Beating Shadow AI & Data Breaches with Vocus and Fortinet

Organisations face mounting challenges in governing employee use of Gen AI tools as shadow adoption patterns create compliance and security risks across the enterprise.

A partnership between Vocus and Fortinet has produced a managed Secure Access Service Edge platform designed to address what the companies describe as shadow AI. 

The term refers to scenarios where staff use AI applications without employer knowledge or oversight.

According to Vocus, research from Australian Government and industry sources indicates that almost every organisation in the country has employees entering sensitive data into ChatGPT, Gemini and Claude without monitoring systems in place.

The Vocus Secure Shield service aims to provide technology leaders with visibility into how these tools are used within their organisations. The platform applies policy controls at the network level rather than blocking access entirely.

Shadow AI adoption patterns

Estimates cited by the companies suggest between 21% and 27% of white-collar workers use gen AI without employer knowledge. Industry data shows many organisations either ban AI tools outright or operate without clear usage policies.

Cybercriminals have adopted the same technologies to accelerate attack methods. These include social-engineering campaigns and vulnerability discovery processes.

The absence of visibility into AI usage could mean organisations cannot assess what data is being shared with external models. This creates potential exposure for proprietary information and regulated data.

Managed security service approach

The Vocus platform integrates Fortinet SASE capabilities into its network infrastructure. The service combines connectivity and security functions under a single managed offering.

"Australian businesses have a shadow AI problem and most don't yet realise the scale of it," says Tom Sykes, General Manager of Products and Marketing at Vocus.

"Employees are using AI. The question isn't whether to allow it, but whether you have visibility into what they're feeding these tools and can put sensible guardrails in place."

Tom adds that the company is seeing demand from enterprise and government customers for services that provide visibility rather than blanket blocking policies.

"CIOs and CISOs want visibility into what people are doing with AI, not another blocking policy that's simply worked around," Tom notes. 

"Secure Shield brings together Fortinet’s AI driven cybersecurity platform with the Vocus national network – fibre, mobile and satellite – as a fully managed service."

The platform builds on an existing relationship between Vocus and Fortinet. Vocus already manages around 10,000 Fortinet devices and endpoints across Australia.

Visibility over restriction policies

The service operates on the premise that blocking AI tools creates workarounds rather than compliance. Policy-based guardrails aim to coach users toward appropriate decisions.

"You cannot block your way out of this problem," says Dale Nachman, Senior Regional Director for ANZ at Fortinet.

"The only durable answer is deep visibility into what applications your staff are actually using and what data is moving through them, combined with policy-based guardrails that coach users toward good decisions rather than just slamming a door in their face."

The platform monitors activity within AI applications rather than simply tracking access attempts. Data loss prevention capabilities can flag or prevent sensitive information from being shared with public models before it leaves the organisation.

This approach could allow organisations to enable Gen AI adoption while maintaining governance controls. The system applies application-level awareness to track what data moves through these tools.

Enterprise AI governance demands

The launch follows a period of increased data breach reports in Australia. According to Vocus, more than 500 notifiable incidents were recorded in the first half of 2025.

Malicious or criminal attacks represent the primary cause of these incidents. This creates pressure for organisations to update their security frameworks.

The service uses pre-configured Fortinet SD WAN or SD Branch devices that can self provision over 5G networks. This automation is designed to enable new sites to come online in minutes rather than days.

The combination of connectivity, security and AI oversight within a single managed platform could appeal to distributed enterprises looking to scale gen AI adoption securely.

Vocus Secure Shield is now available to enterprise, government and wholesale customers across Australia.