Shadow AI is the new Shadow IT. The same way employees bypassed IT with Dropbox in the late 2000s, they are now using unauthorized AI tools regardless of policy. Jeff Benjamin and Dave Lewis, Global Advisory CISO at 1Password, laid out this reality in the inaugural Apple @ Work quarterly webinar, sponsored by Mosyle.
The session centers on two concrete threats: the 'Access-Trust Gap,' where AI tools acquire credentials and permissions beyond what IT has sanctioned, and 'Agentic AI,' autonomous agents operating inside corporate environments with little oversight. The proposed fix is direct: treat AI agents like employees for credential management, apply device trust controls to personal devices touching corporate data, and build guardrails that are strict enough to reduce risk but loose enough that users do not route around them entirely.
The full video is worth watching for the operational specifics, not just the threat framing. 1Password published supporting material including a 2025 annual security report and a dedicated breakdown of how OpenClaw agent skills become attack surfaces, both linked in the description. If you manage Apple devices in a corporate environment and have not yet formed an AI policy, this is the starting point.
[WATCH ON YOUTUBE →]