Editorial analysis - practitioner significance: Rapid, decentralized adoption of AI tooling shifts the locus of risk from central platforms to individual workflows and endpoints. For security engineers, SREs, and ML ops teams this means more blind spots where sensitive training data, model prompts, or generated artifacts may leak outside monitored pipelines, increasing the operational burden for discovery, classification, and response.
What happened (reported facts)
BetaKit reports that Fortinet Executive Vice President Robert May spoke at a Fortinet event in Montréal about the operational pressures AI is placing on security teams. May is identified in the article as overseeing the Fortinet Security Fabric platform. BetaKit quotes May saying companies "don't even know the problem that they're dealing with," and reporting that two years ago usage was limited to tools like ChatGPT but today there are "thousands of tools" employees use, often without IT visibility. BetaKit also references a McKinsey survey finding that all respondents used AI in some fashion, and notes Fortinet reporting that only half of surveyed leaders believe their boards are "fully aware" of AI risks. May warned that AI tools are touching firms' most sensitive data and gave the example that automated code-writing tools could expose source code, which "would make your whole value proposition... public," per BetaKit.
Editorial analysis - technical context: Decentralized AI usage creates three interlocking operational problems for defenders: discovery (identifying what models and SaaS agents are active), data classification (detecting sensitive content in prompts and outputs), and telemetry correlation (connecting API usage back to identities and services). These are common gaps when shadow IT expands quickly; comparable incidents in past cloud and shadow-SaaS waves show delayed detection and elevated cleanup costs.
Industry context
Organizations with compressed security headcount face triage-first workflows that prioritize high-confidence alerts. This increases false negatives for novel AI-driven exfiltration patterns and pushes governance toward post-incident remediation rather than proactive policy enforcement.
What to watch
indicators include inventories of third-party AI integrations, the presence of enterprise API gateways or CASB controls for model APIs, and whether boards or risk committees publicly document AI governance frameworks. BetaKit reports provide the immediate signals; practitioners should monitor vendor disclosures and cross-team inventories to assess exposure.
Reported-event sourcing: The facts above are drawn from BetaKit's coverage of Robert May's keynote and cited surveys, as reported in the scraped article.
Key Points
- 1Decentralized AI usage increases discovery and telemetry gaps, shifting risk into developer and business-unit workflows.
- 2Security teams face three core operational gaps: discovery, data classification, and telemetry correlation for AI APIs.
- 3Boards and leadership awareness lag behind tool adoption, complicating enterprise governance and risk prioritization.
Scoring Rationale
The story highlights a pressing operational challenge for security and ML/infra teams as AI tools spread rapidly inside organizations. It is directly relevant to practitioners but does not introduce new technology or a major vendor shift, making it notable rather than watershed.
Practice with real Ad Tech data
90 SQL & Python problems · 15 industry datasets
250 free problems · No credit card
See all Ad Tech problems
