In Sophia Antipolis, at the heart of the Côte d’Azur’s artificial intelligence ecosystem, the MIA hosted an after-work event dedicated to a topic that has become central. How can AI be used without exposing one’s company, employees, customers, and sensitive data? Behind this seemingly technical question lies a much broader issue: that of digital governance and sovereignty. That of the responsibility of organizations in a world where AI accelerates innovation as much as threats.

The conference, organized with SICTIAM, the Maison de l’IA, the CCI Nice Côte d’Azur, CASA, and the Université Côte d’Azur, brought together two specialized speakers. Laurent Dubling, part-time Chief Information Security Officer, and Laurent Baubiat, cybersecurity engineer and judicial expert. Both delivered a clear, operational, and sometimes deliberately unsettling reflection on the ongoing transformation.

Their central message can be summed up in a few words: the fundamentals of cybersecurity remain valid, but AI changes the scale, speed, and complexity of risks.

Sophia Antipolis, AI and Cyber Territory

The Alpha site in Sophia Antipolis is presented as one of the AI metacampuses in the territory. It brings together the Maison de l’IA, the Eurecom IA Center, incubators, a startup nursery, and more than sixty startups. Surrounding this ensemble are the Université Côte d’Azur, 3IA Côte d’Azur, Inria, Eurecom, the SophiaTech campus, as well as numerous public and private partners.

This concentration of players makes Sophia Antipolis a strategic location for thinking jointly about AI and cybersecurity. Because the two fields are now inseparable. AI is becoming a productivity tool, but it also constitutes a new attack surface. It modifies internal practices, creates new data flows, introduces external suppliers, and makes it harder to distinguish between controlled innovation and risky experimentation.

It was in this context that the creation of the Sophia Antipolis Cyber Campus was recalled, integrated into a broader regional dynamic in the Région Sud. Alongside the cyber campuses of Euromed Marseille, Salon-de-Provence, and Toulon, Sophia positions itself on a specific vertical: AI and cyber. The approach is based on participatory governance, co-construction, training, awareness-raising, mobilization of experts, and support for SMEs, local authorities, and public organizations.

This territorial dimension is important. Cybersecurity is no longer just the concern of large companies. It affects municipalities, schools, associations, liberal professions, industrial SMEs, law firms, healthcare players, and local authorities. Every organization now handles data. Every organization already uses AI, directly or indirectly. The question is therefore no longer whether it will be affected, but how it will prepare.

The ANTS Leak: A Case Study on the Value of Data

The conference opened with a concrete case: the data leak affecting ANTS, presented as a major incident involving 11.7 million accounts. The exposed data included surnames, first names, email addresses, and dates of birth. Biometric data and attachments were reportedly not disclosed, but the damage remains considerable.

This case illustrates an essential reality: a data breach is not limited to the theft of a file. It feeds an ecosystem of identity theft, phishing, document fraud, and profile reconstruction. An email address associated with a name, first name, and date of birth can be enough to produce a highly credible fraudulent message. Cross-referenced with other compromised databases, it becomes raw material for more targeted attacks.

The speakers emphasized a point: the challenge is not just to avoid the attack. It is also to know how long it will take to detect, communicate, contain, and resume activity. In the case mentioned, several days elapsed between detection and official communication. This delay raises questions about internal crisis management processes, but also about the maturity of organizations in terms of business continuity.

Modern cybersecurity must now integrate detection, incident response, traceability, stakeholder information, remediation, and feedback. The true maturity indicator is no longer just the absence of incidents. It is the ability to function despite the incident.

AI Transforms the Threat Landscape

In 1996, internet threats were still marked by classic viruses and Trojan horses. In 2006, organized cybercrime took off with phishing, theft of banking credentials, and the first major digital scam campaigns. In 2016, professionalization was complete with the era of ransomware, massive leaks, and state or para-state attacks.

In 2026, according to the projection presented, threats are driven or amplified by AI: automated phishing, voice deepfakes, biometric identity theft, compromise of connected objects, adaptive attacks. The major change comes from acceleration. A credible phishing campaign that once took several hours can now be produced in a few minutes. A fake site can be cloned, published, promoted, and replaced almost immediately after deletion.

This speed changes defense. When a company shuts down a fraudulent domain, another can appear ten minutes later. When a phishing message is detected, a personalized variant can be generated instantly. The attack becomes more fluid, more industrialized, more adaptive. It is no longer just automated; it becomes contextual.

