TL;DR: Enterprise telemetry shows 45% of employees already use generative AI, 77% paste data into prompts, and 67% of AI usage happens through unmanaged personal accounts, making AI the largest blind spot for data exfiltration in the modern enterprise, according to LayerX Security. The security problem is no longer adoption, but the collapse of governance around unsanctioned identity and clipboard-driven leakage.
At a glance
What this is: This report shows that enterprise AI use has become a major data-exfiltration channel, driven by copy/paste into consumer tools and unmanaged accounts rather than file uploads.
Why it matters: It matters because IAM, DLP, and SaaS governance programmes built around federated, file-centric, and SSO-managed workflows do not fully cover how employees actually use AI tools today.
By the numbers:
- 45% of enterprise employees are already using generative AI tools.
- 77% of employees paste data into GenAI prompts.
- 67% of AI usage happens through unmanaged personal accounts.
👉 Read LayerX Security's report on enterprise AI and SaaS data security
Context
Enterprise AI governance is failing because the dominant user pattern is outside the controls security teams already trust. The primary issue is not model risk, but identity and data movement through consumer AI accounts, unsanctioned logins, and clipboard-based exfiltration that traditional SaaS controls were never designed to see.
For IAM, PAM, and NHI programmes, this is a familiar failure mode in a new wrapper. When sensitive data moves through unmanaged identities and browser actions instead of sanctioned enterprise workflows, federation, access reviews, and file DLP lose coverage at the point of use.
That makes AI governance less about whether employees may use these tools and more about whether the organisation can classify, constrain, and audit the identity paths and data paths they create.
Key questions
Q: How should security teams stop employees pasting sensitive data into AI prompts?
A: Security teams should control the browser or endpoint where the paste occurs, not rely only on network or file DLP. Classify text before it is submitted, block sensitive categories in consumer AI destinations, and log the event to an enterprise identity. The goal is to stop disclosure at the moment of composition.
Q: Why do unmanaged AI accounts create a governance problem for IAM teams?
A: Unmanaged AI accounts break the link between identity, policy, and accountability. If users access AI through personal or non-federated accounts, enterprise controls cannot reliably enforce logging, access reviews, or data restrictions. That makes the session usable but not governable, which is the core IAM problem.
Q: How do organisations know whether AI usage is becoming shadow IT?
A: Look for AI activity that occurs outside SSO, outside managed endpoints, or through personal accounts that cannot be tied back to enterprise policy. If usage is visible only through browser telemetry or ad hoc audits, the programme has already lost authoritative control over that channel.
Q: Who is accountable when sensitive data leaks through consumer AI tools?
A: Accountability sits with the organisation’s identity, data protection, and security governance owners, because the risk comes from unmanaged access paths and weak content controls. If the enterprise permits use without federation, classification, and enforcement at the browser, the responsibility cannot be shifted to the employee alone.
Technical breakdown
Why clipboard exfiltration beats file-based DLP
Most enterprise DLP programmes were built to inspect files, uploads, and network traffic. AI usage changes the path of leakage because sensitive content is often copied into prompts rather than attached as documents. That makes the browser the control point, not the mail gateway or file scanner. Once data is pasted into a consumer AI session, the event can look like ordinary web input unless the browser or endpoint has content-aware inspection. The technical shift is from file movement to unstructured text movement, which defeats many legacy policies that only understand containers, transfers, and attachments. Practical implication: move inspection to the browser or endpoint where the paste event happens.
Practical implication: inspect and block sensitive data at the browser layer before it enters prompts or chat windows.
Why unmanaged personal accounts create shadow AI risk
A managed identity is only useful if the application actually enforces it. In this report, a large share of AI activity occurs through personal accounts and non-federated logins, which means enterprise identity controls never fully attach to the session. That is shadow IT with a modern interface: the system may be business-critical, but the identity path is consumer-grade. For IAM teams, the risk is not just lack of SSO. It is the inability to bind activity, policy, and accountability to an enterprise-controlled principal. Practical implication: classify non-federated AI access as unmanaged access, even when users sign in with work credentials elsewhere.
Practical implication: treat non-federated AI access as unmanaged shadow IT until it is bound to enterprise identity controls.
How AI usage changes the control boundary for sensitive data
AI adoption compresses the distance between data access and data disclosure. In traditional SaaS, users often move data into files, tickets, or shared workspaces, where governance layers can intervene. In AI, the interaction is immediate and conversational, so the control boundary shifts to the moment of composition. That means context-aware policy must consider the content of what is being pasted or uploaded, the identity under which it is happening, and whether the destination is corporate or consumer. The underlying problem is not just leakage volume, but the absence of a reliable enterprise boundary around the conversation itself. Practical implication: define policy around data sensitivity and destination context, not just application allow or deny lists.
Practical implication: enforce policy on data sensitivity and destination context instead of relying on coarse app-blocking alone.
NHI Mgmt Group analysis
AI governance has become an identity problem before it is a model problem. The report shows employees using consumer AI through unmanaged accounts, which means policy, accountability, and auditability are detached from the enterprise identity plane. That is why conventional SaaS governance cannot simply be extended into AI by naming the tool category. Practitioners should treat the identity path as the first control question, not the last.
