Dive Brief:
- More than one-fifth of organizations running macOS networks have lost money or experienced a cyberattack because of their use of AI tools, according to a report that network management vendor Jamf released on Tuesday.
- Roughly six in 10 macOS-based organizations expect an AI-related incident in the near future, the survey found.
- The report, based on interviews with 687 IT and security leaders managing MacOS network environments, also describes system administrators’ AI implementation priorities, the largest areas of risk they face and Jamf’s recommendations for mitigating those risks.
Dive Insight:
MacOS-based enterprises are overwhelmingly using AI, according to Jamf’s report, with roughly 73% reporting that they have deployed it already and another 20% exploring deployments. But network administrators overseeing the adoption of AI face a range of dangers.
The biggest and best-known risk is shadow AI, which refers to employees’ use of unapproved and ungoverned AI tools. When “IT is left in the dark about what AI systems are used,” that “lack of visibility makes security and governance difficult, if not impossible,” Jamf said.
Agentic AI is becoming popular within enterprises, but it carries risks, too. IT and security leaders said they struggled to deploy AI agents “in a way that enables users without putting data at risk,” according to the report. “With appropriate permissions, agentic AI opens serious risks to code bases if insecure or problematic code is added or necessary code is removed.”
The wide range of AI vendors also poses a problem for tech leaders in charge of acquisition. “Vetting and deploying each possible AI tool is time consuming and difficult for IT teams, especially at the speed AI is moving,” Jamf said in its report.
AI’s usage-based model also creates unwelcome surprises for organizations, a challenge magnified by a lack of governance that leaves IT supervisors unaware of how many paid licenses their organizations maintain and which tools are providing the best value for their cost.
Managing these challenges requires strong AI governance, but governance ranked third on survey respondents’ list of priorities, after automating their IT management activities and using AI to improve workers’ productivity. AI security improvements ranked fifth on the list.
Governance will become more pressing for organizations as they adopt AI more extensively. Jamf’s data highlights a correlation between the depth of an organization’s use of AI and the likelihood that it has experienced an AI-related incident. The incident rate among organizations exploring AI was less than 20%, the low end of the scale, while the rate among organizations that have “deeply integrated” AI into their workflows was 27%, the high end.
To tamp down on AI risk exposure, Jamf recommended that organizations expand visibility through regular audits, focus on software governance rather than user governance (including through carefully enforced data-access policies), integrate governance from the earliest possible deployment stage and use built-in tools whenever possible for the most streamlined experience.
