The most common mistake is assuming the risk begins and ends with the app itself. In reality, the exposure occurs when employees paste data into prompts, so the real control point is the combination of user behaviour, approved tool access, and data classification.
Why This Matters for Security Teams
Public AI tools are often treated as a policy exception, but the practical risk is broader: employees use them as informal workspaces for drafting, summarising, coding, and decision support, which makes prompts a new path for sensitive data exposure. NIST’s NIST Cybersecurity Framework 2.0 is useful here because it pushes teams to think in terms of governance, data handling, and recoverability rather than only blocking a category of app.
The common failure is not simply allowing an AI site, but allowing unmanaged data to move into a service the organisation does not control, then assuming technical restrictions alone will stop leakage. That misses prompt injection, browser extensions, copy-paste habits, and shadow use of consumer accounts. NHIMG research on the State of Secrets in AppSec shows how often security leaders overestimate their control of sensitive data flows. In practice, many security teams encounter exposure only after an employee has already pasted confidential content into a public model, rather than through intentional policy enforcement.
How It Works in Practice
The right control model starts with classification, allowed-use rules, and user guidance that reflects how people actually work. If a document, code snippet, or customer record is sensitive, the question is not only whether the tool is approved, but whether the specific data element may be entered into a public model at all. Organisations need clear boundaries for what can be summarised, transformed, or translated, and those boundaries should be enforced in policy, training, and tooling.
Practically, strong programs combine:
- data classification that distinguishes public, internal, confidential, and regulated content;
- approved-use lists for public AI tools and separate rules for enterprise AI environments;
- prompt hygiene guidance so employees know how to remove secrets, personal data, and client identifiers;
- logging and monitoring for sanctioned AI access, including browser-based use where possible;
- vendor review of retention, training use, and data deletion terms before broad deployment.
This is where NIST guidance and NHIMG research intersect with day-to-day operations. The DeepSeek breach illustrates how quickly AI-related data sprawl becomes a governance problem once sensitive content enters a system outside the organisation’s direct control. Current guidance suggests treating employee prompts as a data-loss channel, not just a productivity activity. These controls tend to break down in bring-your-own-device environments and unmanaged browser sessions because the organisation cannot reliably see which account, extension, or clipboard action carried the data into the tool.
Common Variations and Edge Cases
Tighter control over public AI use often increases friction for employees, so organisations have to balance data protection against usability and business demand. A blanket ban may reduce obvious exposure, but it can also push usage into shadow ai, which is harder to detect and govern. Best practice is evolving toward tiered access rather than one-size-fits-all prohibition.
Some edge cases require different treatment. Publicly available information can usually be used more freely, but teams still need to watch for aggregation risk when multiple harmless details become sensitive in combination. Customer support, legal, HR, engineering, and finance often need separate guidance because their data types carry different confidentiality and retention obligations. There is no universal standard for this yet, but the direction across current guidance is clear: organisations should define acceptable prompt content, assign accountable owners, and review AI tool terms as part of regular vendor and data governance.
Security teams also get this wrong when they focus only on employees “using ChatGPT” instead of the broader problem of unmanaged disclosure across any public model, browser assistant, or embedded AI feature. That broader view is what makes policy durable.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Agentic AI Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | GV.RM-01 | Public AI use is a governance and risk decision, not just an app approval issue. |
| OWASP Agentic AI Top 10 | LLM-01 | Prompt exposure and unsafe input handling are core AI application risks. |
| NIST AI RMF | AI RMF addresses organisational controls for trustworthy and governed AI use. |
Define AI use risk ownership and align prompt-data handling rules to enterprise governance.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 10, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
