The Enterprise AI and SaaS Data Security Report 2025 by cybersecurity firm LayerX reveals that 45% of enterprise employees use generative AI tools, and 77% of them copy and paste internal data directly into chatbots like ChatGPT.
Alarmingly, 22% of the pasted data contains sensitive information (PII/PCI) such as credit card numbers or personal data. Of these instances, 82% come from unmanaged personal accounts, causing businesses to completely lose control over their data flow and face security, regulatory, and political risks.
40% of files uploaded to generative AI sites contain PII/PCI data, and nearly 39% of those come from non-corporate accounts.
LayerX CEO Or Eshed cited Samsung’s 2023 ban on employee use of ChatGPT after a source code leak, emphasizing the risk of “data exposure” to foreign AI models like Qwen (China), which could have geopolitical consequences.
ChatGPT is currently the most popular AI tool in enterprises, used by over 90% of employees, far surpassing Google Gemini (15%), Claude (5%), and Microsoft Copilot (2–3%). Although Microsoft allows the use of personal Copilot accounts in corporate environments, users still prefer ChatGPT for its convenience and higher perceived reliability.
ChatGPT’s penetration rate in enterprises has reached 43%, nearing that of Zoom (75%) and Google Services (65%), and surpassing Slack (22%), Salesforce (18%), and Atlassian (15%).
AI accounts for 11% of all enterprise application activity, ranking just behind email (20%) and online meetings (20%). LayerX recommends that CISOs implement Single Sign-On (SSO) to monitor and control data.
📌 Summary: 45% of enterprise employees use generative AI, and 77% of them copy-paste internal data directly into chatbots. Alarmingly, 22% of this pasted data contains sensitive information like credit card numbers or personal data. ChatGPT is the most popular AI tool in business, used by over 90% of employees, far ahead of Google Gemini (15%), with a 43% enterprise penetration rate. This is placing corporate data at high risk. While Copilot is being “left behind” with only 2% usage, companies must tighten access controls and data encryption before this “data flood” spreads globally.
