In Gidi Cohen’s latest Substack article, he separates three patterns: Shadow AI (unapproved tools), Insecure AI (misconfigured systems), and Shady AI (approved AI behaving in ways that break policy, trust boundaries, or regulation). Although Bonfy can address both Shadow and shady AI, itis built specifically for the last category: AI that is technically allowed, but semantically wrong in how it uses or exposes data.

Instead of just asking “where is AI used?”, Bonfy focuses on “what is this AI actually doing with our content and which human, system, or agent is involved?”. That makes it a fit for the real-world failures Gidi calls out: wrong customer in a response, the wrong entity included, compliant data used in non‑compliant ways, or agent actions drifting from policy.

What Bonfy Actually Does

Bonfy is an AI data security platform that protects unstructured content across email, files, SaaS apps, collaboration tools, copilots, AI agents, and internal AI-enabled systems. It combines three core capabilities:

  • Multi-channel coverage: data in motion, at rest, and in use across email, SaaS, collaboration, AI systems, and agents, via native connectors, standards such as MCP and APIs.
  • Contextual, entity-aware analysis: understanding Identities (humans, machines, agents), customers, consumers, and business relationships behind the data to distinguish generic from customer‑specific content.
  • Unified control plane: one policy and automation engine for discovery, classification, labeling, detection, and enforcement across human and AI workflows.

This means the same engine that catches overshared files in email can also evaluate what M365 Copilot retrieves, what an internal agent reads from SharePoint, and what that agent tries to send outside the company.

How Bonfy Addresses Shady AI

Bonfy tackles Shady AI at three layers that map directly to Gidi’s risk patterns.

  • Upstream / grounding control
    • Bonfy applies granular, entity-aware labels to content in systems like SharePoint, Google Drive, email, and file stores, then shares those labels with AI control planes (e.g., Purview).
    • This controls which data copilots, RAG systems, and agents are allowed to index, retrieve, or use during reasoning, reducing “wrong customer/wrong dataset” exposures before prompts even run.
  • Downstream / output control
    • Bonfy inspects what AI systems and agents produce as they hit real channels: email, collaboration spaces, CRM, knowledge bases, and other SaaS apps.
    • It can block, quarantine, modify, relabel, or redirect risky content, ensuring outputs tied to real customers, PHI, PCI, IP, or other regulated data remain aligned with policy.
  • Data‑in‑use / agent reasoning control (the MCP story)
    • Bonfy exposes its own MCP server, so agents can call Bonfy during their reasoning process.
    • An agent author can literally instruct: “Do task X, but verify with the Bonfy service that there’s no PII or cross‑customer data before proceeding.”
    • During execution, the agent sends candidate content to Bonfy (“Is this safe?”); Bonfy evaluates risk, entities, and labels; the agent then uses that signal to continue, redact, or change behavior.

These three layers address the exact subtle failures Gidi flags: wrong recipient, wrong entity, policy‑breaking combinations of otherwise “compliant” data, and high‑confidence mistakes feeding real workflows.

Concrete Examples of “Shady AI” Outcomes Bonfy Stops

The platform’s day-in-the-life stories show how sanctioned AI can quietly drift into Shady AI, and how Bonfy intervenes.

  • A corporate lawyer uses Copilot and an enterprise ChatGPT instance to draft agreements. Copilot pulls a limitation of liability clause from another client’s MA deal; autocomplete also selects the wrong “John” in email. Bonfy analyzes the email and attachment in real time, detects entity mismatch and client‑specific clauses, and safely pauses the send.
  • A support engineer uses Einstein GPT and ChatGPT to turn a case transcript into a Salesforce knowledge article, inadvertently including EU PII and toxic language. Bonfy evaluates the draft at publish time, flags the PII, identifies which customers it belongs to, and blocks publication until it’s fixed.

In both cases, the tools are fully sanctioned and correctly integrated; the risk lies in AI‑accelerated mistakes at the content level. Bonfy’s entity-aware engine, applied inline, prevents those Shady AI incidents without requiring the organization to slow down or abandon AI.

Why This Is Different from Traditional Controls

Traditional DLP, DSPM, SWG/CASB, and LLM firewalls focus on channels, storage, or model prompts, but they struggle with semantic, entity‑specific violations inside approved AI workflows. Bonfy is designed for:

  • Multi‑hop AI flows: human → SaaS → LLM → agent → downstream automations, all sharing and transforming unstructured data.
  • Non‑deterministic AI behavior: hallucinations, probabilistic inference, and “creative” reasoning that generate unexpected combinations of sensitive content.
  • Mixed human/agent ecosystems: correlating behavior and risk across employees, service accounts, systems, and AI agents with entity‑level risk scoring.

Instead of trying to be “an agent firewall” or purely a configuration checker, Bonfy secures the data plane for AI, wherever content moves, is transformed, or is acted upon by humans or agents. That is exactly where Shadow AI becomes Shady AI in Gidi’s framing, and it’s where organizations need precise, contextual guardrails rather than coarse controls.

If you’d like a demo of Bonfy Adaptive Content Security (ACS), please click here.