Widespread Corporate Data Leaks via ChatGPT Use by Employees

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

A study by LayerX Security found that 77% of employees paste sensitive company data, including PII and payment card information, into generative AI tools like ChatGPT, often using unmanaged personal accounts. This widespread practice exposes organizations to significant data leaks, regulatory violations, and compliance risks.[AI generated]

Why's our monitor labelling this an incident or hazard?

The event explicitly involves AI systems (generative AI tools such as ChatGPT and Microsoft Copilot) whose use by employees has directly led to data leaks. These leaks represent a breach of confidentiality and intellectual property rights, which are protected under applicable laws. The harm is realized and ongoing, as the report states these leaks are now the leading source of workplace data leaks and often go unnoticed by security systems. Therefore, this qualifies as an AI Incident due to the direct link between AI system use and harm to company data and rights.[AI generated]
AI principles
Privacy & data governanceAccountabilityRobustness & digital security

Industries
Digital security

Affected stakeholders
ConsumersBusiness

Harm types
Economic/PropertyReputationalHuman or fundamental rights

Severity
AI incident

Business function:
ICT management and information security

AI system task:
Interaction support/chatbotsContent generation


Articles about this incident or hazard