Homepage Murfin Group newsroom
Register as BUSINESS Register as PR AGENCY Register as JOURNALIST

When an Australian employee pastes a client contract into ChatGPT, their employer has no idea it happened. The AI speeding ticket is the answer.

Announcement posted by Murfin Group 18 May 2026

Sydney, Australia, 12 May 2026: Yonatan Amare and Inder Bedi run cybersecurity for Y Victoria, YMCA Victoria. Six entities. More than 5,000 people. Seventy per cent of the workforce casual. Limited resources, and a board with low appetite for risk. What they built is ahead of organisations with security budgets ten times the size. They know what their people are putting into AI tools. They act on it in real time. And they changed the behaviour of their entire workforce without blocking a single application. 

Inder Bedi, Network and Security Manager, explains how: "This real-time intervention is significantly more effective than traditional training. Monthly training is a tick-box exercise and the users can ignore it. This concept transforms a security violation into a teachable moment. As soon as a user does something they are not allowed to do, they get an alert. Once they know they have done something wrong, they tend not to do it again. They want to self-correct." 

Yonatan Amare, IT Manager, describes what that looks like in practice: "They know the tool is always there. They know what is correct and what is wrong. And if you are doing something wrong, you get the ticket. It tells you what has gone wrong and how to correct it. Usually, they do not repeat. It is very effective." 

This is the AI speeding ticket. Speed cameras do not close roads. They record the moment it happens and change behaviour through consequence, not restriction. Drivers slow down because they know the camera is there. GuardWare INSIGHT applies that logic to shadow AI. It monitors every channel where sensitive data can move, including ChatGPT, Copilot, Claude, and other AI tools, USB devices, cloud drives, email, and home environments. When a risky action happens, the employee, their manager, and the security team are all alerted simultaneously. The employee gets a clear explanation and a path to an approved alternative. No block. No friction. Behaviour change at the moment it matters. 

The problem INSIGHT addresses is significant. According to the Australian Bureau of Statistics, 97.2% of Australian businesses are small businesses. Almost none can see what their staff are putting into AI tools. An employee pastes a board paper into a browser prompt. Another emails a document to their personal account and feeds it into a free AI tool on their phone. Neither triggers an alert. The HTTPS connection is visible to the firewall. The content inside it is not. 

The data problem compounds this. When an employee pastes sensitive data into ChatGPT or Gemini, that data moves to servers overseas under terms of service the organisation never negotiated. Australia's Privacy Act does not travel with it. The ability to revoke or retrieve that information is gone. 

Research confirms the scale. A survey of 7,000 workers published by IBM found 38% share sensitive data with AI tools without their employer's permission. An Australian study of 500 technology decision makers found more than one in three upload strategy documents, financials, and customer records into AI platforms with no oversight. IBM's 2025 breach report found shadow AI incidents cost organisations an average of AU$1.03 million more than other breaches, based on IBM's reported figure of USD $670,000. When Software AG asked employees whether they would stop if told to, 46% said no. 

Blocking does not work. As Yonatan Amare says: "If you say no, people will always have a desire to go and find it anyway." Staff move to personal devices and the data leaves regardless. 

"The goal is not to make people afraid of AI," said Rizwan Mahmood, Co-Founder and CEO of GuardWare. "It is to help them use it without putting the organisation at risk. When you help people self-correct and give them a better path, you remove the shadow AI problem almost completely, without touching productivity." 

GuardWare INSIGHT is available now as a standalone product and as part of the GuardWare Data-First Security Suite alongside DISCOVER and PROTECT. It works alongside existing security investments rather than replacing them, closing the blind spots most tools leave open across AI tools, personal cloud storage, and home environments. Contact GuardWare to request a briefing or proof of value at guardware.com. 

ENDS 

Media Contact: 

Tom Finnigan 

E: tom@murfin.au 

M: +61 408 867 367 

 

About GuardWare: 

GuardWare is an Australian cyber security company providing data-centric protection across discovery, monitoring, and persistent encryption. Its suite serves organisations across critical infrastructure, financial services, government, health, legal, education, defence supply chains, manufacturing, mining, engineering, and construction in Australia and internationally. GuardWare PROTECT is the outcome of a collaborative project with UNSW Sydney researchers, supported by funding from Defence Trailblazer, to uplift cyber resilience by protecting data itself. 

www.guardware.com 

 

Source notes: 97.2% of Australian businesses are small businesses: ABS August 2024, via Australian Small Business and Family Enterprise Ombudsman.  

38% share sensitive data without permission: IBM citing CybSafe and National Cybersecurity Alliance, 7,000 employees, 2024.  

More than one in three Australian professionals upload sensitive data: Josys Shadow AI Report 2025, 500 Australian technology decision makers.  

Shadow AI breaches cost USD $670,000 more (AU$1.03M): IBM Cost of a Data Breach Report 2025. 

46% would continue if told to stop: Software AG, 2025.