A staggering 8.5 percent of employees have pasted sensitive company information into generative AI tools like ChatGPT, unwittingly handing trade secrets, financial data, and customer details to third-party platforms with porous privacy controls. This finding, from a new report by security firm Harmonic, exposes a silent yet accelerating crisis: the accidental insider turned corporate espionage vector. The same conversational AI that drafts emails and brainstorms strategy is also logging proprietary data, often with little oversight, turning everyday productivity into a security nightmare.
Anna Collard, SVP of Content Strategy at KnowBe4 Africa, calls it a “security time bomb.” “Because GenAI feels casual and friendly, people let their guard down,” she explains. “They might reveal far more than they would in a traditional work setting—interests, frustrations, company tools, even team dynamics.” Those innocuous snippets, when aggregated, can give threat actors a detailed profile of a company, enabling precise, targeted attacks.
The Accidental Insider: How a Single Prompt Can Expose a Company
Unlike classic insider threats—premeditated acts of sabotage—these leaks stem from employees simply trying to do their jobs faster. A report by Harmonic found that 54 percent of sensitive data leaks occur through free-tier generative AI apps like ChatGPT, driven by “permissive licensing and lack of control.” The scenarios are mundane but damaging: an employee asks ChatGPT to “rewrite this proposal for client X” or “suggest improvements to our internal performance review template.” In doing so, they may expose not only the client’s identity but also proprietary methodologies, pricing structures, and internal metrics.
Collard notes that even junior staff, often without comprehensive risk training, can inadvertently share customer billing information, authentication credentials, or data protected by regulations like GDPR or South Africa’s POPIA. The repercussions can be severe: regulatory fines, lawsuits, and irreparable reputational harm. “When employees feed confidential information into public GenAI tools, they can inadvertently expose their entire company,” she says. “That includes client data, internal operations, product strategies—things that competitors, attackers, or regulators would care deeply about.”
The Trust Trap: Why Free Tools Are a Frontline Risk
Generative AI’s immense utility has made it indispensable. Tools like ChatGPT and Microsoft Copilot promise productivity boosts and streamlined workflows, but their free tiers often lack enterprise-grade safeguards. Users assume that a brand’s recognition equates to security, but even major platforms like OpenAI retain the right to review prompts and, in some configurations, use inputs to retrain models. For the 54 percent of leaks attributed to free tools, the combination of easy access and vague data policies creates a perfect storm.
“Many people don’t realise just how much sensitive information they’re inputting,” Collard warns. When a manager requests help refining a quarterly financial summary, they might paste raw spreadsheets into a chat window. That data travels to servers outside the company’s control, where it could be stored indefinitely, accessed by developers, or exposed in a breach. The 8.5 percent figure isn’t just a statistic—it represents thousands of individual leaks daily, each a potential entry point for espionage.
Niche AI Apps: The Accelerant
If free-tier giants are a concern, the explosion of niche generative AI platforms is a crisis. Collard points to a surge of “apps for generating product mock-ups, social posts, songs, resumes, or legalese,” often built by small teams using open-source foundation models. Unlike OpenAI, which faces intense public scrutiny, these smaller startups rarely undergo rigorous penetration testing or security audits. Their data usage policies are frequently opaque or overly permissive, leaving users blind to how their inputs are harvested, stored, or sold.
The speed of innovation outpaces corporate IT’s ability to vet these tools. An employee might download a trending AI marketing assistant, feed it client campaign strategies, and never consider that the developer could monetize that data. Harmonics’ report underscores that such tools, buoyed by viral hype, multiply the attack surface exponentially.
AI Partner Apps: Espionage Masquerading as Entertainment
Even more insidious are so-called “AI partner” applications—chatbots designed to mimic celebrities or fictional characters. Security researchers have found that these apps contain thousands of lines of code dedicated solely to siphoning user data. When millions of users casually tell their AI companion about their viewing habits or daily routines, that information becomes a goldmine for advertisers and data brokers, often without meaningful consent.
Scale this to a corporate context: an employee might mention a stressful work project or a client’s name during a chat, thinking it’s private. That detail, combined with other signals, can help profile the company for social engineering attacks. “These seemingly benign details can be used by threat actors to create a company profile, allowing them to execute a more precise attack,” Collard explains. The line between consumer privacy and corporate security has all but evaporated.
Building Defense-in-Depth: From AI Hygiene to Enterprise Controls
Collard and other experts insist that education is the first line of defense. “Cyber hygiene now includes AI hygiene,” she says. Employees must learn to distinguish between safe and unsafe inputs and understand which tools are approved for work. That means moving beyond one-time training sessions to continuous awareness campaigns, reinforced with real-world examples and simulated phishing-style exercises.
But policy without enforcement is empty. Security leaders must deploy technical safeguards: network-level blocking of unvetted AI domains, monitoring of prompts on sanctioned platforms, and strict whitelisting of enterprise-grade solutions. Custom-built AI platforms or enterprise agreements with providers like Microsoft Copilot offer contractually guaranteed data handling, encryption, and region-specific compliance.
Collard advocates for a zero-trust approach to AI tools: “Businesses must train their employees on which tools are ok to use, and what’s safe to input and what isn’t. And they should implement real safeguards—not just policies on paper.” That includes regular third-party risk assessments, penetration testing, and privacy audits before onboarding any new generative AI solution.
A Regulatory Grey Zone and the Path Forward
While GDPR and POPIA provide frameworks for personal data, corporate intellectual property often falls into a regulatory gap. Companies operating across jurisdictions must navigate a patchwork of obligations, but waiting for regulation is a losing strategy. The Harmonic report makes clear that the threat is immediate and growing.
Looking ahead, the boundaries between personal and enterprise AI use will blur further. The same employee who uses ChatGPT for a weekend recipe may, minutes later, upload a confidential board presentation. Without clear segregation and ongoing education, each interaction risks a leak. The mantra for the next decade must evolve: just as “don’t click suspicious links” became a cybersecurity reflex, “don’t tell the AI your secrets” must enter the corporate lexicon.
For CISOs, the brief is unambiguous: assume every prompt to a public AI tool could become public. Operationalize AI policies through active monitoring, continuous education, and rigorous vetting. Only then can businesses harness generative AI’s transformative power without becoming its unwitting victims.