Name: Spring 2025 Product Launch
Uploaded: 2025-04-29T18:41:03.117Z
Duration: 20 min 35 s
Description: Spring 2025 Product Launch

Transcript for "Spring 2025 Product Launch": Good morning. Good afternoon, everyone. My name is Nishant Doshi, and I'm the chief product and development officer at Cyberhaven. Thank you for joining us today. Welcome to the Cyberhaven spring product launch. Today, we are here to discuss one of the most pressing challenges facing security leaders. Securing the rapid adoption of AI across the enterprise. AI usage is skyrocketing across corporate environments as employees discover how these powerful tools can dramatically boost productivity and improve efficiency. Workers are embracing AI assistance to draft emails, write code, analyze data, generate creative content, and solve complex problems in a fraction of the time it would take manually. Key factors driving this rapid adoption, the quality and accessibility of AI has dramatically improved over the last few months. Competitive pressures are pushing companies to seek efficiency gains with AI offering immediate productivity improvements. Organizations recognize that AI adoption isn't just an advantage, but it's an imperative. Here's what's concerning. Many of your employees already use AI, often without IT or security oversight. A common theme we hear from analysts, industry experts, and security leaders is that many organizations wanna enable the secure use of AI, but they don't have the tools, the processes, the visibility in place to govern and secure it today. The security narrative around AI adoption closely parallels what we experienced with SaaS adoption a decade ago. Back then, security teams were caught off guard as employees embrace cloud applications without IT oversight. It was easier than ever for employees to sign up for SaaS services with their corporate emails or even their personal emails leading to the rise of shadow IT. Today, we're witnessing history repeated itself with shadow AI. This term refers to the unsanctioned usage of AI tools by employees without approval from IT or security teams. Like SAS, employees are discovering that AI can dramatically improve their efficiency and many of them are not waiting for formal authorization. The challenge is clear. How do you balance innovation and productivity with security and governance? Let's explore the security landscape surrounding AI adoption. There are three critical risk areas that every organization must address. First, there are blind spots from AI usage. Security teams cannot protect what they cannot see. Without proper visibility into which AI tools are being used, security teams operate with dangerous blind spots. There's also a risk that employees will use their personal accounts to access AI tools, creating additional challenges for teams trying to identify and manage shadow AI activity. Second, there is a risk of sensitive data loss. Your employees may be under pressure to meet deadlines. This can lead to them uploading sensitive information into an AI tool without thinking about where that data goes or how that data might be used. Third, confidential data can be exposed. AI can regenerate or surface confidential content to unauthorized users internally, creating compliance and IP exposure risks. The question isn't whether your organization uses AI. It's how widespread that AI usage is and what risks it poses to your data security posture. Today, I'm thrilled to unveil our latest innovation, which can help your organization secure its future. Cyberhaven visibility and protection for AI. Our solution provides unprecedented visibility into your AI usage, revealing existing and emerging AI tools while enforcing risk based controls to keep your data safe. At its core, Cyberhaven visibility and protection for AI consists of four powerful features, shadow AI discovery, AI usage insights, AI risk IQ, and AI data flow control. Let's look at each of these features in detail. Shadow AI discovery uncovers the AI used by employees. It creates an exhaustive registry of AI tool usage and continuously discovers new ones as they emerge. We give you visibility into not only standalone AI tools, but also the embedded AI functionality within existing ESaaS applications. This visibility is the foundation of effective AI governance. It answers the critical question, what AI tools do employees use in our environment? AI users insights reports on AI adoption from three perspectives, the tools, the data, and the users. Our research team analyzed data from over a million users to identify AI usage patterns. We take their findings to help shape this feature. We can also identify the most active AI users across your organization. In this example, Emily Johnson stands out as a critical risk user. She accesses risky AI tools like DeepSeq and BetterGPT and regularly shares PII and other sensitive data with these tools. The AI risk IQ creates a comprehensive risk profile for each AI tool, assigning risk level from the very low to critical. The risk evaluation framework evaluates risk across five key dimensions, data sensitivity and security, model security risks, compliance and regulatory risks, user authentication and access controls, and last, security infrastructure and practices. Each risk profile includes a clear human readable summary articulating each dimension strength and vulnerabilities. You can further drill down to understand how we constructed that risk profile and where we obtain the source information. An agentic AI engine with deep research capabilities powers this proprietary risk scoring system. It enables security teams to make informed decisions about which tools can be safely used for which type of data and workflows. AI data flow control monitors and controls sensitive data moving to and from AI tools. It utilizes our data detection and response technology to inspect data tracking with