AI usage risk is concentrated beyond chatbot governance

At a glance

What this is: Enterprise AI risk is clustering around a small set of power users, personal identities, and connector-driven workflows rather than around a few visible chatbot deployments.

Why it matters: IAM, NHI, and human identity programmes need to govern AI usage where it actually occurs, because personal accounts, shadow tools, and direct data connectors create blind spots that approved-tool policies miss.

By the numbers:

• Nearly half of enterprise users interacted with AI tools over the past year, but only 18% used it weekly.
• The top 5% of AI users generated at least 144 conversations and averaged 18 prompts per conversation.
• 6% of enterprise AI conversations already contain sensitive, sensitive data.

👉 Read LayerX Security's full report on enterprise AI usage and shadow AI risk

Context

AI governance fails when security teams focus on approved chatbots while missing the identities, browser extensions, connectors, and personal accounts that actually move data. In practice, enterprise AI usage is becoming a governance problem across human identity, non-human identity, and delegated access paths, not just a software selection problem.

The key shift is that AI risk is no longer evenly distributed across the workforce. A small number of power users and high-permission integrations account for a disproportionate share of prompts, sensitive data exposure, and visibility loss, which makes classic policy-based controls insufficient on their own.

Key questions

Q: How should security teams govern AI use when employees rely on personal accounts?

A: Treat personal AI accounts as a separate governance domain from corporate AI services. Set a clear policy on whether company data may be used in consumer accounts, then enforce that policy with identity, device, and browser controls. If the organisation cannot audit or retain the resulting activity, it should not be considered approved use.

Q: Why do AI power users create more governance risk than casual users?

A: AI power users generate more prompts, use more tools, and switch contexts more often, which increases the chance of sensitive data exposure and untracked workflow drift. Their behaviour creates a concentrated risk pool that traditional broad-brush awareness controls rarely cover well. Security teams should monitor them as a distinct population.

Q: What breaks when AI connectors are granted broad enterprise access?

A: The trust boundary breaks because AI is no longer a passive interface, it becomes a delegated access path into collaboration systems, source code, and documents. Broad permissions make it harder to prove least privilege, harder to audit activity, and easier for one compromised integration to expose multiple systems.

Q: How can organisations tell whether shadow AI is becoming a material risk?

A: Look for three signals: frequent use of personal accounts, multiple AI tools inside the same workflow, and extensions or connectors that request broad permissions. When those patterns overlap, the organisation has moved beyond isolated usage into unmanaged access sprawl. That is the point where governance needs to shift from awareness to control.

Technical breakdown

AI power users change the control model

The report shows that AI activity is not spread uniformly across the workforce. A small group of users generates far more prompts, across more tools, and with deeper interaction patterns than the average employee. That matters because governance designed around average usage misses the people whose behaviour creates the largest exposure. In identity terms, the risk concentrates where a user can switch between enterprise and personal accounts, chain tools, and move data across platforms without a stable control boundary. The issue is not AI adoption alone. It is concentrated, high-frequency usage that outpaces standard awareness, DLP, and acceptable-use enforcement.

Practical implication: Build monitoring and policy controls around power users, not just around broad user populations.

Personal AI accounts create identity and audit blind spots

Nearly half of the enterprise AI activity in the report happens through personal identities rather than corporate-managed accounts. That creates a governance break because the organisation loses sight of retention settings, training-use consent, logging, and audit evidence. When a worker uses a personal AI account for enterprise tasks, the data path leaves corporate identity control even if the login happens from a managed device. The core problem is not the chatbot itself, but the mismatch between enterprise data handling expectations and consumer-grade account governance. Once that happens, the organisation cannot reliably prove where information went or how it was retained.

Practical implication: Separate acceptable enterprise AI use from consumer-account use and enforce the distinction at identity and device policy layers.

Connectors and extensions turn AI into a privileged data path

AI browser extensions and AI connectors extend AI systems beyond chat windows into SharePoint, GitHub, Slack, Atlassian, and Google Workspace. That changes the trust model because the AI layer no longer just receives pasted text, it can touch enterprise data sources directly. Browser extensions also create an additional identity surface because they often request high permissions and may carry known vulnerabilities. In practical terms, this is an NHI-style access problem disguised as a productivity feature. The relevant question is not whether the model is safe in isolation, but whether the connector, extension, and delegated account together have more access than the use case requires.

Practical implication: Review connector permissions and browser-extension privileges as part of access governance, not just endpoint security.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• McKinsey AI platform breach — McKinsey AI platform hack exposed 46M chats and sensitive data.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Enterprise AI risk is becoming an identity concentration problem, not a chatbot adoption problem. The report makes clear that the biggest exposure comes from a small group of power users who generate disproportionate activity across multiple tools and identities. That pattern is familiar from NHI governance, where a small number of high-privilege credentials often dominate blast radius. Practitioners should treat AI usage as a concentrated access issue rather than a generic user-adoption trend.

