AI Tools Emerge as Major Data Exfiltration Risk in Enterprises

Reviewed byNidhi Govil

4 Sources

Share

Recent studies reveal that employees are inadvertently leaking sensitive company information through generative AI tools, particularly ChatGPT, posing significant security and compliance risks for enterprises.

The Rise of AI as a Data Exfiltration Channel

Generative AI tools, particularly ChatGPT, have emerged as the leading channel for corporate data exfiltration, surpassing traditional security concerns like shadow IT and unmanaged file sharing. Recent studies by LayerX and Cyera have shed light on this growing issue, revealing alarming trends in enterprise AI usage and its associated risks

1

2

.

Source: TechRadar

Source: TechRadar

Widespread Adoption and Uncontrolled Usage

According to LayerX's Enterprise AI and SaaS Data Security Report 2025, approximately 45% of enterprise employees now use generative AI tools, with ChatGPT dominating the landscape at over 90% usage

1

4

. This rapid adoption has outpaced governance measures, resulting in 67% of AI usage occurring through unmanaged personal accounts

2

.

Data Leakage Through Copy-Paste and File Uploads

The most concerning finding is the prevalence of sensitive data being shared with AI tools. The study reveals that 77% of AI users have been copying and pasting data into their chatbot queries, with 22% of these operations including Personally Identifiable Information (PII) or Payment Card Industry (PCI) data

1

. Additionally, about 40% of file uploads to generative AI sites contain PII/PCI data, with 39% of these uploads coming from non-corporate accounts

2

.

Source: The Register

Source: The Register

The Invisible Threat: Copy-Paste Actions

Traditional data loss prevention tools are ill-equipped to handle this new threat vector. Copy-paste actions within chat windows bypass conventional security measures, appearing as normal web traffic even when they contain confidential information

3

. This creates a significant blind spot for enterprise security teams.

Source: Tom's Guide

Source: Tom's Guide

Implications and Recommendations

The findings underscore the urgent need for enterprises to adapt their security strategies. Recommendations include:

  1. Implementing Single Sign-On (SSO) across all business-critical applications to improve visibility into data flows

    1

    .
  2. Focusing on browser-level security to monitor and control data movement across both sanctioned and shadow tools

    2

    .
  3. Educating employees about the risks of sharing sensitive information with AI tools and establishing clear guidelines for AI usage in the workplace

    3

    .

As AI tools become increasingly integrated into enterprise workflows, addressing these security challenges is crucial to prevent data breaches and maintain regulatory compliance.

TheOutpost.ai

Your Daily Dose of Curated AI News

Don’t drown in AI news. We cut through the noise - filtering, ranking and summarizing the most important AI news, breakthroughs and research daily. Spend less time searching for the latest in AI and get straight to action.

© 2025 Triveous Technologies Private Limited
Instagram logo
LinkedIn logo