Watch out - your workers might be pasting company secrets into ChatGPT

News
By published

They're often accessing ChatGPT from private accounts, too

A man in a suit using a laptop with a projected display showing a mockup of the ChatGPT interface.
(Image credit: Shutterstock)
  • GenAI tools like ChatGPT are redefining Shadow IT risks in corporate environments, report finds
  • Employees pasted PII/PCI into GenAI tools, mostly from unmanaged personal accounts
  • Enterprises face major blind spots in data leakage and compliance due to unmonitored GenAI use, experts say

ChatGPT and other Generative Artificial Intelligence (GenAI) tools are transforming what “risk of Shadow IT” means, new research has found, as employees are becoming a little too open - and many have even provided the tool with Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers willingly.

Shadow IT is the practice of using programs and apps in a business environment that weren’t approved or otherwise vetted by the IT security department. Employees often use apps they’re not allowed to because it’s easy and convenient - things like web-based image-to-pdf converters, WhatsApp, personal cloud storage solutions like Dropbox, and similar.

But research from LayerX claims this is opening up companies to all sorts of cyber-risks, from introducing malware and ransomware to corporate infrastructure, to leaking sensitive data via unprotected cloud storage, or uploading classified documents to shady services.

Pasting secrets

The company’s latest Enterprise AI and SaaS Data Security Report 2025 found almost half (45%) of enterprise employees are now using generative AI in one form or another.

Of those, more than three-quarters (77%) have been copying and pasting data into the tool, and almost a quarter (22%) have done the same with PII/PCI.

"With 82 percent of pastes coming from unmanaged personal accounts, enterprises have little to no visibility into what data is being shared, creating a massive blind spot for data leakage and compliance risks," the report says.

Furthermore, roughly two in five files uploaded to generative AI sites also contain this type of information, while 39% of these uploads came from non-corporate accounts.

ChatGPT is by far the most popular GenAI tool, with more than 90% of employees using it. The vast majority (around 83%) use just one tool. Other notable mentions include Gemini (15%), Claude (5%), and Copilot (around 3%).

Via The Register

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.