AI. And with this feature, security teams can apply policies based on each tool's risk levels and prevent sensitive data from being shared with the high risk AI systems. The same approach that prevents sensitive data from reaching AI tools can also be leveraged to stop AI from revealing confidential information to unauthorized individuals. Let's take a look at how this feature monitors and stops AI from oversharing data. We see that AI generates critical and high sensitivity data. Users then share and distribute this data internally to other systems such as Salesforce and Gmail. In the next widget, our policies kick in to prevent this. Our systems monitor sensitive data and implements appropriate actions such as blocking and warning. Together, these four features roll up to our visibility and protection for AI solution that enables safe productive use of AI across your organization. Let's take a few minutes to discuss the core benefits of Cyberhaven visibility and protection for AI solution, which is designed to help your organizations harness the power of AI safely and responsibly. First, we provide comprehensive visibility into the AI tools being used across the organization. As AI adoption accelerates, employees experiment with both standalone AI and embedded versions within existing applications. Our solution uncovers all of these interactions providing broad coverage of existing and emerging AI. Second, we offer risk based controls to help you govern the AI tools you use. Not every tool poses the same level of risk and our solution recognizes that. By assessing each tool across key dimensions like data sensitivity, model integrity, compliance adherence, We help organizations apply nuanced and context of web policies. This allows teams to support safe, productive AIUs while minimizing the exposure of sensitive data. Third, our platform helps ensure regulatory compliance with laws like GDPR, CCPA, and others setting strict rules around data collection and sharing. AI's data handling has real compliance implications. Many tools collect user inputs for training, which can unintentionally put the organization out of compliance. Cyberhaven ensures AI usage aligns with both external regulations and your internal policies, helping you avoid costly violations and maintain trust. Next, we focus on secure AI enablement. We know that trying to block AI completely isn't the answer. It frustrates employees and stifles innovation. Instead, our solution empowers teams to use AI responsibly. By monitoring and controlling data flowing to and from these tools, we create an environment where AI can improve productivity without compromising security. Finally, at the heart of all of this is data security. We prevent sensitive information like customer data, financial details, intellectual property from being inadvertently shared with external AI systems. To summarize, AI adoption is accelerating rapidly across all industries and departments. The question isn't whether your organization will use AI. The question is whether you will be able to secure and properly govern that usage. Our solution builds a complete registry of all your AI tools, capturing the ones that are in use today and uncovering new ones as they surface. We provide this level of visibility and protection into both dedicated AI tools and those integrated with SaaS applications. In addition, our research team tracks the user interactions with AI, enabling us to stay ahead of the latest developments in AI adoption and risks. I wanna emphasize that the AI revolution isn't on the horizon. It's already here, transforming how your employees work every day. With Cyberhaven visibility and protection for AI, you can confidently navigate this new landscape while protecting what matters most, your sensitive data. Thank you for joining us today. Your trust means everything to us at Cyberhaven. We're excited to continue this journey and help you secure your AI future. Please reach out to us with any questions, and we look forward to continuing our work together. Until then, stay secure. AI is revolutionizing how we work, but it's also introducing new risks. Across industries, employees are already using AI tools, often without oversight. That means sensitive data is being sent to AI that IT hasn't approved, and they may not even know that it exists. The challenge? Empowering teams to harness AI's productivity while ensuring your data stays protected. That's exactly where CyberHaven steps in. Our visibility and protection for AI solutions gives you unprecedented visibility of AI usage across your company and enforces risk based controls. In this scenario, we discover a new shadow AI tool and take actions to stop sensitive data from being shared with it. We start with a centralized view of all AI in use. This gives us an understanding of all the generative AI tools being used by our organization, as well as their risk levels. In the top left widget, we immediately notice a red flag. Phishing GPT is one of the top used AI tools and its risk level is critical. Have you ever heard of Phishing GPT? Neither had we, and that's a problem. Let's dig into its risk profile. The tool lacks transparency about how it retains data. Even worse, there's been a recent breach where user conversations were leaked. We continue into our investigation and we see Emily Johnson is a critical risk user. She uses the most AI tools out of everyone at the organization, but what's most concerning is that she shares PII and other sensitive data with these AI tools. Hovering over Emily's name, we see that she uses multiple critical risk AI tools including phishing GPT. We have determined it's time to stop sensitive data from being sent to phishing GPT. We'll slide over to our risk overview page. We notice something important. There's no policy blocking the copying of sensitive data to this unsanctioned AI tool. Our next step is to add a