Technology and AI Use Cases
Technology and AI use cases involve the use of approved, unapproved, emerging, or poorly governed technology in ways that expose sensitive data, create unapproved workflows, weaken controls, or obscure accountability.
These scenarios include public AI tools, enterprise-integrated AI platforms, AI assistants, browser extensions, unauthorized software, unsanctioned cloud services, collaboration tools, transcription services, and shadow workflows.
A mature insider-risk program treats AI and shadow technology as exposure channels that require governance, acceptable-use rules, data protection, monitoring, workforce training, legal and privacy review, and executive reporting.
Aligned ITM Objects Board
These core Insider Threat Matrix™ objects are frequently observed in connection with this threat domain. Aligning monitoring controls to these objects ensures targeted coverage of preparation and infringement pathways. For complete framework definitions, refer to the Insider Threat Matrix™.
| ITM ID | Object Name | Tactical Context |
|---|---|---|
| ME006 | Web Access | Leveraging unapproved SaaS software, browser plug-ins, or personal cloud tools that bypass enterprise security visibility. |
| ME030 | Enterprise-Integrated AI Platforms | Utilizing company-provided AI platforms (such as Microsoft Copilot) to aggregate and extract sensitive data at scale. |
| PR038 | AI-Assisted Capability Development | Generating security-bypass code, writing malicious automation scripts, or organizing attacks via generative AI help. |
| PR035 | Delegated Preparation via Artificial Intelligence Agents | Delegating automated data collection, parsing, or server scanning to unauthorized third-party AI agents. |
| IF018 | Sharing on AI Chatbot Platforms | Exposing corporate intellectual property by inputting sensitive text, database schemas, or plans into public chatbot models. |
| IF028 | Delegated Execution via Artificial Intelligence Agents | Executing automated processes, code deployments, or unapproved data transfers using autonomous AI agents. |
| IF009 | Installing Unapproved Software | Installing unauthorized AI interfaces, development tools, or browser add-ons on corporate-managed devices. |
Priority Use Cases in this Category (4)
AI Chatbot Data Leakage
A user places sensitive information into a public or enterprise AI tool without understanding retention, history, integration, downstream access, or data-use implications.
Sensitive Data in Copilots and AI Tools
An integrated AI assistant surfaces, summarizes, or acts on data that is technically accessible but not appropriate for the user, role, purpose, or context.
Shadow AI and Shadow IT
Users adopt unapproved applications, AI tools, extensions, or cloud services to accomplish work faster, creating unsanctioned data flows and control gaps.
Unauthorized Software Installation
A user installs software, extensions, browsers, remote tools, or other unapproved applications that bypass governance, weaken monitoring, or enable misuse.