What the recent xAI case taught us about insider risk - SC Media

COMMENTARY: The recent lawsuit filed by Elon Musk’s startup xAI against former engineer Xuechen Li is an old tale that takes companies by surprise in the most concerning of ways. When a trusted engineer – not an outside threat – can allegedly download proprietary Grok intellectual property and jump to a competitor, it shows how truly exposed most organizations really are. According to industry reports, insider threats now account for 60% of all data breaches, with the average cost reaching $4.9 million per incident. Yet, most organizations still rely on perimeter-based security strategies designed for an era when employees worked from cubicles and data lived on company servers. [SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.] But we shouldn’t focus on the rogue employee or the profile of the company: this incident shines a bright light on the fundamental mismatch between how we protect data and how work actually happens. We should never ask whether data theft will occur. Instead, we should all accept that it will happen. The big question: can companies adapt defenses before incurring losses? How data gets exposed The corporate perimeter disappeared during the pandemic. We let our guard down. But security hasn’t really caught on since then. And that’s why cases like xAI happen. IP lives and flows through dozens of cloud applications, employee devices, and AI tools. Workers can access sensitive data from anywhere: coffee shops, home offices, shared workspaces. And they can do it from personal devices on unsecured networks. The xAI incident bore all the hallmarks of an incident of this nature. It involved: Sophisticated targeting: Modern threat actors don't steal randomly. They identify intellectual property that could "save competitors billions in R&D"—algorithms, customer data, strategic roadmaps, and trade secrets that represent years of competitive advantage. Advanced evasion: According to reports, Li allegedly deleted logs to cover his tracks. Today's insider threat actors understand security controls and actively work to bypass detection, making traditional monitoring systems largely ineffective. Legitimate access advantage: Trusted employees have authorized system access, understand data classification, and know approved transfer methods. This makes malicious activity nearly indistinguishable from normal business operations. How to protect the crown jewels Attacks will continue to become more sophisticated - especially given AI becoming more effective. That’s why it’s important to have a game plan and take action. Here’s what teams can do regularly to establish standards: Conduct comprehensive data audits regularly to identify where intellectual property actually resides and who can access it. Many companies discover sensitive information in unexpected locations across their technology environment. Deploy real-time DLP monitoring across all data movement channels, including cloud applications, email systems, AI applications and endpoint devices. Comprehensive visibility enables effective protection. Establish automated incident response procedures that can immediately contain suspected threats while human analysts investigate. Build security consciousness Technology represents only one part of the equation. Companies also have to work on their corporate culture. Make data protection a core responsibility of every employee through several proven strategies. For example, regular scenario-based training can help employees recognize and report suspicious activities. It’s equally important to have in the moment coaching when employees engage in risky behavior. Also, setting clear data classification policies can help workers understand what information requires protection. And, structure access reviews to ensure employees only retain permissions they actively need. Another very important component: good programs balance security with trust, creating protective systems without fostering surveillance culture that damages morale and productivity. The xAI case isn't just about one company messing up. It's what's will happen to everyone as our work becomes more digital and our secrets get more valuable. We can't hire our way out of this situation. There aren't enough security people to go around. So we need smart systems that make our teams more effective and give us early warning when something's wrong. It’s a pretty simple choice. Either we update how we protect our data to match how people actually work today, or we risk business IP and potential reputational damage. Rohan Sathe, co-founder and CEO, Nightfall AI SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.