In our latest Maximizing Mimecast session, Rob Juncker, Chief Product Officer, and Adenike Cosgrove, Chief Marketing Officer showed customers what shadow AI looks like inside their organizations right now, what AI agent attacks look like in practice, and what Mimecast is delivering to address the full spectrum of AI risk.
To watch the full session you have to be logged into the Knowledge Hub and then go here for the on-demand version.
The Scale of the Problem
The data Rob shared reflects just how pervasive unsanctioned AI use has become: 98% of organizations have shadow AI in use, only 18% of employees are aware of a company AI policy, and 20% of files uploaded to AI tools expose sensitive data. These are not edge cases. The Samsung ChatGPT data breach in 2023 and the 2024 deepfake attack on Arup Engineering, which resulted in a $25 million fraudulent transfer, are real examples of what happens when organizations lack visibility and controls.
A New Threat: AI Agents as Attack Targets
Criminals are no longer just targeting humans with phishing. They are crafting prompt injection attacks designed to manipulate the AI agents operating in your inboxes and collaboration tools. Rob shared a real example caught by Mimecast's multi-vector threat engine: an email with hidden instructions telling AI tools to extract sensitive data and transmit it externally, without logging the activity. Agents act at the speed of AI. If a threat is not stopped before it reaches the inbox, it can propagate across your entire toolset in milliseconds.
What Is Available to You Today
The Human Risk Command Center is included for virtually all Mimecast customers and is available in your admin console now. It consolidates signals across behavior, attack exposure, and sensitive data handling into a single risk score per user, with watchlists and adaptive policy controls to act on what you find. With Mimecast Insider, that visibility extends to endpoints and browsers, including the ability to detect and block specific AI tools. With Governance, Compliance, and Insights, it extends into Slack and Teams.
Coming Soon: The Agent Risk Center
In July, the Agent Risk Center will begin limited early access. It extends the Human Risk Command Center to cover non-human identities, giving teams visibility into sanctioned and unsanctioned AI tools across four categories: commercial agents, endpoint AI tools, MCP connectors, and user-developed agents. The underlying data is available in the platform today. July brings a dedicated, unified view of it.
Three Things to Do This Week
- Open the Human Risk Command Center in your admin console and review your highest-risk and most-attacked users.
- Apply tighter outbound DLP and set advanced BEC detection to aggressive for high-risk accounts.
- Ask your account team about the free Mimecast Insider Proof of Value to see what shadow AI exists in your environment today.
The on-demand recording is available on the Mimecast Knowledge Hub. You will need to be logged in to watch. Make sure you are subscribed to the upcoming Maximizing Mimecast sessions so you do not miss what is coming next.
Have you already explored the Human Risk Command Center in your environment? Share what you found in the comments below.
Make sure you are logged in to leave a comment and connect with the Mimecast community.
