Apple @ Work: Macs, AI, and the blind spot in enterprise security

Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple. As someone who had the only Mac in the company I worked for 20 years ago, it’s been a fun journey to see Apple grow so much in the enterprise, particularly the Mac. Macs have quietly become the go-to device for a lot of modern knowledge work, and with that comes a growing reality as AI functionality becomes baked into everything. AI tools are everywhere. Some are built into apps employees already use. Others show up through the browser or get installed without any oversight. Frankly, AI usage is the biggest examples of Shadow IT I’ve ever seen. Most of these tools are completely invisible to IT. Some of my favorite gear Abode Home Security System Abode is the best home security system and includes compatibility with HomeKit. About Apple @ Work: Bradley Chambers managed an enterprise IT network from 2009 to 2021. Through his experience deploying and managing firewalls, switches, a mobile device management system, enterprise grade Wi-Fi, 1000s of Macs, and 1000s of iPads, Bradley will highlight ways in which Apple IT managers deploy Apple devices, build networks to support them, train users, stories from the trenches of IT management, and ways Apple could improve its products for IT departments. New research from 1Password highlights a problem for IT teams. Even with policies in place, enforcement is a struggle. AI is spreading faster than security can keep up, and the Mac sits right in the middle. It reminds me a little bit of when mobility and needing access to corporate resources, regardless of location, took hold in the early 2010s. When IT is on its heels and reactive, trouble can be lurking. There is a good chance that many employees are already using AI tools on their Macs. Some might be part of a writing app. Others could be browser-based (even Google Gemini) or from the Mac App Store, which IT never approved. The problem is not that people are trying to bypass rules or securitiy. Some of this functionality is being built in from existing apps. The problem is that most organizations do not even know it is happening or where the data is going. 1Password’s research found that only 21% of security leaders say they have full visibility into what AI tools are being used. For Apple IT admins, that is a huge blind spot. When AI tools start pulling in sensitive company data, even unknowingly, the risk grows fast. That includes data being sent to tools that use public language models and could store or learn from what employees upload. Again, this feels VERY similiar when file sharing services moved to the cloud (Dropbox in the early 2010s, etc). Some of my favorite gear Aqara Smart Lock U50 Upgrade your doors with Apple Home Key and the Aqara U50. The fix starts with visibility. Mac admins need to work with security teams to determine what tools are being used. That might include adding reporting for network activity, telemetry data, tracking app installs, or using SaaS discovery tools. It is also worth conversing with teams about how they use AI in their workflows. You cannot block what you do not know about. Similar to how companies track vulnerabilities in their approved apps. You’ll want to have a database of all your tools using AI and what’s happening with that data. Policy enforcement only works if you can see what is happening It is one thing to write a security policy. It is another thing to make it stick. That is the challenge for a lot of IT teams right now. AI adoption is moving faster than enforcement. People are not trying to break the rules when they’re using AI. They are just trying to do their jobs faster. If you use LinkedIn, you’ll realize that everyone from marketing to engineers is being told “you must use AI and be an expert” to stay relevant. But when those tools are not approved or monitored, you lose control of your data and open the door to real risk. There is a saying for security teams right now, hackers aren’t breaking in, they’re logging in. For Mac admins, this creates a visibility and policy problem. Even with system extensions, configuration profiles, and network controls in place, most teams are not set up to flag unauthorized AI usage—especially if it’s baked into your approved tools. If you are not using any kind of SaaS discovery or endpoint telemetry, you are flying blind. That includes apps that are only used in a browser. This is where coordination with legal and security teams matters. Figure out what is allowed and what is not. Define what enforcement looks like. Is it blocking? Is it just logging? Is it a conversation with the employee? Once those guardrails are in place, Mac admins can map technical enforcement to real-world behavior. Some of my favorite gear eufyCam 2C Upgrade your home security with wireless cameras that includes HomeKit compatibility. Identity and access models were not built for AI agents This is the part that sneaks up on people. Employees are not just using AI tools; they are giving those tools access to systems and data. That includes pasting in passwords, hard-coding API keys, or connecting AI agents directly to company data. These agents are not people, but they are acting like users, and most identity platforms are not built to manage them. This means the usual device trust model is not enough for Mac admins. If an AI agent is sitting on a Mac and talking to your backend systems, it must be treated like any other identity. That means controlling what it can access, tracking its behavior, and having a way to shut it down if something goes wrong. Apple’s work with Platform SSO and Managed Apple Accounts can help tie identities to devices. However, the next step is to figure out how to apply that same thinking to non-human agents. If you are not tracking what they can do, you are taking on risk without realizing it. The role of Mac admins in securing the future of AI A few weeks ago, I wrote an article about how MDM (aka device management services) is no longer enough to succeed with Apple at work. This problem is a prime example of where you have to go further. Apple gives IT teams a solid foundation with tools, but securing AI in the workplace means going a step further. Mac admins need to treat AI tools and agents like any other part of the environment. For Mac admins, the response shouldn’t be to lock things down more. It should be about knowing what is happening, understanding the risks, and working with security and legal to implement smart policies. That includes visibility into tool usage, enforcement that matches real behavior, and identity models that account for people and machines. Apple @ Work is exclusively brought to you by Mosyle, the only Apple Unified Platform. Mosyle is the only solution that integrates in a single professional-grade platform all the solutions necessary to seamlessly and automatically deploy, manage & protect Apple devices at work. Over 45,000 organizations trust Mosyle to make millions of Apple devices work-ready with no effort and at an affordable cost. Request your EXTENDED TRIAL today and understand why Mosyle is everything you need to work with Apple.