Workplace Ninjas Norway 2026: My Sessions on Shadow AI and Data Security

Event: Workplace Ninjas Norway 2026
Location: Oslo, Norway
Format: Conference Sessions
Date: 27 May 2026
Sessions:

1. Evaluating AI Risk with Microsoft’s Security Dashboard for AI
2. Preventing Data Leaks to Shadow AI: Managing Generative AI Apps in Your Organisation

At Workplace Ninjas Norway 2026, I delivered two sessions focused on a challenge that many organisations are only just starting to fully understand: the impact of Shadow AI on data security.

These sessions were designed to reflect the reality organisations are facing today.

AI adoption is already happening.
Often without visibility.
Often without governance.

The question is no longer whether people are using AI.

It is whether you understand what is happening to your data when they do.

---

Preventing Data Leaks to Shadow AI: Managing Generative AI Apps in Your Organisation

The first session focused on control at the application layer.

Shadow AI is not just about one tool. It is about a growing ecosystem of generative AI applications being used across the organisation.

In many cases:

• Users are solving real business problems
• Adoption is driven by productivity
• Usage sits outside formal governance

The challenge for security and IT teams is visibility.

Without understanding:

• Which applications are being used
• Who is using them
• What data is being entered

…it is not possible to manage the risk effectively.

Moving Beyond Visibility

A key focus of the session was moving beyond simply discovering AI usage.

Organisations need to make decisions:

• Which AI applications are acceptable
• Which need to be restricted
• Which should be blocked

This is not about stopping innovation.

It is about ensuring that organisational data is not exposed unintentionally.

Where Data Leakage Happens

One of the biggest risks with generative AI applications is not obvious at first.

It is the data that users are providing as input.

This can include:

• Sensitive business information
• Customer data
• Internal documents or intellectual property

Without controls in place, this data can:

• Leave the organisation
• Be processed externally
• Be reused in ways the organisation does not expect

This is why managing AI applications is now a core part of data security.

Explore this topic in more detail

I’ve covered this area in more detail in the following posts:

• 👉 Shadow AI Governance: Why You Must Control AI Data Risk in Microsoft 365
• 👉 How to Govern Shadow AI Using Microsoft Purview, Defender and DSPM

These go deeper into both the risk landscape and the technical controls available within Microsoft 365.

---

Evaluating AI Risk with Microsoft’s Security Dashboard for AI

The second session shifted focus to risk evaluation and visibility within Microsoft environments.

Once you understand where AI is being used, the next step is to understand the risk.

This is where tools such as the Security Dashboard for AI become important.

From Data Points to Understanding Risk

One of the challenges organisations face is that they often have data, but not insight.

For example:

• Usage metrics may exist
• Activity data may be available
• Alerts may already be generated

But without context, it is difficult to interpret what this means.

Effective AI risk evaluation requires combining:

• Signals
  • Who is using AI
  • How frequently
  • Where it is being used
• Context
  • What the use case is
  • What data is involved
  • What the potential impact could be

This is where a dashboard becomes useful, not as a standalone solution, but as part of a broader approach.

Understanding Data Exposure

A key theme in this session was how AI interacts with existing data.

AI does not change permissions.

But it changes how easily data can be surfaced.

If a user has access to content, AI can find it quickly.

This highlights issues such as:

• Oversharing across Microsoft 365
• Poorly structured data
• Lack of classification and labelling

These are not new risks.

But AI makes them visible.

---

The Connection Between the Two Sessions

Although the sessions covered different aspects of AI, they are closely connected.

• The first session focuses on external risk
  • Data leaving the organisation through AI applications
• The second session focuses on internal risk
  • Data exposure within the Microsoft 365 environment

Together, they provide a more complete picture of AI risk.

---

A Practical Approach to Managing AI Risk

Across both sessions, the message was consistent.

Organisations need to take a structured approach:

1. Discover

Understand which AI tools are being used

2. Evaluate

Assess risk using both signals and context

3. Protect

Reduce data exposure and apply controls

4. Govern

Enable safe adoption through policy and guidance

This is not about blocking AI.

It is about enabling organisations to use it safely.

---

Why Data Security and AI Governance Must Work Together

At the centre of both sessions is a simple principle.

AI risk is fundamentally a data security challenge.

If you do not understand:

• What data you have
• Where it is stored
• Who has access to it

Then it becomes very difficult to manage how AI interacts with that data.

This is why data security and AI governance need to be considered together.

---

Key Takeaways from Workplace Ninjas Norway 2026

• Shadow AI is already present in most organisations
• Managing AI applications is critical to preventing data leakage
• Risk evaluation requires both signals and context
• AI exposes existing data issues rather than creating new ones
• Data security is foundational to AI governance
• Governance should enable safe and controlled adoption

---

Final Thoughts

These sessions were designed to move beyond awareness.

To provide a clear, practical way for organisations to think about AI risk.

Because the pace of AI adoption is not slowing down.

And the organisations that are successful will not be the ones that avoid AI.

They will be the ones that understand their data and manage the risk effectively.