A new 2025 Browser Security Report reveals that Generative AI has overtaken all other channels for data exfiltration. 77% of employees admit to pasting corporate data into GenAI prompts, with 82% of this activity occurring via personal, unmanaged accounts that bypass traditional DLP controls.
Business Impact
Organizations are experiencing massive, invisible data leakage. Sensitive IP, PII, and financial data are being fed into public AI models, potentially exposing them to competitors or becoming part of the model’s future training data, creating irreversible confidentiality breaches.
Why It Happened
Traditional Data Loss Prevention (DLP) tools often fail to monitor browser-based paste actions into specific AI websites, especially when employees use personal devices or accounts. The productivity benefits of AI are outpacing security governance.
Recommended Executive Action
Deploy browser-level security controls that can specifically monitor and block pasting of sensitive data types (PII, code, financial terms) into unauthorized GenAI applications. Officially sanction secure, enterprise-grade AI alternatives to reduce reliance on shadow IT.
Hashtags: #GenAI #DataLeakage #DLP #InsiderRisk #ShadowIT #BrowserSecurity #CyberSecurity #InfoSec