policy to block the copying of data to this unsanctioned gen AI tool, phishing g p t. Let's go ahead and save this policy. And now this policy is in place. Let's take a look at its impact. Clicking on the data sent to AI apps tab, we see that the number of data sharing incidents has gone up. This is a good thing. It means we're catching them now. We also see more blocking and warnings triggered by our new policy. Let's see this from a data perspective. Before the policy was implemented, we saw a rise in sensitive data flowing to AI tools. Afterwards, that number dropped dramatically. This means we're containing the risk. So what did we just see? Cyberhaven identified a previously unknown high risk AI tool. We trace it to a specific user, understood the risk, and implemented a policy to stop data from leaking. We just stop data from going to a risky generative AI tool. But what happens when AI itself exposes sensitive information to unauthorized users? Let's take a look at that scenario. Here, we're looking at data generated by AI tools. Things like HR data that was never supposed to be exposed. After setting a policy on March 23, we immediately saw a rise in enforcement activity, more blocks, and warnings. We also saw a steep drop in sensitive content being delivered to unauthorized users by AI. Our policies stop those exposures from happening. Whether data is going into AI or coming out of it, Cyberhaven gives you full visibility and control. You don't just see AI risk, you stop it. The AI concern, as a whole is is real and is definitely in front of us. As we know, they're growing at an exponential rate and at a scary rate of security awareness. DeepSeek and some of these other ones that just recently came out, I know are very eye opening. Everybody's using AI in some fashion, whether it's the marketing team using it for context and clarity, maybe content as a whole. We've got accounting people using it for different mechanisms of processes and procedures they can use. And, unfortunately, we see every user, you know, dabbling with it in some fashion. So it's something we absolutely need to get ahead of and and be willing to to put the effort in on our side. Ultimately, protecting that user that is just trying to do their day to day job, but may have access or lineage to lateral connections to data that they didn't expect or know. And it's our responsibility to get that data mastered, that governance in place. We are heavily focused on making sure that we're educating users to use only a couple of our private tenant solutions out of the gate, but that doesn't stop that from getting to the other areas that it could get into. And, you know, just like working with enterprise search, when you first turn that on, you quickly find who can or cannot get to things that we may or may not want them to get to. That's usually driven at the expense of the user reporting that. AI isn't gonna report that. It's just gonna access it and move forward, and in some cases, learn off of that and build the next engine. So that's the concern is really getting ahead of it to keep that that activity from happening. Yeah. Shadow AI, I I think you I've heard multiple descriptions of the formal term, but the easy way, whether it's hallucinations, shadow, other pieces is AI running with the data that we didn't expect them to as their transaction as transactions are happening in whatever AI solution it might be. We've been utilizing Cyberhaven to capture what people are using and putting into Gen AI engines. I I look forward to the expanded options coming in the future with them to help us protect not only the shadow AI, but the other AI components. How do we get ahead of it and capture that activity? And then more importantly, once we capture it, how do we get ahead of it and block that activity? Is the, the mechanism I think we all are are looking forward to. AI is definitely a hot topic. Now it just feels like another technology transformation is going is is happening. Right? Similar to, you know, the Internet, then cloud, and now AI. And seems like every decade or two, we have these massive transformations. And based on kind of my conversations with the business executives and, peers and researchers and all of that, this transformation definitely seems like it's gonna have the maximum impact on the entire business landscape and consumer landscape and all of those things. So, of course, we've embraced the the technology at the company. This could be, various departments like marketing, product, customer success, customer support, all of these things. How do we make them more productive using this technology? And lastly, the, the another key, use case in a technology and a product company is, around how do you build, test, ship, and maintain your products. Right? How do you make your engineers more efficient? How do you make your product managers more efficient? How can you embrace this technology around the whole CICD pipeline, writing from building, testing, shipping, securing, all of those things. But the way this being embraced and applied across the tech and the business stack is definitely, it's, it's, it's being done in a way it's never been done before. Right? And as a result of that, the security risk assessment needs to happen on the fly. Right? You've got to look at it. Like, I mean, embracing these technologies both from, an engineering standpoint, from a product standpoint, from your productivity standpoint, creates a unique set of, threat vectors, risk vectors from a security perspective, and that needs to be assessed. Right? So, I mean, this is why I this is what I love about the security, profession, to be honest. Right? Where every time there is a technology transformation at a wave like this, you get to apply your practitioner's skill sets into that problem and, come up with, you know, real time solutions, right, on how to address the security risk.