Ransomware itself adapts. Attackers assess the value of data, defense capabilities, the possibility of exfiltrating or encrypting, then choose their strategy. AI can facilitate this preliminary analysis. It can summarize stolen internal documents, identify the most sensitive data, prepare pressure messages, or automate negotiations.

This evolution forces companies to change their posture. It is no longer enough to protect a system. One must understand the data, know the flows, limit access, segment rights, and anticipate misuse.

Shadow AI: The New Major Risk for Organizations

The core of the conference focused on Shadow AI. The term refers to the use of artificial intelligence tools that are unauthorized or uncontrolled by employees of an organization. This phenomenon extends Shadow IT, but with new gravity. In Shadow IT, an employee could use a non-validated tool. In Shadow AI, they can transfer sensitive data to an external model, request legal analysis, summarize an HR file, correct a contract, generate code, or process a customer file.

The risk is therefore immediate. It affects confidentiality, trade secrets, intellectual property, GDPR compliance, contractual security, and decision quality. The speakers recalled that many employees already use public generative AI in their professional activities. Some have personal paid subscriptions. But a paid version does not necessarily mean security adapted to the company. The essential question remains contractual and technical: is the data reused to train the model? Where is it hosted? Who can access it? What logs are kept? Is there a commitment not to reuse? Does the provider offer guarantees of audit, encryption, compartmentalization, and deletion?

The first risk is the leak of sensitive data. The second is the production of flawed or uncontrolled decisions. The example cited of Deloitte in Australia illustrates the problem: a report generated with AI support, insufficiently reviewed, can contain errors, fictitious references, or approximations. In a professional context, these errors are not trivial. They engage the credibility of the organization.

Shadow AI therefore creates a paradox. Employees often use it to do well: save time, improve a summary, speed up research, automate a task. But in the absence of a framework, this initiative can become a major vulnerability.

An Essential Reading Grid: Free, Paid, “Enterprise”

The conference clarified a point often misunderstood: not all AI uses present the same level of risk, but price does not constitute a sufficient indicator of security.

In the free version of ChatGPT, for example, the user operates in a public framework. The entered data can be used to improve the models. There is no strong guarantee suitable for professional use. The risk of leakage and loss of control is high. “When it’s free, you are the product.”

The individual paid version introduces a cognitive bias. It improves performance but does not fundamentally transform the contractual framework. The user may feel they are using a secure tool, while guarantees remain limited. This false sense of security can lead to riskier uses.

The “enterprise” version marks a break. It offers a suitable contractual framework, with commitments on the non-use of data for training, reinforced security mechanisms, and centralized governance. The company can control access, supervise uses, and integrate the tool into its information system.

But this solution is not an absolute answer. It requires rigorous configuration, a clear policy, and user training. Without that, risks persist.

The Prompt as the First Act of Governance

The conference devoted an operational part to prompt best practices. The proposed method is based on five questions: who, what, where, how, why. This simple approach helps structure the request addressed to the AI.

The “who” defines the expected role of the AI: legal expert, research assistant, cybersecurity consultant, documentary analyst. The “what” specifies the task to accomplish: summarize, compare, extract, reformulate, classify, generate. The “where” provides context and the target audience: management committee, students, customers, employees, public decision-makers. The “how” specifies the style, format, language register, and level of detail. The “why” clarifies the final intention: prepare a decision, train, publish, audit, convince, or document.

This method does not solve everything, but it reduces vague responses, hallucinations, and erroneous interpretations. An imprecise prompt produces a random response. A contextualized prompt improves the relevance of the result.

But this practice immediately poses a difficulty: to obtain a relevant response, the user is tempted to provide more context. But this context may contain sensitive information. The good prompt is therefore not just a performance issue. It is also a security issue. One must learn to contextualize without disclosing.

Anonymization, Pseudo-anonymization and Minimization

The speakers proposed concrete practices to limit risks before using AI. The first is minimization. Only transmit what is necessary. The second is anonymization or pseudo-anonymization. Before depositing a document in an AI tool, names, addresses, emails, dates of birth, salaries, IBANs, contractual references, medical data, or identifying elements should be removed or transformed.

The simplest tools already exist: search-replace in Word or LibreOffice, transformation formulas in Excel or Calc, partial masking, random substitution, replacement of real emails with fictitious emails. These methods may seem rudimentary, but they are a first barrier.

