Some companies are treating AI like a productivity cheat code. Others are blocking it and pretending that solves the problem. Both approaches can go sideways fast.

In this episode of Get NIST-y, we talk about what it actually looks like to handle AI usage and shadow IT without turning your environment into the Wild West or locking people down so hard they work around you anyway.

- If you cannot explain the business process, AI is not helping. It is just accelerating mess.

- Users need guardrails, not vague warnings. Give them approved tools and clear rules or they will create shadow AI.

- AI output is not truth. Your team still owns the result and has to check the work.

- The fastest way to find shadow SaaS is still one of the oldest tricks in the book: get close to accounting and expense reports.

We answer:

- How are you handling AI usage?

- How do you handle shadow IT when it is now mostly random SaaS and AI tools instead of obvious rogue hardware servers?

Submit your question: https://blacksmithinfosec.com/nisty/