Employees Are the New Hackers: 1Password Warns AI Use Is Breaking Corporate Security (nerds.xyz)
- Reference: 0179932074
- News link: https://it.slashdot.org/story/25/11/01/2047217/employees-are-the-new-hackers-1password-warns-ai-use-is-breaking-corporate-security
- Source link: https://nerds.xyz/2025/10/employees-are-the-new-hackers-ai-chaos-security/
> Password manager 1Password's [2]2025 Annual Report: The Access-Trust Gap exposes how everyday employees are becoming accidental hackers in the AI era. The company's data shows that 73% of workers are encouraged to use AI tools, yet more than a third admit they do not always follow corporate policies. Many employees are feeding sensitive information into large language models or using unapproved AI apps to get work done, creating what 1Password calls "Shadow AI." At the same time, traditional defenses like single sign-on (SSO) and mobile device management (MDM) are failing to keep pace, leaving gaps in visibility and control.
>
> The report warns that corporate security is being undermined from within. More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers. Despite rising enthusiasm for passkeys and passwordless authentication, 1Password says most organizations still depend on outdated systems that were never built for cloud-native, AI-driven work. The result is a growing "Access-Trust Gap" that could allow AI chaos and employee shortcuts to dismantle enterprise security from the inside.
[1] https://www.slashdot.org/~BrianFagioli
[2] https://assets.ctfassets.net/2h488pz7kgfv/1kg7sgoDPcUOpZKNxVQ4XL/61433a72bf8ed26ea00bb56d3c814ca5/2025_Annual_Report__1_-compressed.pdf
Fix the policy (Score:3, Insightful)
If your stupid policies didn't interfere with me doing my work, I wouldn't have to break them.
1). Windows sucks. You give me a windows box. So, I use my own non-windows machine to do my work.
2). You gave me a laptop with a small screen. I can't deal with a small screen. So I use my own laptop with a big screen.
3). You don't approve the software I want to use. So I buy my own software and run it on my own machine.
4). I don't want to be spied upon. If you insist on monitoring the machine you issue me, I just won't use it.
See how that works?
When your policies piss me off, I will ignore them whenever I'm able to do so. If that creates security problems for you, I don't much care.
Yes, that makes me a bad employee. Tough shit.
Fix your attitude. (Score:1)
TL; DR - 6. When you fail to explain your job requirements while demonstrating great immaturity. You're supposed to be a trusted employee?
Self-replicating auto-installing malware, isn't something the Vulcan-speaking IT dork pulled out of his AD&D book. And you sneaker-netting company-sensitive information around won't be viewed kindly when you are the source of the corporate data leak. The company that used to have a competitive advantage before you leaked it, won't appreciate your attitude either.
S
Re: (Score:2)
I didn't claim to be capability of managing security and I admitted to being a bad employee. What more do you want?
Wrong title. (Score:3)
A more honest title would be:
> Security Experts Find that Corporate AI Use Puts Corporations At Risk
Humans are going to be lazy, this is what humans do. If you don't want them to feed sensitive information into AIs then...
A) Stop making it possible.
B) Stop telling them that AI makes things easier.
Touting AI as something that makes work easier and saying it's a "no-no" to put certain information in it is just begging them to violate that rule. Managers/Executives that are encouraging the use of AI have nobody to blame but themselves.
Re: (Score:2)
I might be willing to use it, assuming I trust the corporation I work for more than Google / OpenAI / Anthropic (I don't). Oh, and also if it was at least as good as those 3.
Re: Wrong title. (Score:2)
It's called a "win-win" scenario, either you make your work go faster or they can fire you. Either way they win.
InfoSec 101. (Score:2)
> More than half of employees have installed software without IT approval, two-thirds still use weak passwords, and 38% have accessed accounts at previous employers.
Long ago we understood no employee should have the local rights (no local admin, restricted software policy, etc.) to install software to prevent that problem from sidestepping IT approval. This includes IT staff logged in to desktop accounts for day to day work. And who can forget self-executing auto-installing malware. It ain't just the click junkie behind the keyboard we're worried about anymore. 'Nuff said.
A couple of decades worth of Top 20 Worst Passwords lists never changing should have reinforce
Re: InfoSec 101. (Score:2)
Common sense died years ago. You are going to have a hard time accepting what passes for common sense today, but I'll try. Any MBA can tell you, you're wasting your time on security and passwordy stuff ... moving fast and breaking things is the way to go grandpa, just ignore the risks and focus on the rewards.
There. Now you know how people, managers, employees think today. No need to thank me. Nobody else has. They tend to become irate when I tell them about the risks. True story. Offtopic, but I'm not popu
Corporate security always gets in the way (Score:2)
Do you know how many interstitials I have to deal with when trying to log into a corp approved app. Five, Bob. Five interstitials. And this is for every app, every day. And sometimes I have to type a password. Or generate a code. Do you know how impressed my manager will be when I tell him my work isn't done because of all the time I spent dealing with CorpSecs hurdles? That's right, Bob, not at all. So do you think I give a damn, Bob, about unapproved AI tools? No, I do not.
"AI Use Is Breaking Corporate Security " (Score:2)
Well Duh!
Re: (Score:2)
Good, I hope it destroys the kleptocrstic capitalism that infected the USA (and the rest of the world) into a neo-fasist wageslave system (slavery-2.0), and the world can move to something that values humanity over profits