Business AI Users Are Accidentally Exposing Sensitive Data in 1 Out of 10 Prompts
A recent study from Harmonic Security reveals a concerning trend: nearly 8.5% of business AI prompts contain potentially sensitive information. This research examined thousands of prompts across popular AI tools like ChatGPT, Microsoft Copilot, Google Gemini, Claude, and Perplexity during Q4 2024.
While most employees use AI tools for routine tasks like summarizing text or editing documents, a significant minority are unknowingly putting their companies at risk by sharing confidential data.
What Kind of Data Is Being Exposed?
The study found several alarming categories of sensitive information being shared:
- Customer data (45.8%) - Billing information, authentication details, and personal records
- Employee information (26.8%) - Payroll data, personally identifiable information, and even performance reviews
- Legal and financial data (14.9%) - Sales pipeline information, investment portfolios, and M&A activity
- Security details (6.9%) - Network configurations, incident reports, and penetration test results
- Proprietary code (5.6%) - Access keys and source code
The Free Tier Problem
A major concern highlighted in the study is employees' heavy reliance on free AI service tiers, which often train on user data. The research found that 63.8% of ChatGPT users, 75% of Claude users, and 58.6% of Gemini users were using free versions that could potentially use their input data to improve AI models.
"Most generative AI use is mundane, but the 8.5% of prompts we analyzed potentially put sensitive personal and company information at risk," said Alastair Paterson, co-founder and CEO of Harmonic Security.
Protecting Your Business
To mitigate these risks, security experts recommend:
- Implementing real-time monitoring systems for AI tool usage
- Ensuring employees use paid enterprise plans that don't train on input data
- Gaining visibility into what information employees are actually sharing with AI tools
The study serves as a wake-up call for businesses embracing AI tools without proper data governance policies in place.
🔗 Read the full article on SiliconAngle
Stay in Rhythm
Subscribe for insights that resonate • from strategic leadership to AI-fueled growth. The kind of content that makes your work thrum.
