Skip to main content
Skip to navigation

Third Party Risk

Shadow AI: Another element of TPRM

By Neil Hodge2025-10-14T20:40:00

Companies may face significant financial and legal risks if they fail to vet suppliers and third parties over their use of unauthorized AI and how the technology may use and share their corporate data.

Experts also believe companies could be at risk of violating data privacy laws if, by using “shadow AI”, their information is passed on by vendors and contractors to train AI models without explicit consent, while potentially sensitive corporate information could be leaked in the process as well.

“The reality is that shadow AI isn’t just inside your four walls anymore. If your governance doesn’t account for your entire ecosystem, you’re flying blind,” said Mike Scott, CISO at data security software firm Immuta.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Premium
New EU Data Act may impact companies’ GDPR compliance efforts

2025-10-27T19:06:00Z By Neil Hodge

New rules that have recently come into effect across the EU will allow for greater transfers of data between companies, though experts fear the changes could conflict with Europe’s strict privacy legislation, which protects personal information.
Article
Employee use of ‘shadow AI’ poses significant risks for companies

2025-10-20T19:28:00Z By Neil Hodge

Companies face increased risk of cyberattacks, data loss, and even regulatory action because employees are using unapproved “shadow AI” tools to help with work-related tasks.
News Brief
AMLA: What difference will the agency make in the EU’s fight against moneylaundering?

2025-10-16T20:38:00Z By Neil Hodge

Europe’s massive financial sector has become a magnet for illicit money flowing through its banks and markets. A new EU agency will be taking the problem head-on to fight against money laundering.

More from Third Party Risk

News Brief
Banking regs issue guidance on risks posed by bank-fintech relationships

2024-07-26T19:49:00Z By Aaron Nicodemus

Three federal banking regulators issued guidance on the risks posed by the use of third-party financial technology firms to deliver bank deposit products and services to customers.
Premium
How fintechs can overcome major compliance hurdles in embedded finance

2024-07-01T15:45:00Z By Margaret Holmes Tibbets, CW guest columnist

Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.
Premium
Banks must bolster awareness of fintech partner risks, experts advise at Fordham

2024-07-01T15:44:00Z By Aaron Nicodemus

During a panel at Compliance Week’s Financial Crimes and Regulatory Compliance Summit, held June 10-11 in New York, experts discussed nuances in bank-financial technology partnerships, offering best practices for how banks should protect themselves.