For PDF files or larger volumes, Python scripts can automate certain replacements. But the speakers were clear: robust anonymization is complex. It becomes difficult when documents contain images, scans, tables, metadata, annexes, or cross-references. In this case, more advanced data masking tools are necessary.

A question asked in the room clarified an essential point: using an online anonymization tool can itself create a leak. If a sensitive document is uploaded to an external service to anonymize it, the risk of transmitting the information already exists. The safest solutions are therefore local, installed on the workstation or in the company’s controlled environment. The logic is simple: you do not protect sensitive data by entrusting it to an uncontrolled tool.

Data: Visible Part, Submerged Part, Illicit Part

Before talking about AI, we must talk about data. The conference used the iceberg image to distinguish three categories.

The first includes voluntary data, deliberately produced and shared: information on LinkedIn, professional directories, company websites, public documents, prompts, publications. This data seems controlled, but it can be exploited by third parties, cross-referenced, indexed, or reused.

The second category concerns unconscious or involuntary data: digital traces, behaviors, metadata, uses, histories, information left to major platforms. This layer is harder to perceive. Yet it constitutes precious material for business models based on data exploitation.

The third category includes data collected illicitly, particularly during leaks or hacks. Once exposed, they can circulate on the dark web, be resold, correlated, enriched, then used in targeted attacks.

This typology recalls an often forgotten reality: AI security begins before AI. It begins with inventory, classification, quality, cleaning, and documentation of data.

The speakers gave a particularly concrete example: HR files. Many organizations keep copies of driving licenses, identity cards, bank details, criminal records, or personal documents beyond what is necessary. These files are sometimes stored in shared directories, without a clear retention policy. When AI is then connected to this data, the risk changes scale. The problem is no longer just excessive storage. It is the ability of a system to process, summarize, extract, and reuse this information.

Data governance therefore becomes a prerequisite for any serious AI strategy.

Governing AI: From Awareness to Internal Policy

For companies, several levels of action have been proposed.

The first is visibility. One must know which AI tools are used, by whom, for what, with what data. This requires analyzing flows, logs, network uses, but also establishing dialogue with teams. Shadow AI often thrives in organizational silence.

The second level is monitoring. AI solutions evolve rapidly. New tools appear every week. A company cannot forbid everything without losing agility, but it cannot authorize everything without losing control.

The third level is validation. Approved solutions must be identified, their general conditions examined, contractualized when necessary, authorized use cases defined, and prohibited data specified.

The fourth level is training. Employees must understand what they can do, what they should not do, and why. An overly abstract AI charter is not enough. Concrete examples are needed: do not deposit HR files in a public AI; do not integrate a patent in progress; do not transmit non-anonymized customer data; do not deploy generated code without human review.

The fifth level is governance. The company must formalize an AI policy. This can be integrated into the IT charter or be the subject of a specific document. It must specify authorized tools, responsibilities, validation rules, security requirements, control methods, possible sanctions, and improvement mechanisms.

Finally, technical security is needed: input and output controls, access restrictions, filtering, logging, segmentation, usage supervision, and blocking of unauthorized services when necessary.

AI Agents: Digital Employees to Be Managed

A particularly important point concerns AI agents. The speakers proposed a strong image: an AI agent must be considered as a company employee. This comparison is useful because it forces the right questions to be asked.

What data does the agent have access to? Can it read emails? Can it modify documents? Can it interact with a CRM? Can it send messages? Can it trigger actions? Who validates its decisions? What logs are kept? How to stop it in case of abnormal behavior?

An autonomous AI agent, connected to several tools, can become very powerful. It can also become very dangerous if poorly configured. The principle of least privilege must therefore apply: give the agent only the rights necessary for its mission, nothing more. The question of AI agents relates to API security. The speakers recalled that existing best practices, particularly those of OWASP, remain valid. AI does not eliminate fundamentals. It makes them more urgent.

ISO 42001: Making AI Governable

The conference then addressed ISO 42001, dedicated to AI management systems. The speakers emphasized a pragmatic approach: the objective is not to “do compliance for compliance’s sake.” It is about making AI more governable, more explainable, more reliable, and more deployable at scale.

An AI management system structures roles, responsibilities, risk analyses, controls, authorized uses, documentation, monitoring, and continuous improvement. It addresses organizations that develop AI systems as well as those that provide or use them.

The standard does not replace other frameworks. It articulates with ISO 27001 for information security, GDPR for personal data, the AI Act for European obligations related to AI systems, as well as with other sectoral frameworks.

