Shadow AI Leakage: Study Finds 77% of Employees Paste Sensitive Data into ChatGPT from Unsecured Accounts

According to a LayerX report, thousands of corporate users are inputting personal and payment data into ChatGPT prompts—often from personal, unsecured accounts. Researchers are observing a growing leakage of critically sensitive information through generative AI services, ranging from names and addresses to bank card numbers and fragments of proprietary corporate code.

LayerX monitors user activity via a browser extension and claims that 45% of office employees now use generative models in their work. Of these, 77% copy text directly into chat interfaces, and 22% of those inputs contain sensitive data — either personal or financial. In 82% of cases, the requests are sent outside corporate infrastructure from private accounts, leaving organizations unable to monitor or protect the data. A similar pattern appears in file uploads: about 40% of uploaded documents contain confidential information, nearly half of which originate from personal devices.

LayerX emphasized that such behavior poses not only a data security threat but could also have geopolitical repercussions — particularly when employees rely on foreign AI platforms such as China’s Qwen. The researchers recalled that in 2023, Samsung temporarily banned the use of ChatGPT after an engineer accidentally uploaded portions of proprietary source code to the model.

The report also found that ChatGPT has effectively become the de facto corporate standard, with 9 out of 10 employees using it—far outpacing competitors such as Google Gemini (15%), Claude (5%), and Copilot (around 2–3%). ChatGPT’s overall enterprise adoption has reached 43%, nearly rivaling the popularity of Zoom (75%) and Google services (65%), while significantly surpassing Slack (22%), Salesforce (18%), and Atlassian (15%).

While Microsoft continues to allow users to sign into Copilot with personal accounts, LayerX criticizes this approach as a direct encouragement of shadow IT practices. The study revealed that unauthorized use of applications outside corporate oversight occurs in 67% of interactions with AI tools, 87% with messaging apps, 77% with Salesforce, and 68% with Microsoft Online.

Overall, generative AI models now account for 11% of all office software usage, a figure comparable to that of email and online meetings. LayerX urges companies to implement mandatory Single Sign-On (SSO) authentication and to strengthen oversight of what data employees share with neural networks.

Support Our Threat Intelligence

If you find our technology report and cybersecurity news helpful, consider supporting our work.

Buy Me a Coffee PayPal Crypto

USDT (TRC20):

TN8BdV8cp4T1Cd28gK9qTAnZknzzuwyUtm Copy

USDT (ERC20):

0x3725e1a7d3bc5765499fa6aaafe307fabcd75bce Copy