HomeResourcesShadow AI and Smart Risk: Navigating Enterprise Innovation with Lianne Appelt of Salesforce

Shadow AI and Smart Risk: Navigating Enterprise Innovation with Lianne Appelt of Salesforce

June 13, 2025
Lianne Appelt

In a recent episode of Brick by Brick, host Jason Reichl sits down with Lianne Appelt, Enterprise Risk Management Lead at Salesforce, to explore the emerging challenge of "Shadow AI" and how organizations can balance innovation with security. Lianne shares her decade-long journey in risk management, her approach to enterprise-wide risk governance, and actionable strategies for managing AI adoption safely.


To find out how TrustLayer manages risk so that people can build the physical world around us, head to TrustLayer.io.

The rapid adoption of AI tools has created an unexpected risk: employees using unauthorized AI platforms that could expose sensitive company data. This phenomenon, known as "Shadow AI," represents one of the most pressing challenges facing enterprise risk managers today.

"Shadow AI is basically describing a situation where you have employees using AI in a way that can put your company at risk or the AI technology itself is not effective and is potentially exposing you because it's not correct." — Lianne Appelt

Lianne emphasizes that while organizations want to encourage AI adoption and upskill employees, they must do so safely without creating new vulnerabilities.


Risk-Specific Appetite Management

Unlike traditional enterprise risk approaches that rely on broad organizational statements, Lianne advocates for a more nuanced strategy. Her framework assigns specific risk appetites to different business areas:

Higher Risk Tolerance:
  • Innovation and product design
  • Technology development and capabilities
  • Creative processes that drive competitive advantage
Lower Risk Tolerance:
  • Financial management and reporting
  • Regulatory compliance
  • Data security and privacy protocols

"We're not gonna be taking the same amount of risk in different areas throughout the company. In tech we're very innovative, so in innovation and product design, we're gonna be much more risky, open to risk than in our financial management, in our regulatory space." — Lianne Appelt


The Internal AI Solution

To combat Shadow AI risks, Salesforce has implemented a comprehensive strategy centered on providing protected internal alternatives:

Provide Protected Tools:
  • Deploy enterprise-grade AI platforms with built-in security controls
  • Integrate AI capabilities within existing trusted systems (like Google Suite)
  • Ensure internal tools match the convenience of public AI platforms
Implement Governance Framework:
  • Establish clear policies around AI usage and data handling
  • Create training programs that educate employees on appropriate AI applications
  • Build awareness around the risks of external AI tools
Maintain Human Oversight:
  • Require human verification of all AI outputs for accuracy and bias
  • Establish controls while acknowledging human tendencies to find workarounds
  • Focus on ethical considerations and data validation

"You have to make sure that it is accessible and that they know how to use it and where it is... that training and policy and governance around that is crucial." — Lianne Appelt



The Innovation Imperative

Perhaps most importantly, Lianne warns that avoiding AI altogether poses the greatest risk of all. In today's competitive landscape, organizations that fail to adopt AI risk being disrupted by more agile competitors.

"Avoiding the risk altogether is not really an option... we're in a huge innovation transformation space where it's easy to get disrupted now." — Lianne Appelt

The key is maintaining a clear vision while building customer trust and accelerating AI capabilities responsibly.


Managing AI Across the Enterprise

Lianne's approach extends beyond internal usage to encompass the entire business ecosystem:

Customer Education:
  • Help customers understand how to use AI ethically and effectively
  • Provide training similar to previous cloud security education initiatives
  • Build trust through transparency and education
Third-Party Risk Management:
  • Apply the same governance standards to vendors and partners
  • Ensure AI implementations across the supply chain meet security requirements
  • Maintain oversight of customer AI implementations that could impact your organization
Acquisition Integration:
  • Develop comprehensive M&A playbooks for AI risk assessment
  • Address cultural mismatches when integrating AI-forward startups
  • Balance innovation culture with enterprise security requirements



The Future of AI Risk Management

As the AI landscape continues evolving, Lianne predicts that successful organizations will be those that embrace AI while maintaining robust governance frameworks. Key trends include:

  • Specialized AI Risk Teams: Dedicated professionals focused on AI governance and oversight
  • Continuous Adaptation: Regular review and refinement of AI policies as technology evolves
  • Cultural Integration: Fostering innovation cultures that naturally incorporate risk management principles


Final Thoughts:

Shadow AI represents both a significant challenge and an opportunity for forward-thinking organizations. By providing secure internal alternatives, implementing comprehensive governance frameworks, and maintaining human oversight, companies can harness AI's transformative power while protecting their most valuable assets.

