Nearly half of all employees are now using generative AI at work, but their method of sharing data with chatbots is flying under the radar of security teams. A new report from browser security firm LayerX reveals that 77% of these AI users copy and paste text directly into services like ChatGPT, and more than one in five of those pastes contain sensitive information such as personally identifiable information (PII) or payment card details. Worse, 82% of these paste actions happen through personal, unmanaged accounts that IT departments can't monitor or control.
The LayerX Enterprise AI and SaaS Data Security Report 2025, based on browser telemetry from enterprise deployments, paints a picture of widespread shadow AI usage that bypasses corporate identity and data controls. It’s not the file uploads or API calls that pose the biggest immediate risk—it’s the humble clipboard, a vector most data loss prevention (DLP) systems aren’t designed to see.
What the LayerX Report Found
LayerX’s data, gathered via an enterprise browser extension, shows that 45% of enterprise employees access generative AI tools. Among those, ChatGPT is the overwhelming favorite, used by over 90% of AI tool users—far outstripping Google Gemini (15%), Claude (5%), and Microsoft Copilot (around 2–3%). The majority (83.5%) stick to just one AI platform, and they often use personal accounts rather than corporate ones.
The numbers on copy-paste and file uploads underscore the visibility gap:
- Copy-paste dominance: 77% of AI tool users paste data into chatbots. Of those pastes, 22% contain PII or PCI data.
- Account blind spot: 82% of pastes originate from unmanaged personal accounts, leaving enterprises with no audit trail.
- File uploads: About 40% of files uploaded to generative AI sites include PII/PCI, with 39% coming from non-corporate accounts.
Shadow IT isn’t limited to AI. LayerX found that 67% of generative AI app usage happens through non-corporate accounts, but the figures for other SaaS categories are even higher: 87% for chat/IM, 60% for online meetings, and 68% for Microsoft Online. The convenience of personal logins erodes governance across the board.
The report’s methodology matters: LayerX monitors browser interactions, not server-side API calls. That means this data shows what’s happening inside the browser window—the most common way employees interact with consumer AI tools—but misses backend integrations. The company’s customer base skews toward large North American enterprises in finance, healthcare, and tech, so the percentages are directional, not a universal average.
What This Means for You
The risks break down differently depending on your role.
For everyday Windows users:
If you’ve ever pasted a snippet of an email, a customer record, or an error log into ChatGPT to get a faster answer, you’re not alone. But that convenience can expose personal or company data to a service that may retain and use what you submit. Even if your organization hasn’t banned AI, using a personal account strips away any protections your employer might have negotiated—like contractual guarantees against training on your data.
For IT and security administrators:
Traditional DLP tools are blind to the clipboard. They’re built to scan files and network flows, not the ephemeral paste action that takes text from an internal app and drops it into a browser tab. This report confirms that the clipboard is the primary exfiltration vector for AI, and most of it happens outside corporate identity controls. You likely have no logs, no alerts, and no way to prove whether a compliance breach occurred. If your organization handles regulated data (PII, PCI, PHI), this gap is a ticking clock.
For developers:
The temptation to paste code into a chatbot for debugging or refactoring is real, but it’s the modern equivalent of uploading source code to a public forum. The Samsung incident in 2023—where engineers uploaded internal code into ChatGPT, prompting a temporary company-wide ban—shows how quickly a productivity shortcut becomes an IP loss. Always use a sanctioned, isolated AI tool for code, and never paste proprietary logic into a consumer chatbot.
For business leaders:
Shadow IT isn’t malicious; it’s a result of employees trying to get work done with the best tools available. Banning ChatGPT outright rarely works—it just drives usage deeper underground. The report’s finding that ChatGPT has higher enterprise penetration than Slack, Salesforce, or Atlassian indicates that employees see generative AI as essential. The answer is to give them safe, approved alternatives and put lightweight guardrails in place.
How We Got Here: The Rise of Shadow AI
Generative AI’s workplace explosion caught many organizations off guard. When ChatGPT launched in late 2022, it was a novelty. By early 2023, employees were using it for drafting emails, summarizing meetings, analyzing data, and writing code—often without asking IT. The productivity gains were real, but so were the risks.
