AI Is Redefining Data Risk. What CISOs Need to Know About the Security Shift

Varonis Field CTO Matt Lock on Shadow AI, Managing Risks and Path to Safe Adoption Anna Delaney (annamadeline) • June 11, 2025

More than 99% of organizations now have sensitive data exposed to artificial intelligence tools, revealing a critical weakness in legacy security models. As AI adoption accelerates, traditional perimeter-based controls have failed to keep pace. The widespread reliance on internal trust and outdated protections leaves organizations vulnerable, said Matt Lock, field CTO for EMEA at Varonis.

A key driver of this risk is the lack of data-centric security. AI tools, especially generative models, utilize every permission a user holds. When access isn't strictly managed, the tools can inadvertently tap into sensitive information. Employees using AI apps without approval - shadow AI - increases the threat. These tools require no installation, often bypassing IT oversight, and users rarely understand the impact of uploading sensitive data into them.

"PII, source codes are being ...