Guide outlines seven AI security threats and practical controls for builders

A how‑to guide on AI security risks and risk management, published May 18, 2026 and authored by Jessica Lau, maps seven concrete threats and presents actionable controls for teams embedding generative AI into browsers, inboxes and other work tools. The guide’s framing is practical and operational: it pairs first‑person guardrail anecdotes with step‑by‑step recommendations so builders and security teams can reduce risk without sidelining productivity. This matters because organizations that treat AI as a theoretical risk rather than an operational one are likelier to see sensitive data leak and unchecked shadow usage.

One core risk the guide highlights is shadow AI-employees adopting unapproved AI tools outside IT oversight. The piece cites a survey finding that 70% of employees report working without AI policies, multiplying potential data‑exposure points as teams experiment with disparate tools. To counter that, the guide recommends clear, fast AI usage policies that define approved tools, state rationales, and give staff a sanctioned path to AI capabilities rather than driving them toward unsanctioned alternatives.

For rollout and developer hygiene, the guide advocates centralizing AI access through governed infrastructure so agents and integrations interact with applications via controlled paths. It points to common entry points — MCP in chat apps, an SDK for coding agents, and a CLI for terminals — as examples of how organizations can provide sanctioned access while preserving IT visibility. Centralized access lets security teams manage app permissions and integrations, and reduces the number of unknown connectors touching corporate data.

Data leakage is treated as a distinct, measurable threat. The guide summarizes a study that analyzed more than one million AI prompts and about 20,000 file uploads across roughly 300 generative AI tools, finding sensitive corporate data in over 4% of prompts and in more than 20% of uploaded files. Once confidential information leaves into third‑party AI systems, teams can lose control over storage, access, and whether that content is used to train future models — a structural risk the guide stresses should be addressed before data reaches external models.

To reduce exposure at ingress, the guide lists technical prefilters and controls builders can implement: anonymize or strip personally identifiable information (PII), deploy data loss prevention (DLP) rules, and prefilter or transform contextual prompts so only non‑sensitive material is sent to generative models. These “pre‑ingress” steps are presented as ways to preserve useful context for AI assistance while limiting the chance that confidential material is transmitted to third‑party systems.

Operational recommendations complete the playbook: offer approved alternatives that actually solve user problems rather than imposing blunt bans, make approval processes fast and low‑friction, and ensure visibility through centralized access paths. The practical takeaway for engineering and security teams is to combine governance, developer tooling, and technical preprocessing so organizations can enable AI productivity without expanding an unknown attack surface.