Help Net Security: “71% of connections to GenAI tools are done using personal non-corporate accounts. Among logins using corporate accounts, 58% of connections are done without Single-Sign On (SSO). These interactions bypass organizational identity and access management (IAM) systems, leaving security teams blind to how GenAI tools are used and what data is being shared. Casual GenAI users unaware of data exposure risks. Most GenAI users are casual and may not be aware of the risks of GenAI data exposure. Only 15% of enterprise employees use it every week, and while a small percentage of users use it extensively, most users are casual users. Software developers are the largest constituency of active users. Among enterprise users, 39% of users who use GenAI tools belong to research and development, 28% belong to sales and marketing. IT, HR, and finance users make up single digits only. The research shows that 20.63% of all users have installed an AI-enabled browser extension. Of those who have such an extension installed, 45% have more than one such extension. 58% of GenAI browser extensions have a permission scope classified as ‘high’ or ‘critical,’ compared to 66.6% of all extensions. Finally, 5.6% of AI extensions are classified as ‘malicious’ and can be used to steal data.

90% AI usage is concentrated in large, well-known apps, but there is a long tail of shadow AI applications. ChatGPT alone accounts for 50% of enterprise usage, and the top 5 AI SaaS apps for 85% of AI usage.However, outside of the handful of well-known apps there is a long tail of lesser-used AI tools that fly under the radar. As a result, security manages don’t know which other AI apps are used, and where to put controls…”