High-profile incidents pushed the issue into boardrooms. In May 2023, Samsung’s engineering division discovered that employees had pasted proprietary source code and meeting notes into ChatGPT, leading the company to restrict its use on company devices. Banks like JPMorgan Chase and Goldman Sachs imposed similar bans. These actions made headlines, but they were reactive—dealing with the symptom rather than the root cause.
The root cause is structural: enterprise security architectures are built around files, emails, and network connections. The clipboard falls through the cracks. Meanwhile, AI providers’ consumer terms often lack the enterprise-grade privacy commitments that regulated industries require. Most employees don’t read those terms, and even if they did, the immediate utility of a chatbot outweighs abstract worries about data retention.
Microsoft’s own position further complicates governance. The company recently announced it would support personal Copilot accounts within Microsoft 365 tenants—a move that some see as a concession to ChatGPT’s dominance. For administrators trying to enforce SSO and data controls, allowing personal AI accounts alongside corporate ones blurs the line even more.
What to Do Now: Actionable Steps
The good news: the clipboard problem is fixable with a combination of identity enforcement, browser-level controls, and employee training. Here’s a prioritized list for immediate and medium-term action.
Immediate actions (0–90 days)
-
Enforce SSO for all AI tools.
Require corporate logins for ChatGPT, Gemini, Claude, and any other generative AI service that offers enterprise authentication. Block personal account access through your secure web gateway or cloud access security broker (CASB). For Microsoft environments, use Conditional Access policies to limit access to approved AI applications. -
Deploy browser-level security.
Since most AI interactions happen in the browser, you need visibility there. Use enterprise browser extensions or endpoint DLP agents that can detect paste events to untrusted domains and block or warn when sensitive content is detected. Microsoft Defender for Cloud Apps can integrate with Edge to discover shadow AI usage, and third-party tools like LayerX specialize in this layer. -
Update acceptable use policies.
Explicitly prohibit pasting PII, PCI, PHI, credentials, or proprietary code into consumer AI chatbots. Don’t just add a line to the handbook—create a short, role-specific policy that includes examples and lists approved alternatives. -
Run targeted training.
Focus on the teams most likely to handle sensitive data: legal, HR, finance, and R&D. Teach them prompt hygiene: redact personal information, use synthetic data examples, and minimize what they share. Show them the approved tools and workflows they should use instead. -
Audit browser extensions.
Generative AI browser extensions often request broad permissions, including reading all page content. Block or whitelist extensions through Group Policy (for Edge or Chrome) or your endpoint management platform. Remove any that aren’t approved. -
Centralize and rotate API keys.
If your organization uses AI APIs, ensure keys aren’t hardcoded in scripts or repositories. Use a secrets manager and enforce rotation. Limit API access to sanctioned service accounts.
Medium-term controls (3–12 months)
- Deploy enterprise AI or private instances.
For high-sensitivity workflows, consider an enterprise version of ChatGPT, Microsoft Copilot with tenant isolation, or a self-hosted large language model (LLM) that offers contractual guarantees against training and data retention. - Integrate semantic DLP.
Traditional pattern-matching DLP can miss sensitive data in unstructured text. Semantic analysis tools that understand context can flag potential exposures more accurately. - Implement logging and audit trails.
For sanctioned AI tools, log prompts, responses, and user identities with tamper-evident storage. This metadata is critical for incident response and compliance audits. - Update vendor contracts.
Ensure AI vendor agreements include clauses on data usage, deletion, breach notification, and the right to conduct forensic investigations.
What to Watch Next
AI adoption isn’t slowing down—LayerX’s data shows gen AI already accounts for 11% of all enterprise application usage, trailing only email and online meetings. Vendors are scrambling to add enterprise controls, and regulators are starting to pay attention. In the coming year, expect clipboard-focused DLP features to become standard in endpoint security suites, and more organizations will mandate browser isolation for AI interactions. The clipboard blind spot won’t disappear on its own, but with the right moves now, you can close it before it leads to a headline-grabbing breach.