Original article published here.
Gidi Cohen, CEO and Co-Founder of Bonfy.AI, explores what happens when systems understand relevance better than they understand appropriateness. That gap may become one of the defining governance challenges of the AI era.
Cohen founded Skybox Security and helped pioneer cyber risk management, attack simulation, and security posture modeling for enterprises.
He says many organizations are focused on visibility, access, and adoption, while a more difficult question is not whether AI can access information, but whether it should use that information in a particular context.
AI can retrieve information using legitimate permissions and generate outcomes that conflict with policy intent and customer expectations.
That is where Cohen places the idea of "Shady AI." Neither unauthorized AI. Nor malicious AI. Approved AI is moving beyond the boundaries that organizations intended.
The deeper concern is the accumulation of thousands of seemingly legitimate decisions made at machine speed. Each one appears reasonable in isolation. But create a widening gap between relevance and appropriateness.
Vishwa: You recently introduced the term ‘Shady AI’ to describe AI activity that can drift beyond business intent even inside approved and trusted workflows. What kinds of scenarios pushed you to frame the problem that way?
Read the rest of the article here.