Personal AI accounts are a governance failure mode because accountability leaves the enterprise boundary. When employees use consumer AI accounts for work, the organisation loses durable control over logging, retention, and evidence. That breaks the assumption that enterprise data stays inside enterprise identity and audit boundaries. The practitioner implication is that human identity policy, acceptable-use enforcement, and data handling rules all need to account for consumer AI account behaviour.

AI connectors create a new form of delegated access sprawl. Once AI tools connect directly to collaboration and code repositories, the risk shifts from user input to delegated machine access across enterprise systems. That puts the problem squarely in NHI territory because the connector often behaves like a service identity with broad, persistent reach. The governance question becomes whether these delegated pathways are being reviewed with the same discipline as other privileged integrations.

Shadow AI now looks more like unmanaged identity sprawl than an isolated policy violation. Employees are combining chatbots, AI search, extensions, and embedded copilots inside the same workflow, which makes inventory and control harder than in traditional SaaS. That means security teams need a broader control model that spans human usage, non-human access, and data movement. Practitioners should reassess whether current discovery methods are capable of seeing the whole AI access chain.

From our research:

• Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to the State of Non-Human Identity Security.
• That confidence gap sits alongside the fact that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the same report.
• Ultimate Guide to NHIs , Lifecycle Processes for Managing NHIs helps teams move from discovery to offboarding when AI connectors and delegated accounts start behaving like persistent access paths.

What this signals

AI usage governance is starting to look like identity lifecycle governance. The practical problem is no longer whether people can access an AI tool, but whether the organisation can discover, classify, review, and retire the identities and connectors behind that use. For teams already managing service accounts and delegated access, the lesson is familiar: uncontrolled access paths create durable blind spots, even when the application itself changes quickly.

Power-user behaviour should now be treated as a control signal. When a small number of employees account for most AI activity, security teams need reporting that groups usage by identity, account type, and connector privilege rather than by platform alone. The governance model should also reflect the broader NHI pattern that concentrated use creates concentrated exposure, which is why Top 10 NHI Issues remains relevant even in a human-led AI rollout.

For practitioners

• Map AI usage by identity type Separate corporate accounts, personal accounts, and delegated AI connector accounts in discovery and reporting. Treat them as different control classes because each one has different audit, retention, and access implications.
• Prioritise power-user monitoring Focus review and alerting on the small cohort generating the most prompts and tool switches, since that group is driving a disproportionate share of exposure. Use prompt volume, cross-platform activity, and account switching as indicators.
• Review connector and extension permissions Inventory browser extensions and AI connectors, then remove excessive permissions to enterprise data sources, collaboration tools, and code repositories. High-permission connectors should be recertified like other privileged non-human access paths.
• Write policy for consumer AI account use State explicitly whether personal AI accounts may be used for company data, under what conditions, and with what logging or retention constraints. If the answer is no, enforce that boundary through identity and device controls.

Key takeaways

• The report shows that AI risk is concentrated in power users, personal accounts, and delegated connectors rather than in visible chatbot deployments alone.
• Nearly half of enterprise AI activity happening through personal identities means auditability and retention controls can fail even when device and login policies look sound.
• Teams should govern AI usage as an identity and access problem, with special attention to connector privilege, cross-tool workflows, and account-boundary enforcement.

Key terms

• AI power user: An AI power user is an employee whose work depends on frequent, deep, and multi-platform AI interaction. In governance terms, this is not just heavy usage. It is a concentration point for data exposure, account switching, and policy drift that standard user-wide controls may miss.
• Shadow AI: Shadow AI is AI usage that operates outside formal governance, discovery, or approved tooling processes. It includes personal accounts, unapproved assistants, embedded features, extensions, and connectors that move enterprise data without being fully visible to security and audit teams.
• AI connector: An AI connector is a delegated integration that links an AI system to enterprise applications or repositories. It often behaves like a privileged non-human access path because it can read or act on business data across systems, which makes lifecycle ownership and permission scope critical.
• Consumer AI account use: Consumer AI account use refers to employees using personal AI subscriptions or identities for work-related tasks. The risk is not only policy non-compliance. It is the loss of enterprise control over logging, retention, training use, and evidentiary traceability.

Deepen your knowledge

AI usage governance, personal account controls, and delegated connector oversight are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are building controls for shadow AI and power-user risk, it is worth exploring.

This post draws on content published by LayerX Security: State of AI Usage Report 2026. Read the original.