CyberIntel ⬡ News
★ Saved ◆ Cyber Reads
← Back ◇ Industry News & Leadership Jun 17, 2026

Sensitive Enterprise Data Uploads to AI Models Double in a Year

Infosecurity Magazine Archived Jun 17, 2026 ✓ Full text saved

The rise of AI-assistants and applications in the enterprise has seen a 93% increase in employees attempting to upload sensitive data, bringing security challenges

Full text archived locally
✦ AI Summary · Claude Sonnet


    The amount of sensitive enterprise data which employees uploaded to AI and machine learning applications has almost doubled in the last year, putting organizations at increased risk of data breaches and cyber espionage, a new report has warned. Published on June 17, the Zscaler 2026 AI Threat Report said that there has been a 93% year-over-year increase in employees transferring enterprise data to AI tools. Over half of these data transfers were driven by staff using two tools in particular: Grammarly (38%) and ChatGPT (21%). Other tools included OpenAI, Codium, GitHub Co-Pilot, Perplexity, Microsoft Co-Pilot, Google Gemini and Claude. According to Zscaler, a total of 18,033 TB of data was transferred to AI and machine learning applications during the last year. The report stated that this is roughly equivalent to 3.6 billion digital photos. Employees Putting Sensitive Data in ChatGPT Zscaler identified over 410 million Data Loss Prevention (DLP) policy violations related to ChatGPT, representing an increase of 99% year-over-year. These violations were related to sensitive information such as financial records, personally identifiable information (PII), source code, healthcare data, and other regulated content. Employees are not typically acting with malice, rather they are attempting to transfer data to AI models to help them be more efficient at work. However, uploading this information to AI models could have potentially significant data privacy implications. “The riskiest AI applications tend to be those that employees use without thinking—writing assistants, coding helpers, or AI features layered into collaboration suites. Their convenience is exactly what makes them higher risk; they see the same sensitive content employees do, often at the moment it’s created,” warned the report. The AI coding assistant Codium also represented a significant vector for DLP violations, with over 242 million detected by Zscaler. This represented a 100% year-over-year increase, suggesting increased leakage risk for source code and proprietary logic, something which could be highly damaging to businesses. To counter the potential cybersecurity risks around the increased use of AI by employees, Zscaler has made several recommendations: Inventory all GenAl apps and apps with embedded AI functionality: Create a continuously updated catalog of every standalone GenAl tool and every SaaS or internal app that includes AI functionality or features Disable risky AI defaults: Turn off auto-enabled AI functionality in SaaS and productivity apps until they have been reviewed and configured to match your risk posture Apply zero trust to all model interactions: Implement least-privilege access for every user, service, and system that interacts with an AI model Enforce AI guardrails with inline inspection: Ensure inline inspection across all AI/ML traffic to prevent external malicious activity from compromising AI systems and stop sensitive data from being exposed via prompts or in outputs The findings in the report are based on analysis of 989.3 billion total AI and ML transactions in the Zscaler cloud from January 2025 through December 2025.
    💬 Team Notes
    Article Info
    Source
    Infosecurity Magazine
    Category
    ◇ Industry News & Leadership
    Published
    Jun 17, 2026
    Archived
    Jun 17, 2026
    Full Text
    ✓ Saved locally
    Open Original ↗