Nearly 40% of professionals are sharing sensitive work data with artificial intelligence platforms without employer authorization, raising alarm bells about potential security breaches and intellectual property risks, according to a new study by application security firm Indusface.
The research reveals that work-related documents top the list of data being fed into AI systems, with over 80% of Fortune 500 enterprise employees using tools like ChatGPT for routine tasks such as email composition and report analysis. More concerning, 11% of the data shared with these platforms is classified as strictly confidential, including internal business strategies.
The casual approach to data security extends beyond workplace documents. The study found that 30% of professionals believe protecting their personal data isn’t worth the effort, despite increasing access to cybersecurity training. While one-third of employees now participate in such trainingโmarking the first uptick in four yearsโ11% of workers with access to training programs don’t utilize them.
Financial information and client data sharing have emerged as particular areas of concern. Large language models, which power many AI applications, typically gather training data through web crawlers that scrape information without explicit user consent. This automated collection process can inadvertently capture personally identifiable information, creating potential compliance issues for businesses handling sensitive client and employee data.
The study also highlighted risks associated with sharing company source code through AI platforms. Developers increasingly rely on AI for coding assistance, but sharing proprietary code could expose trade secrets if the information is stored or used to train future AI models.
To address these vulnerabilities, security experts recommend implementing strict AI usage policies and ensuring devices have comprehensive antivirus protection. For individual users, the study emphasizes the importance of strong password practices and two-factor authentication to mitigate cyber attack risks.