- GenAI tools like ChatGPT are redefining Shadow IT risks in corporate environments, report finds
- Employees pasted PII/PCI into GenAI tools, mostly from unmanaged personal accounts
- Enterprises face major blind spots in data leakage and compliance due to unmonitored GenAI use, experts say
ChatGPT and other Generative Artificial Intelligence (GenAI) tools are transforming what “risk of Shadow IT” means, new research has found, as employees are becoming a little too open – and many have even provided the tool with Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers willingly.
Shadow IT is the practice of using programs and apps in a business environment that weren’t approved or otherwise vetted by the IT security department. Employees often use apps they’re not allowed to because it’s easy and convenient – things like web-based image-to-pdf converters, WhatsApp, personal cloud storage solutions like Dropbox, and similar.
But research from LayerX claims this is opening up companies to all sorts of cyber-risks, from introducing malware and ransomware to corporate infrastructure, to leaking sensitive data via unprotected cloud storage, or uploading classified documents to shady services.
Pasting secrets
The company’s latest Enterprise AI and SaaS Data Security Report 2025 found almost half (45%) of enterprise employees are now using generative AI in one form or another.
Of those, more than three-quarters (77%) have been copying and pasting data into the tool, and almost a quarter (22%) have done the same with PII/PCI.
“With 82 percent of pastes coming from unmanaged personal accounts, enterprises have little to no visibility into what data is being shared, creating a massive blind spot for data leakage and compliance risks,” the report says.
Furthermore, roughly two in five files uploaded to generative AI sites also contain this type of information, while 39% of these uploads came from non-corporate accounts.
ChatGPT is by far the most popular GenAI tool, with more than 90% of employees using it. The vast majority (around 83%) use just one tool. Other notable mentions include Gemini (15%), Claude (5%), and Copilot (around 3%).
Via The Register
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
You might also like
- AI tools are being increasingly abused to launch cyberattacks
- Take a look at our guide to the best authenticator app
- We’ve rounded up the best password managers
