TLDR: A new report by AI and browser security company LayerX reveals that artificial intelligence tools have become the leading channel for corporate data exfiltration, surpassing shadow SaaS and unmanaged file sharing. The rapid, ungoverned adoption of generative AI, particularly through personal accounts and copy-and-paste functions, is identified as the main driver of this significant security risk.
Artificial intelligence has rapidly ascended to become the single largest uncontrolled channel for corporate data exfiltration within enterprises, according to a recent report from AI and browser security company LayerX. The comprehensive research, grounded in real-world enterprise browsing telemetry, underscores that the threat posed by AI is not a distant future concern but a present-day reality actively unfolding in everyday business workflows.
The study highlights that sensitive corporate data is already flowing into popular generative AI tools such as ChatGPT, Claude, and Copilot at an alarming rate. This leakage primarily occurs through unmanaged personal accounts and, notably, the ubiquitous copy-and-paste function, which traditional security measures often overlook.
LayerX’s findings indicate a staggering pace of AI adoption, with these tools achieving a level of penetration in just two years that took other technologies decades to reach. Nearly half of all enterprise employees (45%) are now utilizing generative AI, with ChatGPT alone boasting a 43% penetration rate across organizations. Consequently, AI now accounts for a significant 11% of all enterprise application activity, rivaling established platforms like file-sharing and office productivity applications.
This explosive growth, however, has largely proceeded without adequate governance. The report reveals that a substantial 67% of AI usage occurs through unmanaged personal accounts. This lack of oversight leaves corporate security teams with critical blind spots, as they have no visibility into which employees are leveraging specific AI tools or what sensitive data is being shared.
Also Read:
- AI Regulatory Non-Compliance Expected to Drive 30% Surge in Tech Legal Disputes by 2028
- Australian Trust in Digital Services Erodes Amidst Rising AI Adoption and Data Security Concerns
Alarming trends were also uncovered regarding the methods of data leakage. File uploads into generative AI tools are a significant vector, with 40% of such files containing personally identifiable information (PII) or payment card industry (PCI) data. Furthermore, nearly four out of ten of these sensitive uploads are conducted using personal, unmanaged accounts. Critically, the report identifies the copy-and-paste function as the number one vector for corporate data leaving enterprise control, a channel largely unaddressed by conventional security programs focused on file attachments and unauthorized uploads.
