Security News New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

Miravi

Miravi

Level 3
Well-known
Aug 31, 2024
117
723
167
USA
Content source
https://thehackernews.com/2025/10/new-research-ai-is-already-1-data.html
For years, security leaders have treated artificial intelligence as an "emerging" technology, something to keep an eye on but not yet mission-critical. A new Enterprise AI and SaaS Data Security Report by AI & Browser Security company LayerX proves just how outdated that mindset has become. Far from a future concern, AI is already the single largest uncontrolled channel for corporate data exfiltration—bigger than shadow SaaS or unmanaged file sharing.

The findings, drawn from real-world enterprise browsing telemetry, reveal a counterintuitive truth: the problem with AI in enterprises isn't tomorrow's unknowns, it's today's everyday workflows. Sensitive data is already flowing into ChatGPT, Claude, and Copilot at staggering rates, mostly through unmanaged accounts and invisible copy/paste channels. Traditional DLP tools—built for sanctioned, file-based environments—aren't even looking in the right direction.

From "Emerging" to Essential in Record Time

In just two years, AI tools have reached adoption levels that took email and online meetings decades to achieve. Almost one in two enterprise employees (45%) already use generative AI tools, with ChatGPT alone hitting 43% penetration. Compared with other SaaS tools, AI accounts for 11% of all enterprise application activity, rivaling file-sharing and office productivity apps.

The twist? This explosive growth hasn't been accompanied by governance. Instead, the vast majority of AI sessions happen outside enterprise control. 67% of AI usage occurs through unmanaged personal accounts, leaving CISOs blind to who is using what, and what data is flowing where.
Click to expand...
thehackernews.com

New Research: AI Is Already the #1 Data Exfiltration Channel in the Enterprise

LayerX finds AI tools now drive most enterprise data leaks, with 77% of sensitive data pasted via personal accounts.
thehackernews.com thehackernews.com
 
  • Like
  • +Reputation
  • Hundred Points
Reactions: Khushal, Victor M, Wrecker4923 and 3 others
Thats a mis-use of the term data exfiltration I think. Until an adversary can tap into this AI stream, no 'data exfiltration' has occurred. The org may have lost data, but not to adversaries
 
  • Like
Reactions: Wrecker4923 and Khushal

You may also like...

Top Bottom
Back