Notifications
Clear all
Topic starter
09/06/2026 11:20 pm
TL;DR: LayerX research finds that nearly half of enterprise users touched AI over the past year, but only 18% used it weekly, while the top 5% generated at least 144 conversations and 18 prompts per conversation, showing that AI risk is concentrated in a small user cohort and across personal accounts, connectors, and extensions, according to LayerX Security. The governance failure is not visibility into a few approved chatbots, but control over the identities, tools, and data paths where AI activity actually accumulates.
NHIMG editorial — based on content published by LayerX Security: State of AI Usage Report 2026
By the numbers:
- Nearly half of enterprise users interacted with AI tools over the past year, but only 18% used it weekly.
- The top 5% of AI users generated at least 144 conversations and averaged 18 prompts per conversation.
- 6% of enterprise AI conversations already contain sensitive, sensitive data.
Questions worth separating out
Q: How should security teams govern AI use when employees rely on personal accounts?
A: Treat personal AI accounts as a separate governance domain from corporate AI services.
Q: Why do AI power users create more governance risk than casual users?
A: AI power users generate more prompts, use more tools, and switch contexts more often, which increases the chance of sensitive data exposure and untracked workflow drift.
Q: What breaks when AI connectors are granted broad enterprise access?
A: The trust boundary breaks because AI is no longer a passive interface, it becomes a delegated access path into collaboration systems, source code, and documents.
Practitioner guidance
- Map AI usage by identity type Separate corporate accounts, personal accounts, and delegated AI connector accounts in discovery and reporting.
- Prioritise power-user monitoring Focus review and alerting on the small cohort generating the most prompts and tool switches, since that group is driving a disproportionate share of exposure.
- Review connector and extension permissions Inventory browser extensions and AI connectors, then remove excessive permissions to enterprise data sources, collaboration tools, and code repositories.
What's in the full report
LayerX Security's full report covers the operational detail this post intentionally leaves for the source:
- Breakdowns of AI usage by platform and account type that help teams prioritise control coverage.
- Sensitive-data exposure analysis across ChatGPT, Copilot M365, Gemini, and DeepSeek.
- Extension and connector permission details that support hands-on access reviews.
- Practical recommendations for visibility, monitoring, and policy enforcement in enterprise environments.
👉 Read LayerX Security's full report on enterprise AI usage and shadow AI risk →
AI power users and shadow AI: what IAM teams are missing?
Explore further
10/06/2026 1:37 am
Enterprise AI risk is becoming an identity concentration problem, not a chatbot adoption problem. The report makes clear that the biggest exposure comes from a small group of power users who generate disproportionate activity across multiple tools and identities. That pattern is familiar from NHI governance, where a small number of high-privilege credentials often dominate blast radius. Practitioners should treat AI usage as a concentrated access issue rather than a generic user-adoption trend.
A few things that frame the scale:
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities, according to the State of Non-Human Identity Security.
- That confidence gap sits alongside the fact that 85% of organisations lack full visibility into third-party vendors connected via OAuth apps, according to the same report.
A question worth separating out:
Q: How can organisations tell whether shadow AI is becoming a material risk?
A: Look for three signals: frequent use of personal accounts, multiple AI tools inside the same workflow, and extensions or connectors that request broad permissions. When those patterns overlap, the organisation has moved beyond isolated usage into unmanaged access sprawl. That is the point where governance needs to shift from awareness to control.
👉 Read our full editorial: AI usage risk is concentrated beyond chatbot governance
