A new report by LayerX, titled “Enterprise GenAI Data Security Report 2025,” reveals critical vulnerabilities in how organizations handle GenAI tools. The report highlights that nearly 90% of enterprise GenAI usage occurs outside the visibility of IT departments, creating significant risks for data leakage and unauthorized access. Employees frequently use personal accounts to access GenAI applications, bypassing corporate security controls. LayerX’s telemetry data shows that a large portion of corporate data, including sensitive information such as financial plans, source code, and customer data, is being pasted into GenAI tools, often multiple times a day, with little oversight from IT teams.
While the use of GenAI tools is not yet widespread, the report suggests that it will increase rapidly. Approximately 15% of users access GenAI tools daily, and 50% use them bi-weekly. Software developers represent a significant portion of regular GenAI users, posing heightened risks as they often work with proprietary code. As more employees embrace GenAI, enterprises face growing challenges in ensuring secure use of these tools, particularly as much of the usage occurs in a “shadow” capacity outside corporate guidelines.
The report emphasizes that traditional security tools are ill-equipped to address the risks associated with GenAI, especially since these tools operate in browser-based environments. Legacy security systems fail to detect, control, or secure interactions with AI applications, allowing potentially malicious activity to go unnoticed. To address this, the report suggests that enterprises adopt browser-based security solutions that can offer better visibility into AI interactions, whether through browser extensions or unknown AI applications.
As GenAI adoption continues to rise, the need for robust security measures becomes increasingly urgent. LayerX recommends that organizations implement Data Loss Prevention (DLP) solutions for GenAI to protect sensitive corporate data and ensure secure integration of AI tools into business operations. Without adopting these modern security measures, businesses risk data breaches, exposure of confidential information, and long-term security vulnerabilities.
Reference:
