InCyber Forum 2026: The Ban on AI, a Strategic Trap
Le brief IA que les pros lisent chaque soir
Les 7 actus IA du jour, décryptées en 5 min. Gratuit.
Inclus dès l'inscription : notre sélection des meilleurs guides & comparatifs IA.
Choisis ton rythme
Gratuit · Pas de spam · Désabonnement en 1 clic
The phenomenon of Shadow AI, which refers to the use of artificial intelligence tools not approved by companies, poses an increasing challenge in the field of cybersecurity. This topic was widely discussed at the InCyber Forum 2026, highlighting the need for a thoughtful integration strategy for these technologies.
According to Ivan Rogissat from Zscaler, banning access to AI tools can drive employees to use them clandestinely, reducing the company's visibility into these practices and increasing security risks. The responsibility in the event of a data breach depends on the use and authorization of AI tools, forcing companies to balance performance and the security of data flows.
Context and Issues
At the InCyber Forum, discussions highlighted the growing threats to companies, particularly Shadow AI. Two central questions emerge in the face of this challenge: what strategy to adopt and what responsibilities arise in the event of internal data leaks? Shadow AI is seen as the modern counterpart to Shadow IT. As the capabilities of these solutions continue to grow, companies must find a way to integrate them effectively without stifling employees' appetite for tools that promise productivity.
Ban and Clandestinity
Ivan Rogissat emphasizes that the instinctive reaction of many companies has been to block access to AIs. However, this approach is a major strategic mistake. Banning the tool does not eliminate the need but pushes employees to use these tools outside the professional framework, resulting in a total loss of visibility.
Performance and Security
The quest for productivity and curiosity about new technologies are priorities for many employees. Ivan Rogissat states that performance has become non-negotiable. If a solution does not meet performance expectations, users will seek unofficial alternatives. The real challenge for companies is to combine flow management and performance. A priority is to identify sensitive information, as many data remain unclassified.
Responsibility in Case of Breach
If banning is a dead end, the question of responsibility in the event of data compromise arises. If a breach occurs via an approved and internally deployed AI, the responsibility falls on the IT management. Conversely, if an employee uses an unauthorized tool, the responsibility lies with the user. For the IT department, the challenge is to secure data while maintaining performance and simplicity for the user.
Brief IA — L'actualité IA en français
L'essentiel de l'actualité de l'intelligence artificielle, décrypté et expliqué chaque jour.