TLDR: A recent study by Harmonic Security indicates that nearly one in twelve employees worldwide are utilizing Chinese generative AI tools, with DeepSeek being the most popular. The research highlights a concerning trend of sensitive business data, including proprietary code and M&A details, being exposed through these platforms, prompting calls for enhanced employee education and robust data governance policies.
London, UK – July 18, 2025 – A groundbreaking new study released by Harmonic Security reveals that a substantial portion of the global workforce is actively engaging with Chinese-developed generative artificial intelligence (GenAI) tools, raising significant concerns about data security and corporate compliance. The research, based on a 30-day behavioral analysis of approximately 14,000 employees across the United Kingdom and the United States, found that 7.95% – nearly one in twelve – are using at least one Chinese GenAI application in their professional capacity.
The study pinpoints DeepSeek as the dominant player in this landscape, accounting for a staggering 85% of all observed Chinese GenAI tool usage. Other notable platforms frequently accessed by employees include Moonshot Kimi, Qwen, Baidu Chat, and Manus.
Alarmingly, the research uncovered widespread incidents of sensitive data exposure. Among the 1,059 users identified as engaging with Chinese GenAI tools, Harmonic Security detected 535 separate incidents where confidential information was compromised. The breakdown of exposed data types is particularly concerning: code and development artifacts constituted the largest category at 32.8%, encompassing proprietary code, access keys, and internal logic. This was followed by mergers and acquisitions (M&A) data at 18.2%, personally identifiable information (PII) at 17.8%, financial information at 14.4%, customer data at 12.0%, and legal documents at 4.9%.
Alastair Paterson, CEO and co-founder of Harmonic Security, issued a stark warning regarding the implications of this trend. “All data submitted to these platforms should be considered property of the Chinese Communist Party, given a total lack of transparency around data retention, input reuse, and model training policies, exposing organizations to potentially serious legal and compliance liabilities,” Paterson stated. He acknowledged, however, the inherent appeal of these tools: “But these apps are extremely powerful, with many outperforming their US counterparts, depending on the task. This is why employees will continue to use them, but they’re effectively blind spots for most enterprise security teams.”
The findings underscore a critical challenge for enterprise security teams, who often remain unaware of this shadow IT usage. Paterson advocates for a proactive and educational approach rather than outright bans. He recommends that organizations prioritize training employees on the inherent risks associated with unsanctioned GenAI tools, particularly those hosted in China. Furthermore, he suggests providing approved, secure GenAI alternatives that meet both developer and business needs. Enforcing clear policies to prevent the upload of sensitive data, especially source code, to unauthorized applications is also crucial.
Paterson emphasized the effectiveness of nuanced strategies, noting that organizations implementing “light-touch guardrails and nudges” can achieve up to a 72% reduction in sensitive data exposure while simultaneously boosting AI adoption by as much as 300%. This approach contrasts sharply with blanket blocking, which is often ineffective and can hinder innovation within an organization.
Also Read:
- AI-Driven API Proliferation Outpaces Security Measures, Posing Significant Business Risks
- Metomic Unveils New AI Data Security Solutions to Counter Enterprise AI Adoption Risks
This study serves as a critical reminder for businesses worldwide to reassess their AI governance strategies and invest in comprehensive security measures to protect their most valuable assets in an increasingly AI-driven workplace.
