workflows do not require raw sensitive values, and Data Audit preserves evidence for investigation and compliance. Shadow AI will keep changing names and interfaces. The practical control point remains consistent: know what sensitive data exists, see who or what is accessing it, and limit exposure before it disappears into an unmanaged AI workflow.