Home Blog AI Risk Isn’t Distributed Evenly. Neither Should Your Security Strategy Be

AI Risk Isn’t Distributed Evenly. Neither Should Your Security Strategy Be

Most organizations think they understand their AI risk. They know employees are pasting sensitive data into ChatGPT. They have policies around approved AI tools. Some have even rolled out enterprise copilots and AI governance programs.

But according to new research from LayerX, that's not where the biggest AI blind spots are emerging. The report reveals a much more complicated reality. Most organizations are spending their time worrying about a handful of AI applications while completely missing how AI is actually being used. 

Enterprise AI risk is not distributed evenly across users or platforms. Instead, it is concentrated among a small group of AI power users, a handful of dominant AI platforms, and a rapidly growing ecosystem of AI tools that often operate outside traditional visibility and governance controls.

The problem is no longer a few single AI applications. It's everything around it.

AI Is Everywhere. But Most People Barely Use It.

One of the most surprising findings in the research is that AI adoption and AI dependence are two very different things. While nearly half of enterprise users interacted with AI tools over the past year, only 18% have used it weekly.

This means that most use AI occasionally to summarize a document, draft an email, or answer a question. Only a relatively small percentage use AI consistently as part of their everyday work.

At first glance, that sounds reassuring. Less usage should mean less risk. Except that's not what the data shows.

AI Risk Is Concentrated Among a Small Group of AI Power Users

Enterprise AI activity is heavily concentrated among a small group of employees. While half of users had 12 AI conversations or fewer, the top 5% generated at least 144 conversations. They also interacted with AI much more deeply, averaging 18 prompts per conversation compared to just 2 for the average user.

This creates a new class of "AI power users" who rely on AI extensively across their daily workflows and often use multiple AI platforms. They are not necessarily violating policy or behaving recklessly. They are simply integrating AI into far more aspects of their work than everyone else.

The result is that AI risk is highly uneven. A relatively small number of employees now account for a disproportionate share of AI activity, sensitive data exposure, and cross-platform AI usage.

ChatGPT Still Dominates Enterprise AI, But Copilot is Closing the Gap

Despite constant headlines about new models and emerging competitors, ChatGPT remains the dominant AI platform inside most enterprises. It accounts for 36% of enterprise AI users and more than 55% of all AI conversations.

Copilot M365 is growing quickly, reaching 29% adoption and nearly a quarter of enterprise AI conversations. The growth of Copilot signals something important: enterprise AI usage is starting to split between governed enterprise-native AI and consumer-driven AI adoption. But beyond those two leaders, most AI platforms remain behind despite the attention they receive.

At the same time, not all AI platforms create the same governance challenges. Copilot M365 is growing rapidly, but most usage happens within corporate-managed Microsoft environments where organizations retain stronger visibility and control. Gemini presents a different risk profile. Many employees still use the consumer version through personal accounts, creating potential blind spots around data handling, retention, and model training practices.

The lesson is simple: platform adoption tells only part of the story. Not all enterprise AI adoption carries the same level of risk. Consumer AI tools accessed through personal accounts create far greater governance blind spots than enterprise-managed AI platforms.

Shadow AI Has Evolved Beyond Unapproved Chatbots

When most people hear "Shadow AI", they imagine someone secretly using an unapproved chatbot. That definition is already outdated.

Modern “Shadow AI” is far messier. Employees routinely combine multiple AI tools inside the same workflow. They switch between chatbots, AI search engines, coding assistants, embedded copilots, and AI-powered SaaS features depending on what they're trying to accomplish. The result is an AI ecosystem that is becoming harder to inventory than SaaS.

It is not one rogue application, but a growing long tail of AI tools that security teams often struggle to see, track, or govern. 

Enterprise AI Usage Is Far More Personal Than You Think

Nearly half of the enterprise AI activity happens through personal identities rather than corporate-managed accounts. This finding surprised us the most.

Employees are using personal ChatGPT accounts. Personal Gemini accounts. Sometimes they even use personal AI licenses while logged in with corporate identities. From a governance perspective, it's a nightmare. Organizations lose visibility into retention policies, auditability, compliance controls, and how enterprise data is handled by these AI tools. 

This means that the enterprise AI challenge is no longer just about governing AI applications. It's increasingly about governing personal AI usage within them.

Sensitive Data is Already Flowing into AI Tools 

Our research found that more than 6% of enterprise AI conversations already contain sensitive data. Employees are sharing personal information, financial information, and technical data with AI systems every day. 

DeepSeek showed the highest sensitive data exposure rate at 12.63% of conversations. ChatGPT followed at 8.38%. Copilot M365 showed a significantly lower exposure rate at 3.65%.

The question is no longer whether employees will share sensitive data with AI systems. They already are. The real challenge is understanding where it happens, how often, and through which identities and platforms.

The AI Risk Surface Is Growing Beyond Chat Windows with AI Extension and Connectors

The report also highlights two fast-growing AI channels that many organizations are barely tracking today: AI browser extensions and AI connectors.

About 15% of enterprise users already run at least one AI browser extension. Nearly 75% of these extensions request high or critical browser permissions. More than 16% already have known vulnerabilities. At the same time, AI connectors are increasingly linking AI systems directly to enterprise applications like SharePoint, GitHub, Slack, Atlassian, and Google Workspace.

This means that AI systems are no longer limited to employees manually pasting information into chatbot windows. They are increasingly being granted direct access to enterprise data, documents, collaboration platforms, and internal knowledge repositories. This fundamentally changes the nature of enterprise AI risk.

What To Do About It

The first step is visibility. You can't govern AI usage you can't see. Next, organizations need to focus on where AI risk is actually concentrated: AI power users, unmanaged personal AI usage, and AI systems with direct access to enterprise data. The goal is not to block AI, but to understand how it is being used and apply controls where they matter most.

We put all of this together, including the data, platform breakdowns, sensitive data exposure analysis, and practical recommendations, in our State of AI Usage Report 2026.

Download the full report here.