Shadow AI vs Managed AI: Kaspersky reviews the use of neural networks for work in the UAE

Recent Kaspersky research entitled “Cybersecurity in the workplace: Employee knowledge and behavior” has found that 88% of professionals surveyed in the UAE say that they utilize Artificial Intelligence (AI) tools for work tasks. However, only 41% have received training on the cybersecurity aspects of using neural networks, which is one of the critical elements of protection against AI-related risks ranging from data leaks to prompt injections.

The vast majority of survey respondents in the UAE (94%) said that they understand what the term “generative artificial intelligence” means, and for many employees this knowledge is no longer just theoretical: AI tools have become part of their every workday. Overall, 88% of respondents use AI tools for work: most often - to write or edit texts (63%) and work e-mails (64%), to create images or videos with the help of neural networks (43%), and for data analytics (44%).

The survey uncovered a serious gap in employee preparedness for AI risks. Less than a third (26%) of professionals reported receiving no AI-related training. Among those who had courses, 55% said the focus was on how to effectively use AI tools and create prompts; while only 41% received guidance on the cybersecurity aspect of AI use.

While AI tools, which help automate everyday tasks, are becoming ubiquitous in many organizations, they often remain part of ‘shadow IT’, when employees use them without corporate guidance. 77% of respondents said generative artificial intelligence tools are permitted at their work, 17% acknowledged these tools are not allowed, while 6% were unsure.

To make employee use of AI more clear and secure, organizations should implement a company-wide policy regarding this aspect. This policy can prohibit AI use in specific functions and for certain types of data, regulate which AI tools are provided to employees, and allow only tools from the approved list. The policy should be formally documented, and employees should receive proper training. After setting a list of hygiene measures and restrictions, companies should monitor AI usage, identify popular services, and use this information to plan future actions and refine their security measures. 

“When implementing AI across a company, both complete bans and unrestricted use are typically ineffective. A more effective strategy is to adopt a balanced policy that grants varying levels of AI access based on the sensitivity of data handled by each department. When supported by proper training, this approach promotes both flexibility and efficiency, while maintaining strong security standards,” comments Rashed Al Momani, General Manager for the Middle East at Kaspersky.

To secure corporate AI use Kaspersky recommends organizations to:

•    Train employees on responsible AI usage. Courses on AI security from Kaspersky Automated Security Awareness Platform can help with adding specialized training to companies’ educational programmes.

•    Provide IT specialists with relevant knowledge on exploitation techniques and practical defense strategies. The 'Large Language Models Security' training, part of the Kaspersky Cybersecurity Training portfolio, can enhance both the professional development and the overall cybersecurity of an organization.

•    Ensure all employees have a cybersecurity solution installed on all their work and personal devices used to access business data. Kaspersky Next products protect against a range of threats including phishing or installing a fake AI tool, particularly given the growing trend of scammers embedding infostealers in deceptive AI applications.

•    Conduct regular surveys to monitor how frequently AI is being used and for which tasks. Using this information, assess both the benefits and risks of AI use to adjust company policy.

•    Use a specialized AI proxy that cleans queries on-the-fly by removing specific types of sensitive data (such as names or customer IDs), and uses role-based access control to block inappropriate use cases. 

•    Create a full-fledged policy that addresses the spectrum of relevant risks. Kaspersky’s guidelines for securely implementing AI systems can be of help.

*The survey was conducted by Toluna research agency at the request of Kaspersky in 2025. The study sample included 2800 online interviews with employees and business owners using computers for work in seven countries: Türkiye, South Africa, Kenya, Pakistan, Egypt, Saudi Arabia, and the UAE.