FULL DESCRIPTION
Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen
Shadow IT kept CIOs up at night for decades. Shadow AI rewrote the rules. The old threat required someone who knew how to code. The new one requires someone with a browser and a deadline. Data leaves your organization through thousands of well-meaning employees who have no idea they sent protected health information, trade secrets, or personnel records to a third-party model nobody evaluated.
In this session, cybersecurity leader Aaron Warner draws on patterns from mid-market healthcare, manufacturing, higher education, and financial services to reframe how you should think about AI adoption risk and opportunity.
You will explore:
Why Shadow AI spreads virally. A single useful prompt shared in Slack creates fifty unmonitored data leakage points overnight. Traditional Shadow IT never moved this fast.
The hidden regulatory exposure you are carrying right now. OpenAI's privacy policy allows submitted content to train models unless users opt out. A federal court ordered indefinite retention of all ChatGPT logs as part of the New York Times lawsuit.
How vendors are compounding the problem without your knowledge. AI features show up inside HRIS, ERP, CRM, and email platforms with no security team involvement.
Why prohibition backfires every time. Locking down AI access guarantees workarounds with even less visibility, accelerating the exact risks you are trying to prevent.
A strategic framework for engagement over suppression. Practical approaches to policy, training, and compliant AI alternatives that let your organization capture productivity gains without sacrificing security or regulatory standing.
This session is for anyone responsible for deploying or supporting the deployment of AI, as well as business leaders looking to understand the new sources of risk from Shadow AI and how to take advantage of the technology without putting the firm at risk.
Use with AI
Copy this session's complete context to paste into ChatGPT, Claude, or any AI assistant.
Preview context block
## Session: Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen **Track:** Leadership and Workforce | **Time:** 11:15 AM–12:00 PM | **Room:** 204-208 | **Type:** Expert Talk **Conference:** CIRAS AI Summit for Iowa — May 6, 2026, Scheman Building, Iowa State University, Ames IA ### Speaker(s) **Aaron Warner** — CEO, ProCircular, Inc. (Coralville, IA) Aaron Warner is the founder and CEO of ProCircular, an information security and privacy firm serving mid-market organizations in healthcare, higher education, manufacturing, and financial services. Before launching ProCircular in 2016, he spent 22 years as CIO and CTO at Integrated DNA Technologies, where he built and defended technology environments inside one of the world's leading genomics research firms. Aaron holds CISSP and Security+ certifications and is a full member of the FBI/DHS InfraGard partnership. He earned the 2023 SBA Small Business Person of the Year award and is a recognized voice in cybersecurity through TEDx presentations, media appearances, and industry speaking engagements. His work focuses on helping leadership teams turn complex threats into strategic decisions they will act on. ### Session Description FULL DESCRIPTION Shadow AI: When Everyone Becomes a Data Leak Waiting to Happen Shadow IT kept CIOs up at night for decades. Shadow AI rewrote the rules. The old threat required someone who knew how to code. The new one requires someone with a browser and a deadline. Data leaves your organization through thousands of well-meaning employees who have no idea they sent protected health information, trade secrets, or personnel records to a third-party model nobody evaluated. In this session, cybersecurity leader Aaron Warner draws on patterns from mid-market healthcare, manufacturing, higher education, and financial services to reframe how you should think about AI adoption risk and opportunity. You will explore: Why Shadow AI spreads virally. A single useful prompt shared in Slack creates fifty unmonitored data leakage points overnight. Traditional Shadow IT never moved this fast. The hidden regulatory exposure you are carrying right now. OpenAI's privacy policy allows submitted content to train models unless users opt out. A federal court ordered indefinite retention of all ChatGPT logs as part of the New York Times lawsuit. How vendors are compounding the problem without your knowledge. AI features show up inside HRIS, ERP, CRM, and email platforms with no security team involvement. Why prohibition backfires every time. Locking down AI access guarantees workarounds with even less visibility, accelerating the exact risks you are trying to prevent. A strategic framework for engagement over suppression. Practical approaches to policy, training, and compliant AI alternatives that let your organization capture productivity gains without sacrificing security or regulatory standing. This session is for anyone responsible for deploying or supporting the deployment of AI, as well as business leaders looking to understand the new sources of risk from Shadow AI and how to take advantage of the technology without putting the firm at risk. ### Other sessions in the Leadership and Workforce track - Is Your Business AI-Ready? The Human-Centered Domains That Determine Success or Failure (10:20 AM–11:05 AM) - AI Security Is Not a Brand: Governance, Risk, and the Reality Behind “Safe AI” (1:20 PM–2:05 PM) - Ready or Not: Change and Adaptation to AI and the Future Organization (2:15 PM–3:00 PM) ### Suggested prompts for this session - "What questions should I prepare to ask the speaker(s) at this session?" - "Create a structured note-taking template for this session focused on actionable takeaways" - "Based on this session description, what background reading should I do to get the most value?" - "After I attend, help me create an action plan for implementing what I learned" - "How does this session connect to the other sessions in the Leadership and Workforce track?"