Threat Domain / Category Index

Technology and AI Use Cases

Technology and AI use cases involve the use of approved, unapproved, emerging, or poorly governed technology in ways that expose sensitive data, create unapproved workflows, weaken controls, or obscure accountability.

These scenarios include public AI tools, enterprise-integrated AI platforms, AI assistants, browser extensions, unauthorized software, unsanctioned cloud services, collaboration tools, transcription services, and shadow workflows.

A mature insider-risk program treats AI and shadow technology as exposure channels that require governance, acceptable-use rules, data protection, monitoring, workforce training, legal and privacy review, and executive reporting.

Aligned ITM Objects Board

These core Insider Threat Matrix™ objects are frequently observed in connection with this threat domain. Aligning monitoring controls to these objects ensures targeted coverage of preparation and infringement pathways. For complete framework definitions, refer to the Insider Threat Matrix™.

ITM IDObject NameTactical Context
ME006Web AccessLeveraging unapproved SaaS software, browser plug-ins, or personal cloud tools that bypass enterprise security visibility.
ME030Enterprise-Integrated AI PlatformsUtilizing company-provided AI platforms (such as Microsoft Copilot) to aggregate and extract sensitive data at scale.
PR038AI-Assisted Capability DevelopmentGenerating security-bypass code, writing malicious automation scripts, or organizing attacks via generative AI help.
PR035Delegated Preparation via Artificial Intelligence AgentsDelegating automated data collection, parsing, or server scanning to unauthorized third-party AI agents.
IF018Sharing on AI Chatbot PlatformsExposing corporate intellectual property by inputting sensitive text, database schemas, or plans into public chatbot models.
IF028Delegated Execution via Artificial Intelligence AgentsExecuting automated processes, code deployments, or unapproved data transfers using autonomous AI agents.
IF009Installing Unapproved SoftwareInstalling unauthorized AI interfaces, development tools, or browser add-ons on corporate-managed devices.

Priority Use Cases in this Category (4)

AI Chatbot Data Leakage

A user places sensitive information into a public or enterprise AI tool without understanding retention, history, integration, downstream access, or data-use implications.

/ai-chatbot-data-leakage/Explore use case detail

Sensitive Data in Copilots and AI Tools

An integrated AI assistant surfaces, summarizes, or acts on data that is technically accessible but not appropriate for the user, role, purpose, or context.

/sensitive-data-in-copilots-and-ai-tools/Explore use case detail

Shadow AI and Shadow IT

Users adopt unapproved applications, AI tools, extensions, or cloud services to accomplish work faster, creating unsanctioned data flows and control gaps.

/shadow-ai-and-shadow-it/Explore use case detail

Unauthorized Software Installation

A user installs software, extensions, browsers, remote tools, or other unapproved applications that bypass governance, weaken monitoring, or enable misuse.

/unauthorized-software-installation/Explore use case detail
Educational Reference NoteThis category index page is part of the ITMG® Insider Risk Body of Knowledge™. The Insider Threat Matrix™ is an open framework maintained by Forscie Limited. All rights reserved. For program implementation frameworks, metrics baselines, or proprietary assessment algorithms, please consult the Insider Risk Capability Framework™ (IRCF™) or schedule a Guided Exposure Assessment with ITMG®.