The uncontrolled spread of artificial intelligence (AI) tools within Asian companies is creating a blind spot that exposes them to significant risks for data sovereignty and regulatory compliance.

Shadow AI: A Growing Risk

According to a Reco report, 91% of AI tools used in companies operate outside the control of IT departments. On average, there are 269 shadow AI applications per 1,000 employees. Unlike traditional shadow IT, where employees install unauthorized software, shadow AI spreads through direct access to AI tools integrated into existing platforms, accelerating data exposure.

Implications for Data Sovereignty

Gal Nakash, co-founder of Reco, emphasizes how entering code, customer data, or business plans into public AI platforms can lead to the retention and use of such information for model training, creating an intellectual property (IP) loss that is difficult to detect with traditional security tools.

Asia: A Regulatory Mosaic

The situation is particularly critical in Asia, where various data protection regulations coexist, including China's Personal Information Protection Law (PIPL), India's Digital Personal Data Protection Act (DPDPA), Singapore's Personal Data Protection Act (PDPA), and South Korea's AI Basic Act. Unlike the European GDPR, companies must navigate multiple jurisdictions simultaneously.

Compliance and AI Governance

Failure to govern AI can lead to regulatory violations and compromise business continuity. Companies operating in RCEP countries or managing diversified supply chains need uniform AI governance. Regulated sectors, such as healthcare, are particularly at risk, with potential violations of GDPR, PDPA, or HIPAA arising from entering sensitive data into public AI tools.

Solutions and Future Perspectives

Reco offers a platform for discovering and managing shadow AI, with rapid integration of new applications and mapping of data flows. The company has experienced significant growth, with a 5x increase in annual recurring revenue (ARR) and a 3x customer growth. Expansion in Asia is a priority, with strategic partnerships and a presence on the AWS Marketplace.

Nakash foresees a shift from reactive to proactive management of shadow AI, with increasing attention to security built into AI tools and continuous discovery of new applications. The ability to move quickly while maintaining security will be critical for companies operating in Asia.