Every time someone on your team pastes text into ChatGPT, that data leaves your network. The question is whether you know what's in it.
Key Takeaways
- 68% of organisations have already experienced data leakage from employees sharing sensitive information with AI tools
- Among employees who paste data into AI tools, more than half of those paste events contain corporate information
- Traditional DLP doesn't catch AI data leakage because it happens through copy-paste in the browser, not file transfers or email
- The World Economic Forum's 2026 outlook found GenAI data leaks now outrank adversarial AI as the top concern for security leaders
A developer pastes a code snippet into ChatGPT to debug an error. Buried in that snippet is an API key and a database connection string. A finance manager uploads a spreadsheet to get help building a formula. That spreadsheet contains quarterly revenue figures and client billing data. A recruiter pastes a candidate's CV to draft interview questions. That CV has a home address, phone number, and employment history.
None of these people are doing anything malicious. They're doing their jobs. And every one of them just sent sensitive data to a third-party AI platform.
The numbers are worse than you think
According to Metomic's 2025 State of Data Security Report, 68% of organisations have experienced data leakage specifically from employees sharing sensitive information with AI tools. Only 23% have formal policies to address it.
LayerX Security's enterprise monitoring data paints an even sharper picture. Among employees who paste data into GenAI tools, the average is 6.8 paste events per day. More than half of those contain corporate information. That's not a rounding error. That's a stream of sensitive data flowing out of your organisation every working hour.
And Harmonic Security found that 8.5% of all employee prompts to popular AI tools include sensitive data. Across a team of 30 people, that adds up fast.
The World Economic Forum's Global Cybersecurity Outlook 2026 captured the shift in thinking at the executive level. GenAI data leaks (34%) now outrank adversarial AI capabilities (29%) as the top concern for security leaders. That's a reversal from 2025, when offensive AI dominated the conversation. The risk everyone's waking up to isn't hackers using AI against you. It's your own team accidentally feeding your data to AI.
Why traditional security misses it
Most data loss prevention tools were built for a different era. They watch email attachments, USB drives, file uploads to cloud storage, and network traffic. They're good at catching someone emailing a spreadsheet to their personal account.
AI data leakage doesn't work like that.
When someone copies text from a document and pastes it into a ChatGPT browser tab, nothing triggers a traditional DLP alert. There's no file transfer. No attachment. No download. It's just text moving from one browser tab to another. Your firewall sees HTTPS traffic to api.openai.com. It has no idea what's in the request.
Network monitoring tools can tell you that people are visiting ChatGPT. They can't tell you that someone just pasted your client list into it.
This is why Netskope's 2026 Cloud and Threat Report found that data policy violations from GenAI use have doubled in the past year. The tools organisations rely on weren't designed for this threat.
Free tiers make it worse
Not all AI tool usage carries the same risk. Enterprise versions of ChatGPT, Claude, and similar tools typically include contractual commitments not to train on your data. Free tiers usually don't.
Harmonic Security found that 54% of sensitive prompts were entered on ChatGPT's free tier. That matters because free-tier terms generally allow the provider to use your inputs for model training. Once your data enters a training pipeline, you can't get it back. It's not like deleting an email.
Nearly half of employees using AI at work are still doing so through personal accounts, according to Netskope. That's down from 78% the year before, which suggests governance efforts are having some effect. But 47% is still a lot of unmonitored, unprotected AI usage happening on personal accounts with consumer-grade privacy terms.
What actually leaks
It's worth understanding what types of data people share with AI tools, because it's not just casual questions.
Source code is one of the most common. Developers paste code to debug, refactor, or generate tests. That code often contains credentials, internal URLs, proprietary logic, and comments that reference client names or internal systems.
Customer data is another. Sales and support teams paste email threads, CRM notes, and client briefs into AI tools to draft responses. Those threads contain names, company details, contract terms, and sometimes financial information.
Internal documents show up regularly too. People paste sections of reports, strategy documents, HR policies, and board papers to get help with summarising, editing, or reformatting. Verizon's 2025 Data Breach Investigations Report found that 33% of all compromised records involved company intellectual property, making it the most costly category at $178 per record.
Legal content is particularly sensitive. Contract clauses, settlement details, and legal opinions pasted into AI tools can waive privilege protections. Once confidential legal information enters a third-party system, the argument for privilege becomes much harder to defend.
The problem with doing nothing
Some organisations treat AI data leakage as a theoretical risk. The numbers say otherwise. But even setting aside the statistics, the regulatory environment is tightening.
The EU AI Act requires deployers to have visibility into how AI systems operate and what data they process. Australia's Privacy Act reforms are increasing obligations around data handling. And ISO 42001 expects organisations to demonstrate active governance over AI use.
Beyond compliance, there's a practical business risk. Client contracts increasingly include clauses about how their data is handled. If a client discovers their confidential information was pasted into a consumer AI tool by your team, that's not just a policy violation. It's a relationship problem.
Catching it at the right point
Effective AI data protection needs to work where the data actually moves: in the browser, at the moment of the prompt.
Network-level blocking is too blunt. Banning AI tools entirely pushes usage underground onto personal devices where you have zero visibility. And it costs you the genuine productivity benefits that AI tools provide.
The better approach is detection and intervention at the prompt level. When someone is about to paste sensitive content into an AI tool, they see a warning. They can choose to redact the sensitive parts, edit their prompt, or proceed with a documented justification. The data stays protected, but the workflow doesn't stop.
This works because most AI data leakage isn't intentional. People aren't trying to exfiltrate data. They just don't think about what's in their clipboard when they paste. A prompt-level intervention gives them a moment to think about it.
What good looks like
Organisations handling AI data protection well share a few common traits.
They know what's happening. They have visibility into which AI tools their team uses, how often, and what categories of data are being shared. Not guesses. Actual data.
They catch sensitive content before it leaves. Pattern detection at the browser level identifies things like credit card numbers, API keys, client names, and code with credentials. The user gets a warning before the data goes anywhere.
They keep records. When someone overrides a warning, that decision is logged. When an intervention prevents a data exposure, that's recorded too. This creates the audit trail that regulators and clients expect.
And they do it without slowing people down. The goal isn't to make AI harder to use. It's to make it safer. Teams that feel monitored and restricted will find workarounds. Teams that feel supported will follow the process.
Start with what you can see
You can't protect data you don't know is leaving. The first step isn't buying tools or writing policies. It's getting visibility into what's actually happening right now.
How many AI prompts does your team send per week? What percentage contain sensitive data? Which tools are they using? Are they on enterprise accounts or free tiers?
Once you can answer those questions, everything else gets easier. Policies become evidence-based instead of guesswork. Training targets the actual risks instead of generic warnings. And you can demonstrate to clients, auditors, and regulators that you take data protection seriously.
AI data leakage isn't a future problem. It's happening in your organisation right now. The only question is whether you can see it.