New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

Key Points:

• The LayerX Security report reveals that enterprise AI risk is concentrated among a small group of "AI power users," with significant exposure stemming from personal accounts and unmanaged environments.
• Approximately 6% of enterprise AI conversations involve sensitive data, with consumer-oriented platforms like ChatGPT and DeepSeek showing higher exposure rates compared to enterprise-focused tools like Copilot M365.
• Organizations should enhance visibility and governance over AI usage, particularly regarding personal AI accounts and browser extensions that may introduce vulnerabilities.

Technical Details: The report indicates that nearly half of all enterprise AI interactions occur through personal identities rather than corporate-managed accounts, creating governance blind spots. It highlights that 15% of users run AI browser extensions, with many requesting high permissions and some having known vulnerabilities.

MITRE ATT&CK Techniques: None mentioned

IOCs Mentioned: None mentioned