As AI usage becomes more prevalent in organizations globally, security teams must get full visibility into these applications. Building a comprehensive inventory of AI applications in your environment is a first step. Read on to learn what we found about AI application-usage in the real world when we analyzed anonymized telemetry data from scans using Tenable’s products.
Here’s a common scenario in enterprises today: Under the CISO’s guidance, the security team has set up rigorous processes to review and approve all artificial intelligence (AI) applications before they are deployed. An AI governance board and data review council have been established to ensure compliance with internal InfoSec policies. By all accounts, AI is being leveraged in a completely controlled manner on the hosts that are regularly monitored and patched.
Or is it?
A recent analysis of Tenable’s anonymized telemetry data shows that many security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes.
In other words, despite establishing formal policies and detailed procedures for deploying AI securely, many enterprises are discovering that their employees have taken a free hand with AI, creating a shadow IT problem.
What our telemetry data shows
Unquestionably, AI represents a great opportunity for organizations to improve and transform their operations, so it’s not surprising that the world is abuzz with the promise of AI. This technology is more pervasive than we could have ever imagined two years ago, and AI is everywhere – think of ChatGPT, Grammarly, H2O, Ollama and many others.
Over a recent 30-day period, Tenable scans found 1.7 million instances of AI applications on more than 287,000 hosts. Over 33% of customers that scanned using detections for AI applications found them in their environment. This is according to anonymized telemetry data from customers that agreed to share it with Tenable.
Because the data is anonymized and aggregated, it is not feasible to know the exact percentage of applications that were unapproved. However, even in cases where only a minority of the applications found were unapproved, their detection would have been critically important. That’s because AI applications that are unmanaged and unsecured represent a major risk.
Obtaining a complete inventory of all your AI applications – approved and unapproved – gives you the visibility you need to protect your attack surface. Such an inventory also allows you to make sure that approved AI applications are being used properly and only by their authorized users.
Benchmarking
Let's take a look at the top geographies
In terms of the raw number of times these AI plugins triggered detections, the Americas lead the way, followed by Europe, the Middle East and Africa (EMEA) and then Asia-Pacific (APAC.) However, EMEA ranked first with 22% of AI-related scans resulting in a detection while in APAC it was about 5% and the Americas at 18%. Our recommendation is to scan your environment regularly with the Tenable AI scan template because the percentages above denote a likely probability of detection of an AI application in your environment.
AI usage by industry
Retail leads the way by a big margin followed by the Technology and Telecommunications sectors.
This chart shows a vertical-industry breakdown of triggers of Tenable’s AI plugins.
AI usage by size of organization
As expected, the number of detections vary depending on the size of the organization. Small organizations can easily see up to 100 detections a day while the very large ones are seeing 30,000-plus detections a day for AI applications.
AI browser plugins
There are hundreds of browser plugins leveraging AI. The most popular ones are:
App | Raw counts in Tenable scans |
---|---|
Grammarly: AI writing and grammar-checker App | 6,781,023 |
LanguageTool: AI grammar-checker and paraphraser | 1,726,138 |
Magical: AI writer and autofill text expander | 534,502 |
Scribe: AI documentation, SOPs and screenshots | 284,470 |
QuillBot: AI writing and grammar-checker Tool | 244,424 |
Wordtune: Generative AI productivity platform | 198,134 |
ChatGPT for Google | 116,122 |
AI zero days
There are over 400 vulnerabilities disclosed in AI applications so far and Tenable's researchers have discovered a handful as well that are in various stages of disclosure. Among those that have been published are NextChat Server-Side Request Forgery / Cross-Site Scripting and SSRF Security Feature Bypass in Azure AI and ML Studios.
This number is still very small as AI security is in the nascent stage: 400 vulnerabilities is a small drop in the ocean when compared to the tens of thousands disclosed each year overall. However, we are only getting started with AI security in the ecosystem as a whole.
What can you do to elevate your security posture further?
- Be in the know. Build an inventory of AI applications found in the organization and correlate with the ones that have been approved by the AI governance board of the organization.
- Regularly scan with plugins released for Tenable Vulnerability Management, Tenable Security Center, Tenable Nessus, Tenable Nessus Network Monitor, Tenable WebApp Scanning and Tenable OT Security.
- Leverage dashboard templates in Tenable Vulnerability Management and Tenable Security Center to review findings from the plugins.
- Mitigate frequently.
- You should never trust user inputs, and AI isn’t an exception. Follow first principles of security, security best practices and validate, validate, validate. Check out our blog about this topic.
Below you'll find links to our plugins for Tenable Vulnerability Management, Tenable Web App Scanning and Tenable Nessus Network Monitor.