Shadow AI Exposure Assessment

I work with Ace-nsi Cybersecurity to build a Shadow AI Exposure Assessment service from scratch. It's a consulting engagement that audits how employees use AI tools (ChatGPT, Copilot, and others), assesses data leakage risks, and evaluates governance gaps.

The assessment methodology covers discovery (identifying all AI tools in use), risk evaluation (classifying data exposure levels), regulatory mapping (GDPR, EU AI Act, NIS2, DORA compliance), and remediation planning.

We target organisations with 500 to 5,000 employees in regulated industries: financial services, insurance, manufacturing, and pharma. The service uses partnerships with Harmonic Security (cloud-based AI data security) and Verax.ai (on-premise enterprise AI trust platform).