LayerX Security’s State of AI Usage 2026 shows that a tiny fraction of employees generate the majority of AI conversations and expose the most sensitive data. The report highlights the dominance of ChatGPT, the rise of Copilot, the explosion of shadow AI tools, and the growing threat from personal accounts and browser extensions. Security leaders are given a practical roadmap to focus on high‑risk users, enforce corporate identities, and deploy inline AI guardrails.
A fragmented AI ecosystem is leaving enterprises blind to their biggest risk
LayerX Security’s State of AI Usage Report 2026 (full report here) paints a stark picture: while almost half of enterprise employees have chatted with an AI tool in the past year, only 18 % do so weekly. That sounds like a modest exposure, but the data tells a different story. The top 5 % of users—dubbed AI power users—account for more than half of all AI conversations and generate 18 prompts per conversation on average, versus the organization‑wide average of two.
“What surprised us most was not the volume of AI usage, but the concentration of risk,” says Dr. Maya Patel, senior research director at LayerX. “A handful of users are effectively the attack surface for AI‑related data loss.”
These power users hop across multiple platforms, stitch together long prompt chains, and often operate with personal accounts that sit outside corporate visibility. The result is a high‑risk, low‑visibility problem that traditional AI governance models simply cannot address.
Platform dominance: ChatGPT still leads, Copilot closes the gap
| Platform | Share of enterprise users | Share of AI conversations |
|---|---|---|
| ChatGPT | 36 % | 55 % |
| Copilot (Microsoft 365) | 29 % | 24 % |
| Gemini (consumer) | 12 % | 8 % |
| Others (Claude, DeepSeek, etc.) | 23 % | 13 % |
ChatGPT’s dominance matters because its users are far more active than those on competing services. Copilot’s rapid rise—driven by corporate‑managed Microsoft environments—means a growing portion of AI work is happening inside a platform that can be more tightly controlled. However, Gemini and other consumer‑oriented tools remain largely accessed through personal accounts, creating a blind spot for data‑sensitive workloads.
James Liu, VP of Cloud Security at SecureSphere, notes, “When an employee runs a ChatGPT prompt from a personal Gmail, we lose any ability to enforce retention policies or audit model‑training exposure. That’s a governance nightmare.”
Shadow AI is no longer a single rogue chatbot
The report expands the definition of shadow AI to include:
- AI browser extensions (15 % of users run at least one)
- Embedded copilots in SaaS products
- AI‑powered search engines and code assistants
- Connectors that link AI directly to SharePoint, GitHub, Slack, Atlassian, Google Workspace, etc.
Nearly 30 % of users juggle multiple AI platforms, and the top 5 % interact with six or more distinct tools. These “long‑tail” applications often request high or critical browser permissions and 16 % are already known to have vulnerabilities.
Sensitive data is already flowing to AI services
LayerX identified that 6 % of enterprise AI conversations contain sensitive information. The breakdown is:
- Personal data – 5.81 %
- Financial data – 0.45 %
- IT‑related data – 0.34 %
The highest exposure rates belong to:
- DeepSeek – 12.63 % of its conversations include sensitive data
- ChatGPT – 8.38 %
- Copilot (M365) – 3.65 %
These numbers confirm that risk is platform‑specific. Consumer‑grade AI services see far riskier usage patterns, while enterprise‑grade tools benefit from tighter policy enforcement.
What CISOs should do next
1. Identify and monitor high‑risk AI power users
- Deploy user‑behavior analytics that flag accounts with >100 AI conversations per month or average prompt chain length >10.
- Prioritize these users for targeted training and tighter access controls.
2. Enforce corporate AI identities
- Block the use of personal AI accounts on corporate networks.
- Require single‑sign‑on (SSO) for all AI services, including third‑party chatbots.
- Audit any remaining personal licenses for compliance.
3. Deploy inline AI guardrails instead of blunt “allow/deny” policies
- Use solutions that inspect prompts and uploads in real time, redacting or blocking sensitive data before it reaches the model.
- Integrate with DLP platforms to enforce the same policies used for email and file sharing.
4. Gain visibility into browser extensions and connectors
- Adopt endpoint detection and response (EDR) tools that can enumerate installed extensions and their permission levels.
- Regularly scan for known vulnerable extensions (e.g., those listed in the NVD or CVE‑2026‑42945 for NGINX‑related AI services).
- Require a software‑bill‑of‑materials (SBOM) for any AI connector deployed in the environment.
5. Create a tiered governance model
| Tier | Description | Controls |
|---|---|---|
| Enterprise‑native AI | Managed platforms like Copilot, Gemini Enterprise | Full SSO, DLP, audit logs |
| Consumer‑grade AI with corporate accounts | ChatGPT, Claude accessed via corporate credentials | Prompt monitoring, data‑loss prevention |
| Personal AI usage | Personal accounts, browser extensions, third‑party connectors | Block or quarantine, require justification |
Closing thoughts
The LayerX report makes it clear that AI risk is not evenly spread. A small cohort of power users, a handful of dominant platforms, and a growing long tail of shadow tools are the real sources of exposure. Security teams that continue to treat AI like any other SaaS application will miss the most dangerous activity.
“The future of AI governance is about visibility first, then intelligent mitigation,” asserts Dr. Patel. “If you can’t see the conversation, you can’t protect the data.”
CISOs should start by mapping AI usage, locking down personal identities, and implementing inline guardrails that protect data without throttling productivity. The tools are there; the challenge is applying them where the risk is highest.
Download the full State of AI Usage 2026 report here and begin the audit of your organization’s AI footprint today.
Comments
Please log in or register to join the discussion