New York, February 27, 2025LayerX Security, a leader in user-first browser extensions for enterprise security, has released its Enterprise GenAI Security Report 2025, delivering insights into how organizational users interact with Generative AI tools and where hidden security gaps emerge. Based on real-life telemetry data from LayerX’s enterprise customers, the report offers a data-driven look at the risks posed by ‘shadow AI’ and the invisible ways GenAI tools are used within organizations.

Key findings on enterprise GenAI usage: 

  • Organizations have zero visibility into 89% of AI usage, despite security policies
  • 71% of connections to GenAI tools are done using personal non-corporate accounts
  • Even among connections to GenAI tools using corporate accounts, 58% are done without the use of Single-Sign On (SSO)
  • 18% of users paste data to GenAI tools and about 50% of that is company information 
  • 20% of enterprise users have installed GenAI-enabled browser extensions 
  • 58% of GenAI browser extensions have high or critical permissions 
  • 5.6% of AI extensions are classified as ‘malicious’ and can be used to steal data 

The report exposes three layers of hidden AI threats GenAI adoption creates in most organizations:

  • Hidden Access to GenAI Tools – Nearly 90% of logins to AI SaaS applications are conducted using personal or corporate accounts not backed by Single Sign-On (SSO). These interactions bypass organizational identity and access management (IAM) systems, leaving security teams blind to how GenAI tools are used and what data is being shared.
  • The Long Tail of ‘Shadow AI’ – While the top AI applications dominate over 90% of enterprise usage, there is a long tail of little-known AI tools that remain undetected and invisible to security teams. Organizations lack visibility into which AI tools are in use, by whom and where they need to place security controls.
  • AI Browser Extensions as a Data Leakage Threat – 20% of users have GenAI browser extensions installed, creating an overlooked ‘side door’ for data exposure. These extensions can bypass Secure Web Gateways (SWGs) and other security controls, allowing sensitive corporate data to be accessed by remote LLMs without the organization’s knowledge or ability to track the data.

There is little quantitative data on how AI is used, especially by enterprise users. LayerX’s solution is deployed directly within users’ web browsers, giving its platform full visibility to all user activity and data that passes through the browser. This report is based on comprehensive insights collected that are specific to enterprises and enterprise users of medium to large companies. 

“As enterprises embrace GenAI, security teams face a growing challenge, protecting against the threats they can’t see,” says Or Eshed, CEO of LayerX. “Our report underscores the growing need for organizations to move beyond traditional AI security approaches and adopt browser-level visibility to manage AI risks effectively.”

How Enterprises Can Secure AI Usage

The report’s findings highlight the need for a proactive, risk-based approach to securing the hidden threats of GenAI adoption within organizations. CISOs and security managers should implement a comprehensive framework to mitigate AI-related risks. This includes mapping GenAI usage in the organization to understand the company risk profile and build an effective remediation strategy. Organizations should also enforce AI auditing at the endpoint level to gain full visibility into employee AI activity and detect potential data leaks. Additionally, restricting personal accounts and enforcing SSO ensures that employees use corporate GenAI accounts with built-in security measures. 

“Banning all AI usage is not a long-term solution in a world that is becoming increasingly AI-driven. This is why it’s critical to apply security restrictions that are adaptive and contextual, to enable employees to use AI securely, without sacrificing productivity,” says Eshed. “Organizations should adopt an agentless security platform that protects organizations against GenAI data leakage, detects and enforces controls over ‘shadow’ AI apps and enforces access controls over GenAI usage, with no impact on the user experience.”

LayerX’s complete research and additional findings on enterprise GenAI security can be found here: https://go.layerxsecurity.com/enterprise-genai-security-report-2025 

To schedule a demo, please visit: https://layerxsecurity.com/request-a-demo/ 

About LayerX

LayerX Security offers an all-in-one, agentless security platform that protects enterprises against the most critical risks and threats of the modern web, including GenAI data leakage, SaaS risks, identity threats, web vulnerabilities, DLP and more. LayerX is deployed as an enterprise browser extension that integrates with any browser and provides organizations with full last-mile visibility and enforcement without disrupting the user experience. Enterprises use LayerX to secure their hybrid workforce in a SaaS-first world. For more information, visit the LayerX website at https://www.layerxsecurity.com

Media Contact

Montner Tech PR

Deb Montner

dmontner@montner.com