The mentioned gains are multiple: strengthened governance, reduction of legal, technical, and reputational risks, regulatory preparation, stakeholder confidence, operational efficiency, and scaling. A company deploying several AI projects cannot rebuild a governance framework for each initiative. It must have a common foundation.

The logic is that of the Deming wheel: plan, implement, check, improve. This continuous approach is essential because AI evolves quickly. Today’s risks are not necessarily tomorrow’s.

Sovereignty: Choosing Architecture Adapted to Risk

The final part of the conference focused on architecture models. The discussion was particularly useful because it avoided simplistic oppositions. It is not about saying one model is good and another is bad. It is about choosing a solution proportionate to the level of risk, type of data, available skills, and business objectives.

The first level corresponds to Enterprise or Business AI solutions offered by major players. They allow better control than public accounts, with contractual commitments, data compartmentalization, and less reuse for training. For many companies, this is a realistic first step.

The second level consists of using an AI platform on a European regional cloud, with model choice, more precise location, and enhanced control. Services like AWS Bedrock allow selecting models, configuring agents, and choosing hosting regions.

The third level concerns shared sectoral platforms. They can meet the needs of sensitive sectors, such as justice, health, or administrations, with environments adapted to case confidentiality.

The fourth level relies on a sovereign or qualified cloud, for example SecNumCloud, allowing models to be hosted on controlled infrastructures.

The fifth level corresponds to hosting in one’s own data center, with servers, graphics cards, chosen models, inference tools, and stronger internal control. This option is mainly for large organizations or highly sensitive sectors.

Finally, the last level is local: running a model on one’s own workstation or on a small server, without external connection, with tools like GPT4All, Ollama, Docker Desktop, or LM Studio. This approach allows processing certain documents without them leaving the user’s environment. However, it requires technical skills and suitable equipment.

This gradation is valuable because it shows that sovereignty is not a slogan. It is an architecture, a trade-off, and a cost. It must be thought out according to actual use.

Digital Resilience: The Korean Example and the European Awakening

The speakers broadened the reflection to digital sovereignty. The example of South Korea was mobilized to show that a country can develop its own digital ecosystem: search engines, messaging, mobile payment, mapping, mobility applications, hardware infrastructures. This autonomy does not mean isolation. It means capacity for choice.

Europe, for its part, has data, talent, standards, industrial players, and research centers. But it remains heavily dependent on extra-European technologies, platforms, and infrastructures. This dependency becomes more sensitive in an unstable geopolitical context.

The example of French judge Nicolas Guillou, targeted by American sanctions in the context of his duties at the International Criminal Court, served to illustrate the concrete effects of these dependencies. When a player is sanctioned by a foreign power, digital, financial, or contractual services can become unavailable, even in Europe. The subject therefore goes beyond cybersecurity. It touches business continuity, legal independence, and the ability of an institution to function.

The debate on sovereign clouds also showed the complexity of the subject. Does an infrastructure operated in Europe, by European players, but based on American technologies, offer complete sovereignty? Probably not. Does it offer partial operational sovereignty? Probably. But one must look precisely at contracts, dependencies, updates, encryption keys, obsolescence risks, and extraterritorial obligations.

Sovereignty is not decreed. It is verified.

A Final Message: Learn, Critique, Master

The conference concluded with a call for lucidity. AI should neither be rejected nor blindly adopted. It must be understood, tested, framed, documented, and governed. Organizations must learn to use it without abandoning their critical spirit.

The real danger does not come only from the tool. It comes from the illusion of ease. An AI that responds quickly is not necessarily right. An AI that produces a convincing text can hallucinate. An AI that codes can introduce vulnerabilities. An AI that summarizes can omit a crucial detail. An AI that automates can act beyond what was intended.

Conversely, a well-framed AI can become a considerable lever. It can help analyze risks, document processes, accelerate compliance, improve training, detect anomalies, assist teams, and strengthen productivity. But it can only produce sustainable value if data is controlled, responsibilities are defined, and uses are secured.

The major lesson from this conference therefore lies in this articulation: dare AI, yes; but not without governance. Experiment, yes; but not without a framework. Automate, yes; but not without human control. Deploy, yes; but not without a data strategy. Because the question is no longer just: what can AI do for the company? The real question becomes: what becomes of the company when its data, decisions, and processes begin to be processed by systems it does not fully control?