"Employees using unauthorized personal accounts to access GenAI tools are emerging as a growing insider-risk concern for organizations, new research shows. That means workers who have access to sensitive material could be plugging it into their AI platform of choice more frequently, leaving their organization none the wiser."
"Of the 45 percent of all professionals using AI in the workplace regularly, 67 percent of those were accessing the platforms using personal accounts that were not authorized by their IT teams, data from Verizon's annual data breach investigations report (DBIR) [PDF] showed. Verizon said that the proportion of users accessing AI through personal accounts now represents a fourfold increase in non-malicious insider actions detected across this year's dataset of more than 22,000 breaches globally."
"We're not just talking about the Gemini, Claude, ChatGPT, and Grok, but also various vibe coding platforms, AI agents, and other external chatbots that could have access to an organization's data in some form. Verizon reported that 28 percent of data loss prevention policy violations involved employees entering source code into an AI tool, potentially exposing an organization's intellectual property."
"In descending order of prevalence, staff were tossing images, structured data, documents, and PDFs into GenAI platforms as well. In 3.2 percent of cases, workers were uploading proprietary research and technical documentation. This should concern even the most bullish AI adopters, given the volume of potentially sensitive corporate data employees are feeding into unauthorized third-party AI services each day."
Employees increasingly use unauthorized personal accounts to access generative AI tools at work, creating a growing insider-risk problem. Many professionals using AI regularly connect through accounts not authorized by IT, and this behavior has risen sharply in detected non-malicious insider actions. The risk extends beyond major chatbots to include coding assistants, AI agents, and other external chatbot services that may receive organizational data. Data loss prevention violations include employees entering source code into AI tools, along with uploading images, structured data, documents, and PDFs. A smaller share involves proprietary research and technical documentation, but the overall volume of sensitive data entering third-party services remains a major concern.
Read at theregister
Unable to calculate read time
Collection
[
|
...
]