Lianne's insights demonstrate that the future belongs to organizations that can balance innovation velocity with intelligent risk management—those that embrace AI strategically rather than reactively.

To learn more about how enterprise risk management is evolving in the age of AI, tune in to this episode of Brick by Brick.

You might also like

View all resources

Beyond Black Box AI: Building Trust While Driving Innovation by Puneet Matai of Rio Tinto

Explore AI governance in finance with Puneet Matai—balancing risk, ethics, and innovation in regulated industries.

Real-Time Insurance License Verification

TrustLayer's NIPR integration helps agencies verify producer licenses in real time. Track expirations, automate alerts, and eliminate manual compliance work.

Understanding COI Compliance in Insurance Verification Processes

Learn key COI compliance requirements to protect your business. Stay compliant, reduce risk, and simplify certificate tracking.

Certificates of Insurance for Business - Challenges and Solutions

Looking solutions to manage certificates of insurance for your business? Learn strategies overcome challenges with simple solutions from Truslayer. Read more

The Significance of Third-Party Risk Management: Safeguarding Your Organization

Being proactive rather than reactive can change the end result in the best way possible...savings money and avoiding risks? Sign us up! As new or potential risks come to light, amend your workflows and make them work for you, and streamline where you can.

Understanding the Three Different Phases of Compliance for Construction Companies

Looking for more information about compliance in the construction industry? Trustlayer experts breakdown the 3 phases everyone working in construction should know. Read more

Third-Party Risk Management for All

TrustLayer Starter brings AI-powered risk management to small businesses—free for teams managing under 50 vendors. Learn how Starter automates compliance, streamlines vendor onboarding, and makes third-party risk management more accessible than ever.

AI Compliance Tracking for Small Teams: TrustLayer Starter Explained

TrustLayer Starter isn’t just free—it’s built for teams still chasing COIs manually. Get AI-powered compliance tracking for up to 50 vendors, no IT or training needed. Start simple, grow smart.

Modern Risk Management Plan - 10 Core Beliefs from Experts

Being proactive rather than reactive can change the end result in the best way possible...savings money and avoiding risks? Sign us up! As new or potential risks come to light, amend your workflows and make them work for you, and streamline where you can.

Responsible AI Isn't Optional: New Strategies for Risk Management Success with Rohan Sen

Explore how to balance AI innovation and risk management with PwC’s Rohan Sen in The Power of AI in Risk podcast.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus ultrices nunc ante, eget accumsan turpis fermentum tempus. Cras nec mauris et enim malesuada.

Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Phasellus ultrices nunc ante, eget accumsan turpis fermentum tempus. Cras nec mauris et enim malesuada.

Products

SolutionsVendors and contractorsRisk Management for ConstructionBest COI tracker for Commercial LendingBest COI tracker for ConstructionBest COI tracker for EnterpriseBest COI tracker for EventsBest COI tracker for FranchisesBest COI tracker for HealthcareBest COI tracker for Real EstateBest COI tracker for Rental EquipmentBest COI tracker for RetailersBest COI tracker for Workers Comp

Comparison

TrustLayer vs Business Credentialing ServicesTrustLayer vs BunkerTrustLayer vs CertFocusTrustLayer vs CtraxTrustLayer vs DocutraxTrustLayer vs JonesTrustLayer vs myCOITrustLayer vs Origami RiskTrustLayer vs RiskonnectTrustLayer vs SmartComplianceTrustLayer vs VeriforceTrustLayer vs ZenGRC

Company

AboutPlansCareersOur BlogSwag StorePartnersBrokersDevelopers
© Copyright 2025. TrustLayer, Inc. – All rights reserved.
(415) 358-1199
sales@trustlayer.io
Terms of ServicePrivacy PolicySitemap

Want to crunch a COI in seconds?

Modern risk managers voted and this was one of their favorite features.
Use it Here for FreeA free clickable demo for you to try!