Company IT teams know employees are using AI tools without approval — and they're racing to protect their networks.

Why it matters: Cybersecurity vendors are making shadow AI a priority this year, rolling out new tools to tackle a problem that's surprisingly straightforward to mitigate.

Driving the news: The rise of China-based DeepSeek has sparked fresh concerns over data privacy and security at U.S. companies, with security executives warning that employees could download the app and feed corporate data into its open-source model.

• Both the Pentagon and the U.S. Navy have banned DeepSeek, citing "potential security and ethical concerns."

The big picture: Employees using unauthorized AI tools at work isn't new, but now the phenomenon has a name — shadow AI.

• It's the latest iteration of long-standing shadow IT problems, where employees bypass official channels to use unapproved tech.
• Examples include staff using DeepSeek's free version to compile internal memos and developers turning to ChatGPT for coding help — without IT's knowledge or oversight.

By the numbers: Companies typically have 67 generative AI tools running across their systems, but 90% lack proper licensing or approval, according to cybersecurity firm Prompt Security.

• The firm also found that 65% of employees using ChatGPT rely on its free tier, where data can be used to train models — raising concerns about corporate information leakage.

Between the lines: Businesses worry that employees could input sensitive data into AI tools, which could then be absorbed into training datasets.

• There's also concern that large language models might expose restricted information to employees who wouldn't typically have access.
• DeepSeek presents an additional risk: According to its privacy policy, queries are processed on servers in China — putting data under the jurisdiction of Chinese laws, a long-standing concern for U.S. security experts.

Yes, but: Banning AI tools outright hasn't worked, forcing security teams to focus on governing AI use instead.

• Many are investing in tools that apply guardrails — preventing data leaks and controlling inputs — rather than blocking access altogether.

What they're saying: "We preached for more than 12 months to CISOs," Prompt Security CEO Itamar Golan told Axios. "You think your employees are using mostly ChatGPT, Gemini, or Microsoft Copilot. But we detect thousands of tools, including many from countries with no guarantees around legal and data privacy."

The intrigue: The fight against shadow AI mirrors past efforts to control shadow IT and unauthorized cloud applications, Shannon Murphy, senior manager of global security and risk strategy at Trend Micro, told Axios.

• "AI applications are really just cloud applications," Murphy said. "Tools already exist to monitor usage and assess risk."
• But Daniel Kendzior, global data and AI security practice lead at Accenture, warned that AI security challenges will extend to mobile devices this year, as employees increasingly use AI apps on their phones.
• "It requires fundamentally different tools and a new approach to sourcing and [data] provenance because the landscape has changed dramatically in just 18 months," Kendzior told Axios.

Zoom in: Cisco is making a big bet on AI security. This month, it launched a suite of AI-driven security tools aimed at tackling shadow AI — signaling a broader 2025 trend in enterprise security.

• "We have an amazing amount of visibility, but we can also enforce controls," DJ Sampath, vice president of product and AI software at Cisco, told Axios "If a model tries to access the internet or an API, we can lock it down."
• Cisco also introduced new algorithmic red-teaming tools to test corporate AI models for security flaws.

What we're watching: The rise of AI agents and the continued adoption of China-linked AI models are likely to make shadow AI an even bigger headache for IT teams this year.

A phishing campaign that's gone undetected for at least six years is targeting customers of Microsoft's legacy single sign-on application, according to a new report from Abnormal Security, shared exclusively with Axios.

Why it matters: The campaign has targeted more than 150 organizations across the education, health care, government and technology sectors, and it relies on social engineering rather than a patchable security flaw.

How it works: Attackers trick employees at companies using Microsoft's Active Directory Federation Services (ADFS) into handing over login credentials and multifactor authentication codes.

• Victims receive phishing emails disguised as IT security updates.
• Clicking the link redirects them to a nearly identical, fake ADFS login page.
• They enter their credentials and multifactor authentication codes, unknowingly giving attackers access.

What they're saying: "It's been running since 2018 pretty much without big changes to the underlying infrastructure," Piotr Wojtyla, head of threat intel and platform at Abnormal Security, told Axios.

Zoom in: The campaign has not been attributed to a specific threat actor, but Wojtyla said it aligns with financially motivated cybercrime groups that may be selling stolen credentials.

• Most victims are in North America, Europe and Australia, the report says.

By the numbers: Education organizations account for 52.8% of the attacks.

• Health care accounts for 14.8%, while government offices make up 12.5%.

The big picture: The campaign highlights the risks of social engineering and reliance on outdated identity systems.

• Microsoft has urged companies to migrate from ADFS to Entra ID, which offers stronger authentication tools, but many organizations — especially in education and health care — face budget and technology barriers to doing so.

Between the lines: Many organizations rely on legacy systems that are compatible only with ADFS. Upgrading to Entra would require upgrading more than just the single sign-on tools.

Yes, but: Wojtyla noted this type of phishing campaign would still be possible if an organization had Entra.

The bottom line: Organizations should shorten the lifespan of session tokens and multifactor authentication codes to limit the time attackers have to use stolen credentials, Wojtyla said.

• Blocking known phishing domains associated with the campaign could also mitigate risks, as attackers have relied on the same infrastructure for years, he added.

Reddit's popular cybersecurity subreddit will no longer allow broad discussions about Elon Musk and U.S. politics.

Why it matters: The ban reflects growing tensions across cybersecurity communities over how best to balance technical discussions with the real-world impact of high-profile figures and government policies.

• As Musk's influence over critical federal systems grows, deciding what counts as "on-topic" will only get harder.

Driving the news: Reports surfaced over the last week of Musk and his Department of Government Efficiency workers gaining access to computer systems at various agencies, including the Treasury Department, USAID and a couple of White House offices.

• Redditors flocked to the community to share concerns about the moves, with posts titled "Terrifying moves by Musk and his people" and "I think we should be able to talk about Elon Musk."
• Moderators quickly removed the posts, citing reports from users who said they didn't want to see these discussions on their feeds.
• "It's clear that enough of the community don't want to deal with this content at the moment," one moderator wrote.

The big picture: r/cybersecurity has 1.1 million members, and it's typically a watering hole for people to share news articles and talk about ongoing challenges in the industry.

• I personally visit it to make sure I'm not missing any major breaches and to gauge which stories the cybersecurity community cares about.

Zoom in: On Sunday, the moderators posted an explainer titled, "Keeping r/cybersecurity Focused: Cybersecurity & Politics."

• The 1,000-word post shared updates on what policy discussions are now allowed in the forums — and more importantly, which aren't.
• "If a comment is more about political ideology than cybersecurity, it will be removed," the moderation team wrote.
• "Even if a discussion starts on-topic, if it leads to arguments about political ideology, it will be removed," the post continued. "We're not here to babysit political debates, and we simply don't have the moderation bandwidth to keep these discussions from derailing."

Reality check: Moderators will find themselves in a tricky position as they continue to ban political discussions since most U.S. policy decisions often have a security angle.

@ D.C.

👀 Karen Evans, a former Energy Department cyber official during the first Trump administration, has joined the Cybersecurity and Infrastructure Security Agency as a senior adviser in its cybersecurity division. (Nextgov)

⏮️ Republicans have started backing away from previous attacks and threats against CISA. (Washington Post)

⚠️ A 25-year-old engineer who previously worked for two Elon Musk companies now has admin privileges, including the ability to write code, for the Treasury Department system responsible for nearly all payments made to the U.S. government. (Wired)

@ Industry

🤝 Sophos has completed its $859 million acquisition of Secureworks. (Cybersecurity Dive)

💰 Riot, a cybersecurity startup focused on employee education, raised a $30 million Series B round led by Left Lane Capital. (TechCrunch)

💸 SailPoint is looking to raise as much as $1.05 billion in its initial public offering, according to a new filing. (Bloomberg)

@ Hackers and hacks

🩻 The Food and Drug Administration and CISA warned hospitals of a backdoor that hackers can exploit in a popular line of patient monitors. (The Record)

🔍 Researchers have identified a set of malicious infostealer packages disguised as legitimate downloads for DeepSeek developer tools. (BleepingComputer)

🚌 An investigation uncovers how law firms have used attorney-client privilege to hire incident responders and shield the true extent of hundreds of school cyberattacks from the public. (The 74)

🤠 Sorry, I couldn't hear you over my internal dialogue about Beyoncé, the new tour and the Grammys accolades for "Cowboy Carter."