An orange and white sign that says,'n roc '.
Solution
Blog
About Us
Newsroom
Get a demo
Get a demo
Prompt risks
Response risks
User behavior risks
Heatmap
January 13, 2025

Introducing a Risk Heat Map for employee GenAI SaaS usage

NROC Security introduces GenAI SaaS Heatmap for identifying risks of employee usage of GenAI in enterprises.

Through our conversation with security practitioners and GenAI innovators, we identified a need for a risk map that focuses on employee use of GenAI SaaS. Below is the first version of the NROC Security SaaS-GenAI Heatmap. We decided to start by creating a solid baseline for the heatmap as - like everyone knows - the area of GenAI SaaS develops so fast the Heatmap must be updated continuously.  So treat this as a snapshot of today. 

Many ratings are certainly subject for debate, and we welcome your points of view, please put them into the comments section!

There are  three takeaways right out of the gate:

  1. Common terminology and specificity into internal debates about the risks of GenAI adoption. Even with  the first glance it already shows that the risk picture is very different from traditional SaaS, and many of the risks are not easily addressed by existing security solutions. The risk also varies greatly from service to service. Most enterprises seem to be having a portfolio of GenAI apps and therefore exposure to the most of the risks.
  2. GenAI ends up as a portfolio of all enterprises, and will require a portfolio of policies. To realize the productivity promise of GenAI, any and all enterprises will have apps from most of the columns of the risk map. But the acceptable use policy can hardly be the same between a consumer grade AI assistant (that’s very accessible and great at search) and embedded GenAI experience in a business process SaaS. This is certainly a complication that nobody wanted, because it complicates employee training and security operations.
  3. Risks require very specific mitigations, like jailbreak detection technologies, but very straightforward tactics like visibility and logging of interactions will go a long way. We have found that doing the basics in an employee visible is a way to hold the users accountable. And when the tone of those interventions is in line with the company culture, the effect can actually feel empowering, rather than restricting.

As said in the beginning, this will be a living document and we welcome the inputs from practitioners and GenAI innovators alike. For a powerpoint version of the map, along with risk definitions and factors considered, you can download it from here

NROC Security is the only solution that comprehensively addresses all potential causes of GenAI copilot security and compliance vulnerabilities – user access, user behavior, prompt and response content - to fully secure them while maximizing their potential for business productivity.

Written by
Antti Reijonen
Co-Founder and CEO
Share This

Get insights on boosting GenAI app adoption safely

Subscribe to NROC security blog

More blog posts

Unlocking productivity with GenAI: How Northamber and NROC Security make productivity and governance work together

Generative AI is accelerating faster than governance, leaving many organizations struggling to balance innovation with security. Join Northamber and NROC Security for a webinar that shows how productivity and safe GenAI use can go hand in hand.
Webinars
Productivity

Between the Guardrails: GenAI adoption rises. Guardrails and visibility trail behind.

Generative AI is no longer experimental. It is already part of everyday work in most organisations. The growing problem is – the guardrails and training needed to make GenAI safe are not keeping up.
Governance
Productivity

This website uses cookies to ensure you get the best experience on our website. Learn more

Accept All Cookies Reject All