For years, many companies viewed artificial intelligence as an emerging technology—promising but not urgent. That perception is now obsolete. A new report from LayerX, a company specializing in AI and browser security, shows that AI has become the primary channel for corporate data exfiltration, surpassing even shadow IT apps and uncontrolled file sharing.
In other words: the real risk isn’t in future leaks, but in the tools your employees are already using today, every day, without oversight.
In just two years, generative AI tools—like ChatGPT, Claude, or Copilot—achieved adoption levels that email took decades to reach. According to LayerX, 45% of employees already use some form of AI tool, and ChatGPT alone has a 43% penetration rate.
AI now accounts for over 11% of all enterprise app activity, placing it alongside major productivity and file-sharing platforms. But this explosive growth comes with a problem: lack of control.
The report notes that 67% of AI sessions happen via personal or unmanaged accounts, leaving security leaders (CISOs) practically blind to what happens with corporate data.
% of Users Accesing Different SaaS Categories (Source: The Hacker News)
Most alarming: data leakage is already occurring. According to the report:
And it’s not just files. The real risk, says LayerX, lies in copy-and-paste.
This makes copy-paste the number one data exfiltration route, far surpassing traditional channels. Worse, current Data Loss Prevention (DLP) solutions don’t even monitor this behavior—they were built for file-based or internal systems.
Read more: HexStrike AI: New Tool Putting Enterprise Cybersecurity to the Test
Many security leaders assume using a corporate account equals a secure environment. LayerX’s data shows the opposite.
In practice, an unfederated corporate account is as insecure as a personal one. Logging in with a work email doesn’t guarantee visibility or control over the data the user handles.
Corporate vs. Non-Corporate Access Across Website Categories (Source: The Hacker News)
While AI is the fastest channel for data exfiltration, instant messaging has become the quietest. According to the report:
This combination of uncontrolled AI and unsupervised chats creates a double blind spot for cybersecurity teams. Data moves constantly between personal tools, corporate platforms, and external services without tracking or timely incident detection.
Result: traditional enterprise security strategies are fighting the wrong war—still focused on servers and files, while the real battle is in the browser.
You might also be interested in: Xanthorox AI: A New Malicious AI Tool Emerges on the Darknet
LayerX underscores that the corporate perimeter has radically shifted. Today, the risk isn’t in internal networks or data servers but in the browser, where employees switch between personal and professional accounts, access AI tools, and move data between platforms with a single click.
This poses a major challenge for security leaders: how to protect data in hybrid, borderless environments.
% of Users that Paste Data to Enterprise Applications (Source: The Hacker News)
The study suggests several strategies for addressing this new era of invisible leaks:
The message of the report is clear: AI is not just transforming productivity—it’s challenging corporate governance.
The tools driving innovation are also the least controlled, and the gap between use and oversight grows daily. For CISOs, this means it’s no longer enough to wait for AI to “mature.” The shift is already happening, and risks multiply while organizations play catch-up.
As LayerX puts it:
“AI isn’t just shaping the future of work. It’s defining the future of data leaks.”
Artificial intelligence is no longer an emerging risk; it’s an active, everyday threat to corporate security. Thousands of employees use ChatGPT, Copilot, or other AI platforms with good intentions but without proper safeguards.
At TecnetOne, we recommend organizations:
The corporate perimeter is no longer within server walls—it’s in each user’s hands. In the age of AI, security must be as smart as the tools challenging it.