Fresh analysis is sending shockwaves through the cybersecurity community, suggesting that the most significant source of enterprise ai risk isn’t a foreign adversary, but a small, hyper-productive group of internal employees. The “State of AI Usage Report 2026” from LayerX Security finds that while almost half of employees have dabbled in AI, a tiny 5% of “power users” are responsible for a disproportionate amount of AI activity and, critically, sensitive data exposure. This concentration of risk in a select few highlights a dangerous blind spot in how most organizations currently perceive and manage the technology.
Table of Contents
The data suggests that these power users generate far more conversations and deeper prompt chains, creating a massive, often unmonitored, channel for proprietary data to leak into public AI models. This isn’t a theoretical vulnerability; it’s an active and growing threat vector hiding in plain sight.
Mapping the True AI Footprint
To fully grasp the challenge, it’s essential to look beyond sanctioned tools. The modern enterprise AI landscape is a fragmented ecosystem. While companies roll out governed platforms like Microsoft 365 Copilot, employees are simultaneously using a “long tail” of unmanaged applications, from the dominant ChatGPT to a myriad of specialized AI browser extensions. This phenomenon, often called “Shadow AI,” is no longer just about a few unapproved apps; it’s a sprawling, decentralized risk surface.
Industry data reveals that this split usage creates a fundamental security dilemma. The LayerX report notes that while Copilot M365 is gaining traction with 29% adoption, ChatGPT still dominates with 36% of users and over 55% of all conversations inside the enterprise. This matters because consumer-grade tools often lack the robust data protection and privacy commitments of their enterprise counterparts. Any data entered into many public versions of ChatGPT can be used to train the model, creating a one-way street for corporate information to exit the organization’s control. The proliferation of this innovation is explicitly connected to this fragmented, dual-use environment.
Read also: Optical interconnects: A Critical Warning for AI’s Future
In addition, the rise of AI browser extensions adds another layer of complexity and risk. The LayerX research points out that nearly 75% of these extensions request high or critical browser permissions, and over 16% have known vulnerabilities. This quiet expansion of the attack surface is a major component of modern the system that many security teams are only just beginning to track.
Exposing the Data Exposure Discrepancy
While the LayerX report’s central thesis is a compelling narrative, it’s crucial to place it in a broader context. The core claim is that consumer-facing tools like ChatGPT present a higher risk of data exposure than enterprise-integrated ones. This is largely substantiated by how the platforms are architected; Copilot for M365, when used with a work identity, provides commercial data protection, meaning inputs are not used for model training and data remains within the organization’s security boundary. Public ChatGPT, by contrast, historically uses inputs to further train its models unless a specific enterprise or API agreement is in place.
Nevertheless, the problem of it is not simply a matter of choosing the “right” tool. The underlying technology for both platforms is largely the same, licensed from OpenAI. The distinction is less about the core AI’s quality and more about the security and integration wrapper built around it. A determined or careless power user can still cause significant data leakage even on a “safe” platform through misuse or by connecting it to insecure third-party applications. The issue isn’t just the tool, but the governance—or lack thereof—surrounding its use.
Broader industry trends show that many organizations are ill-prepared to manage these new risks. The core issue is a visibility gap. Traditional security tools like Data Loss Prevention (DLP) and Security Service Edge (SSE) are often blind to the content of prompts and the data flowing into AI web applications, a risk LayerX’s own marketing highlights. This technical limitation means that even with approved tools, the potential for the platform remains dangerously elevated.
The Governance Gap: Technology vs. Policy
The current state of the technology highlights a growing friction between rapid technological adoption and lagging corporate policy. As of 2026, a patchwork of new regulations like the EU AI Act and various US state laws are coming into force, demanding greater transparency, risk assessments, and accountability for AI systems. These laws are shifting AI governance from a theoretical best practice to a mandatory compliance activity with significant penalties for failure.
One influential model is Gartner’s AI TRiSM (Trust, Risk, and Security Management). TRiSM provides a structure for managing AI risks by focusing on model monitoring, data protection, and continuous governance. However, many enterprises are still struggling. A recent Gartner analysis warns that enterprises often treat AI agent governance as a binary “locked down or fully trusted” choice, which is a primary cause of failure. This flawed approach either stifles innovation with overly restrictive controls or exposes the business to unacceptable risk by under-restricting powerful autonomous agents.
This new environment forces a difficult conversation. The productivity gains from AI are undeniable, but so are the risks. Organizations are now in a race to implement the governance frameworks, technical controls, and employee training necessary to manage this innovation effectively. Without a unified framework that can see and control data flow across both sanctioned and unsanctioned AI, companies remain exposed. This is the central technological and policy contradiction of the current era.
Also read: Confidential ai Exposes a Critical Industry Weakness
The Bottom Line on enterprise ai risk
The “power user” finding presents a helpful lens for understanding a specific dynamic of the system, but it’s a symptom of a much larger disease: a fundamental lack of visibility and governance over a rapidly fragmenting AI ecosystem. The concentration of risk among power users is a direct result of organizations failing to provide secure, effective tools that meet the productivity demands of their most advanced employees, pushing them toward riskier consumer-grade alternatives. The real threat of enterprise ai risk is not just data leakage, but a strategic failure to adapt security posture to the way work is now done.
Critical Signals to Watch:
- Monitor: The enforcement actions and fines related to new regulations like the EU AI Act and Colorado’s CAIA, which will set the tone for corporate liability.
- Key signal: The market consolidation around “AI firewall” and usage control technologies as enterprises move beyond discovery to active blocking and remediation.
- Monitor: A shift in focus from tool-centric risk (e.g., ChatGPT vs. Copilot) to user- and data-centric risk, acknowledging that any tool can be misused.
- Watch for: Public disclosure of the first major data breaches where the root cause is explicitly identified as sensitive data leakage through a large language model.
- Monitor: The evolution of enterprise-grade AI to include robust, transparent audit logs that can satisfy both security teams and regulators.
Ultimately, managing enterprise ai risk in 2026 requires a paradigm shift. It demands moving from a reactive, tool-based approach to a proactive, data-aware strategy that provides comprehensive visibility and control across the entire, messy, human-driven AI landscape.