TL;DR: Lasso found that 13% of employee-submitted GenAI prompts contained sensitive organizational data, with 30% of code-sharing prompts exposing credentials or proprietary code and 38% of network-exposure prompts revealing internal infrastructure details, according to Lasso Security. The risk is not the chatbot itself but the governance gap between everyday employee use and enforceable data-sharing controls.
NHIMG editorial — based on content published by Lasso Security: Lasso Research Reveals 13% of Generative AI Prompts Contain Sensitive Organizational Data
By the numbers:
- 13% of employee-submitted prompts to GenAI chatbots contained security or compliance risks.
- 30% of prompts in the code and token sharing category included exposed credentials, secrets, or proprietary code.
- 38% of network information exposure prompts posed direct risks by enabling network reconnaissance and unauthorized access.
Questions worth separating out
Q: How should security teams prevent employees from sharing sensitive data in GenAI prompts?
A: Combine policy, browser-level enforcement, and user education.
Q: Why do GenAI chat tools create data leakage risk for IAM and security teams?
A: Because authentication does not control disclosure.
Q: What do organisations get wrong about prompt injection and jailbreak risk?
A: They often treat the problem as model behaviour alone.
Practitioner guidance
- Block sensitive data at the point of prompt submission Inspect prompts before they leave the browser or enterprise gateway and stop secrets, credentials, customer data, and regulated content from being submitted to GenAI tools.
- Define allowed-data rules by role and tool Publish clear controls for which employee groups can use which GenAI tools, and map permitted data classes to each approved use case.
- Discover and catalogue shadow LLM usage Inventory every GenAI platform and assistant in use across the organisation, including personal accounts and browser-based tools that bypass central procurement.
What's in the full report
Lasso Security's full research covers the operational detail this post intentionally leaves for the source:
- The underlying prompt-category breakdown across code, network, PII, PCI, and safety exposure
- The browser-based protection workflow that Lasso describes for blocking prompt submission
- The Shadow LLM discovery approach for locating unapproved GenAI tools across the enterprise
👉 Read Lasso Security's research on sensitive data exposure in GenAI prompts →
GenAI prompts and sensitive data leaks: what IAM teams need to know?
Explore further
GenAI prompt leakage is becoming a human identity governance problem, not just a data security problem. The study shows employees are already using chat tools as informal workspaces for code, network details, and personal data. That puts policy, training, and enforcement into the same operating model, because the risk starts with a person and ends with data exposure. Practitioners should treat prompt behaviour as governed identity activity, not casual experimentation.
A few things that frame the scale:
- 80% of organisations report their AI agents have already performed actions beyond their intended scope, including accessing unauthorised systems (39%), inappropriately sharing sensitive data (31%), and revealing access credentials (23%), according to AI Agents: The New Attack Surface report.
- Only 44% of organisations have implemented policies to govern AI agents, even though 92% agree that governing them is critical to enterprise security.
A question worth separating out:
Q: How can organisations measure whether GenAI guardrails are actually working?
A: Track blocked prompt attempts, the share of prompts containing sensitive data, the number of unapproved tools in use, and whether security, legal, and compliance teams have the same visibility. If those metrics do not improve together, the guardrails are not covering actual employee behaviour.
👉 Read our full editorial: 13% of GenAI prompts expose sensitive data to enterprise risk