LayerX Security’s AI Usage Report 2026 (full report here) reveals the extent of the enterprise AI visibility gap and why most organizations still don’t understand where their AI exposure is actually coming from. This research shows that enterprises’ AI risks are not evenly distributed across users or platforms. Instead, it concentrates on a small number of AI power users and a few dominant AI platforms that drive the majority of a company’s AI activities and sensitive data exposure.
At the same time, AI usage is rapidly fragmenting between personal accounts, AI browser extensions, built-in copilots, AI connectors, and secondary AI tools that operate outside of traditional visibility and governance controls. The result is a fragmented AI ecosystem that most organizations still don’t fully understand or manage.
While AI is everywhere in the enterprise, most employees are casual
There is a general perception that “everyone is using AI now.” This report paints a more nuanced picture. Almost half of enterprise users have used an AI tool in the past year, but only 18% use AI weekly. This suggests that most employees remain casual users.
At first glance, this seems like good news for security teams. Fewer users means less risk. However, the report found the opposite.
Enterprise AI activity is concentrated in a very small group of employees. Half of users had less than 12 conversations with the AI, while the top 5% generated at least 144 conversations. These same users also engaged in deeper conversations, with an average of 18 prompts per conversation, compared to an average of 2.
This creates a new class of “AI power users” who have far more conversations, interact across multiple AI platforms, and engage in much deeper prompt chains than the average employee.
As a result, AI risk is not evenly distributed across the organization. A relatively small group of users drives a disproportionate amount of exposure to enterprise AI.
ChatGPT still dominates enterprise AI usage, but Copilot is moving closer
Despite the rapid growth of enterprise co-pilots, ChatGPT remains the dominant AI platform in the enterprise by a wide margin. This represents 36% of enterprise AI users and over 55% of all AI conversations. This gap is important because it shows that ChatGPT users are much more active than users on competing platforms.
Copilot M365 is growing rapidly, reaching 29% adoption and nearly a quarter of enterprise AI conversations. Copilot’s growth also shows something important. That means enterprise AI usage is beginning to diverge between managed enterprise-native AI and consumer-driven AI adoption. But aside from these two leaders, most AI platforms still lag far behind despite gaining traction.
While the use of Copilot M365 is highly relevant to enterprise-managed Microsoft environments, where organizations typically maintain greater visibility and governance controls, Gemini presents a very different risk profile. Most of the use of Gemini in the enterprise is through the regular consumer version, not Gemini Enterprise. Employees often gain access through personal accounts or unmanaged environments. This means organizations often have little visibility into how data is maintained, whether prompts are used to train models, and how corporate information is ultimately processed.
The implications of this are important. Not all enterprise AI implementations carry the same level of risk. The real governance challenges increasingly arise from the use of consumer AI operating within corporate workflows disguised as legitimate productivity tools.
Shadow AI is no longer just a few applications. The long tail of unobtrusive AI apps
Most organizations still think of Shadow AI as employees using unauthorized chatbots. That definition is already outdated.
LayerX research shows that enterprise AI usage is rapidly becoming fragmented across a growing ecosystem of AI tools, built-in assistants, AI browser extensions, AI search engines, coding copilots, and AI-powered SaaS capabilities that often operate outside of traditional visibility and governance controls.
Nearly 30% of enterprise users are already using multiple AI platforms, and the top 5% are working with six or more AI applications. Employees no longer need to rely on a single assistant for isolated tasks. They combine multiple AI systems within the same workflow, often switching between tools depending on the task, type of data, and convenience.
This is what modern shadow AI actually looks like. It’s the long tail of AI tools that organizations struggle to understand, track, and manage. In many cases, organizations may be completely unaware that AI is being used, creating much greater governance challenges than most organizations anticipate.
Using enterprise AI is much more personal than organizations realize
Most organizations assume that when employees use AI in their work, they will naturally use an enterprise-managed AI environment. But that’s not the case.
Almost half of enterprise AI conversations take place through personal identities rather than enterprise-managed accounts. Even more concerning is that more than 14% of conversations conducted using corporate identities are tied to personal AI licenses.
This creates a huge governance blind spot. Because when employees use personal AI accounts, organizations lose visibility into retention policies, auditability, model training exposure, and how corporate data is ultimately processed. Sensitive corporate information can move into external AI ecosystems without centralized oversight or policy enforcement.
What is particularly surprising about this is that the divide is not just about identity. Platform choice itself is increasingly being shaped.
Enterprise platforms such as Copilot M365 and Gemini Enterprise are primarily used through company-managed accounts. On the other hand, platforms such as ChatGPT, Claude, and DeepSeek are still primarily for personal use.
This means that enterprise AI problems are no longer just about AI applications. It is increasingly becoming a matter of “personal AI” and governance.
Sensitive data enters all AI platforms; DeepSeek and ChatGPT are the worst culprits
The report found that more than 6% of enterprise AI conversations already contain sensitive data. When classifying sensitive data, personal data was by far the most common category, appearing in 5.81% of conversations. Financial and IT-related data, on the other hand, appeared less frequently but still provided significant exposure.
DeepSeek had the highest sensitive data leakage rate at 12.63% of conversations. ChatGPT followed with 8.38%. Copilot M365 showed a significantly lower exposure rate of 3.65%.
This suggests that while enterprise-grade integrated AI platforms may operate within a more controlled governance environment, consumer-grade AI tools will continue to see riskier usage patterns.
The question is no longer whether employees will share sensitive data with AI systems. They already do that. The real challenge is understanding where it happens, how often, and through which identities and platforms.
AI Extensions and Connectors Quietly Expand the Risk Face of AI
This report also focuses on two rapidly growing AI channels that many organizations currently have little tracking of: AI browser extensions and AI connectors.
Approximately 15% of enterprise users already run at least one AI browser extension. Almost 75% of these extensions request advanced or critical browser permissions. More than 16% already have known vulnerabilities.
At the same time, AI connectors are increasingly linking AI systems directly to enterprise applications such as SharePoint, GitHub, Slack, Atlassian, and Google Workspace.
This means AI systems are no longer limited to employees manually pasting information into chatbot windows. Persistent programmatic access to enterprise systems, documentation, collaboration platforms, and internal knowledge repositories is increasingly being granted. This fundamentally changes the nature of AI risk for enterprises.
Turning insights into action: The way forward for CISOs
One thing this report reveals is that traditional AI governance approaches are lagging behind how employees actually use AI. It outlines a clear direction for security leaders.
Identify and monitor high-risk AI power users: AI risks are highly concentrated in a small number of employees who rely heavily on AI across multiple platforms and expose far more sensitive data than the average user. Treating all AI uses equally wastes resources and misses the riskiest behaviors. Stop focusing only on “approved AI”: The biggest visibility gap is the growing long tail of AI tools, built-in assistants, browser extensions, AI search engines, and connectors that are quietly spreading across the enterprise. Block the use of personal accounts as active shadow AI: Unmanaged personal AI accounts and personal AI licenses expose sensitive corporate workflows to an uncontrolled AI environment. By enforcing enterprise AI identities and blocking the use of personal accounts, AI interactions, prompts, and data flows can remain visible, managed, and protected under enterprise security controls. Moving from “block or allow” to inline AI guardrails: Blocking AI completely is no longer practical, and an “allow all” approach is just as dangerous. Organizations need inline guardrails that monitor prompts, uploads, responses, and AI-driven actions in real-time to prevent sensitive data from leaking without sacrificing productivity.
Download the full AI Usage Report here
Source link
