In the fast-paced world of technology, change is often the only constant. For Chief Information Security Officers (CISOs), the shift towards on-device inference for large language models (LLMs) is not just another change—it's a seismic shift that demands immediate attention. As employees start running powerful AI models locally, bypassing traditional network security measures, a new era of "Shadow AI 2.0" emerges, posing unique challenges and risks.
The Quiet Revolution of Local AI
For the past year and a half, the strategy to manage generative AI in enterprises was relatively straightforward: control what happens in the cloud. Security teams focused on monitoring and controlling data that moved beyond the corporate firewall. However, this approach is becoming obsolete as more employees start to leverage the power of AI directly on their devices.
Three technological advancements have contributed to this shift:
- Consumer-grade hardware advancements: Modern laptops, such as a high-end MacBook Pro, can now run sophisticated models with ease, transforming what was once only possible on multi-GPU servers into a routine task.
- Mainstream quantization: The ability to compress models into smaller formats that maintain performance has made it feasible to run these models locally.
- Seamless distribution: Access to open-weight models is now as simple as executing a single command, enabling employees to run AI models without any network dependency.
This ability to operate AI locally means activities that once required internet access can now occur entirely offline, creating a scenario where network-security tools may detect nothing out of the ordinary.
Redefining Risk: From Exfiltration to Integrity
With data no longer necessarily leaving the confines of the corporate network, one might wonder why CISOs should be concerned. The answer lies in the shifting nature of risks from data exfiltration to concerns about integrity, provenance, and compliance.
Unvetted Models and Code Integrity
When employees choose to run local models for their speed and perceived privacy, they often bypass organizational vetting processes. This can lead to scenarios where internal code is subtly compromised. A developer might download a model to refine internal processes, only to introduce vulnerabilities due to unrecognized deficiencies in the AI's output. These vulnerabilities can go unnoticed until they manifest as significant security breaches, leaving incident response teams to tackle the symptoms without understanding the root cause.