Clipboard-driven data leakage is the new identity-adjacent exfiltration path. The most dangerous movement is not the upload that teams already monitor, but the text copied into prompts from inside the browser. This creates a data-loss channel that sits beside identity controls, because the user may be authenticated while the data is still effectively escaping supervision. Security leaders need to recognise that session legitimacy does not equal data safety.
Non-federated corporate access now behaves like shadow NHI governance, even when the subject is a person. When workers use corporate credentials without federation or SSO, the organisation loses durable control over authentication context, logging, and policy enforcement. The same governance failure that creates weak machine-account oversight is now appearing in human workflows through consumer AI usage. The practical conclusion is that identity governance must collapse the distinction between sanctioned and managed only when the control plane is actually enforced.
Persistent visibility gaps are what make AI a scale problem, not a niche misuse issue. Once a large share of workforce activity happens in tools outside enterprise oversight, the programme no longer has a complete view of where data is going or which principals are responsible. That is not a minor policy exception. It is a structural blind spot that should be measured as part of identity and data governance maturity. Practitioners should treat visibility as the baseline requirement for any AI operating model.
From our research:
- 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
- For a related control lens, see Ultimate Guide to NHIs , Why NHI Security Matters Now for the governance pressure behind modern identity sprawl.
What this signals
Clipboard governance is becoming part of identity governance. As AI work moves through browser paste actions rather than sanctioned file transfers, programme owners need controls that bind content inspection to the session itself. That shift pushes IAM, DLP, and browser security into the same operating model instead of separate workstreams. With 85% of organisations lacking full visibility into third-party vendors connected via OAuth apps, the broader visibility problem is already well established in identity governance.
The practical signal is that AI oversight will increasingly depend on whether organisations can identify unmanaged identities before they create data loss paths. This is not just a user-training issue, because the control gap sits in the intersection of access, destination, and content. Teams that already track OAuth-connected vendor visibility will be better placed to extend that discipline into AI tooling.
Shadow AI will force convergence between IAM and browser controls. If identity controls stop at federation and ignore where data is pasted, the programme will remain partially blind. Security leaders should expect AI governance requirements to show up first as policy exceptions, then as audit findings, and eventually as data-breach root causes. The right response is to measure usage by identity path and to align AI policy with the same visibility expectations used for NIST Cybersecurity Framework 2.0 functions.
For practitioners
- Instrument browser-level paste controls Inspect copy and paste events in the browser before data reaches AI prompts, chat windows, or web forms. Prioritise classification of sensitive text over file-centric scanning, because the report shows paste is the dominant leakage path.
- Reclassify non-federated AI access as unmanaged Inventory AI tools used with personal accounts or non-SSO logins and treat them as shadow access until they are bound to enterprise identity controls. Focus first on workflows handling customer, financial, or regulated data.
- Apply destination-aware data policy Allow business use of AI tools only where policies can distinguish enterprise destinations from consumer destinations and block sensitive data accordingly. Avoid blanket bans that push usage further into shadow workflows.
- Audit AI usage by identity path Measure how much AI activity occurs through federated versus non-federated identities, and separate corporate accounts from personal accounts in reporting. Use that split to prioritise remediation and accountability.
Key takeaways
- Enterprise AI is now a data-exfiltration problem because employees are pasting sensitive information into consumer tools outside traditional governance.
- Unmanaged accounts and non-federated logins create a shadow-control environment where identity policy cannot reliably follow the user.
- Security teams should move inspection and policy enforcement to the browser, where composition happens, instead of depending only on file and network controls.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST Zero Trust (SP 800-207) set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-4 | Non-federated access and unmanaged identities weaken access control enforcement. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Persistent unmanaged accounts and weak rotation posture mirror NHI governance gaps. |
| NIST Zero Trust (SP 800-207) | Browser-level inspection and continuous verification align with zero-trust assumptions. |
Shift control to the session and verify destination, identity, and data before allowing disclosure.
Key terms
- Shadow AI: AI tools and accounts used by employees without enterprise visibility, approval, or enforcement. Shadow AI becomes an identity and data governance issue when the organisation cannot bind the session to policy, logging, and control, even if the activity is work-related.
- Non-Federated Access: Access that does not pass through enterprise federation or SSO, leaving the organisation with weaker control over authentication context and session governance. In AI workflows, non-federated access often behaves like unmanaged access because policy cannot reliably follow the user.
- Clipboard Exfiltration: Sensitive data leaving an organisation through copy and paste rather than file transfer or explicit upload. This matters because it bypasses many legacy DLP controls and shifts the control point to the browser or endpoint where the content is composed.
- Destination-Aware Policy: A control approach that changes enforcement based on where the data is going, not just what the data contains. It allows security teams to distinguish enterprise systems from consumer tools and apply stricter rules when sensitive information is headed outside managed boundaries.
Deepen your knowledge
NHI governance, agentic AI identity, and machine identity security are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.
This post draws on content published by LayerX Security: Enterprise AI and SaaS Data Security Report 2025. Read the original.
Published by the NHIMG editorial team on 2025-10-06.
NHI Mgmt Group — the independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
