Events
,
Infosecurity Europe Conference
,
Video
Varonis Field CTO Matt Lock on Shadow AI, Managing Risks and Path to Safe Adoption
More than 99% of organizations now have sensitive data exposed to artificial intelligence tools, revealing a critical weakness in legacy security models. As AI adoption accelerates, traditional perimeter-based controls have failed to keep pace. The widespread reliance on internal trust and outdated protections leaves organizations vulnerable, said Matt Lock, field CTO for EMEA at Varonis.
A key driver of this risk is the lack of data-centric security. AI tools, especially generative models, utilize every permission a user holds. When access isn’t strictly managed, the tools can inadvertently tap into sensitive information. Employees using AI apps without approval – shadow AI – increases the threat. These tools require no installation, often bypassing IT oversight, and users rarely understand the impact of uploading sensitive data into them.
“PII, source codes are being uploaded into these AI tools to make them more effective. Once that information is lost, it’s very hard to retrieve. It’s inevitable that those models will start to use that sensitive information to train themselves and get better,” Lock said.
In this video interview with Information Security Media Group at Infosecurity Europe 2025, Lock also discussed:
- Why automation requires context, confidence and gradual implementation;
- The importance of data ownership;
- The need for policy-based access and stakeholder education to support safe AI use.
Lock has 20 years of experience in information security, working with global organizations including BP and JPMorgan. He specializes in risk assessment, risk management, policy compliance, security reviews and the management of network behavior anomaly systems.
