Skip to main content
Skip to navigation

Third Party Risk

Shadow AI: Another element of TPRM

By Neil Hodge2025-10-14T20:40:00

Companies may face significant financial and legal risks if they fail to vet suppliers and third parties over their use of unauthorized AI and how the technology may use and share their corporate data.

Experts also believe companies could be at risk of violating data privacy laws if, by using “shadow AI”, their information is passed on by vendors and contractors to train AI models without explicit consent, while potentially sensitive corporate information could be leaked in the process as well.

“The reality is that shadow AI isn’t just inside your four walls anymore. If your governance doesn’t account for your entire ecosystem, you’re flying blind,” said Mike Scott, CISO at data security software firm Immuta.

THIS IS MEMBERS-ONLY CONTENT

You are not logged in and do not have access to members-only content.

If you are already a registered user or a member, SIGN IN now.

Related articles

Article
Tough reporting rules makes compliance key issue for chemicals industries

2025-10-10T21:38:00Z By Neil Hodge

Wide-ranging and overlapping regulations across multiple jurisdictions present potentially massive compliance headaches for companies working in the chemicals industry, especially as regulators increasingly focus on environmental reporting linked to the lifecycle of some products.
Article
Employee faith in whistleblowing programs wanes when companies act selectively

2025-10-09T19:14:00Z By Neil Hodge

Whistleblowing hotlines are rightly championed as valuable tools for employees and even third parties to raise concerns about corporate conduct. But it seems some complaints may be acted upon more keenly than others, particularly if blame can be pinned to one individual and any potential fallout can be ring-fenced.
Article
U.K. enforcement appetite over off-channel comms grows as U.S. wanes

2025-10-01T21:10:00Z By Neil Hodge

The U.K’.s financial regulator has given a strong indication that financial firms’ use of unauthorized devices and apps is under scrutiny and that policies around off-channel communications need to be tightened up.

More from Third Party Risk

News Brief
Banking regs issue guidance on risks posed by bank-fintech relationships

2024-07-26T19:49:00Z By Aaron Nicodemus

Three federal banking regulators issued guidance on the risks posed by the use of third-party financial technology firms to deliver bank deposit products and services to customers.
Premium
How fintechs can overcome major compliance hurdles in embedded finance

2024-07-01T15:45:00Z By Margaret Holmes Tibbets, CW guest columnist

Margaret Holmes Tibbets, chief compliance officer at financial technology company Pipe, explains how firms are facing an existential compliance crisis, and to survive they’ll need to overcome not one but two hurdles.
Premium
Banks must bolster awareness of fintech partner risks, experts advise at Fordham

2024-07-01T15:44:00Z By Aaron Nicodemus

During a panel at Compliance Week’s Financial Crimes and Regulatory Compliance Summit, held June 10-11 in New York, experts discussed nuances in bank-financial technology partnerships, offering best practices for how banks should protect themselves.