Skip to main content
Cybersecurity

Enterprise AI Risk Concentrated Among Small Group of Power Users

Modern office setting with employees working at desks, focus on blurred laptop screen.

"The top 5% generated at least 144 conversations," according to new research from LayerX Security — a concentration that, the report argues, turns a presumed enterprise-wide problem into a narrow but intense risk cluster.

AI power users: a small group, outsized exposure

LayerX's State of AI Usage Report 2026 finds that enterprise AI activity is far from evenly spread. Nearly half of employees interacted with AI tools over the past year, but only 18% did so weekly. Half of users had 12 AI conversations or fewer; by contrast, the top 5% generated at least 144 conversations each. Those top users also produced far deeper interactions, averaging 18 prompts per conversation versus an average of 2.

The report frames this behavior as the emergence of "AI power users" — a small cohort that conducts far more conversations, uses multiple AI platforms, and builds longer prompt chains. The practical consequence is straightforward: a limited set of individuals now account for a disproportionate share of enterprise AI exposure.

ChatGPT and Copilot M365: two dominant but different footprints

Not all platforms carry the same exposure. ChatGPT remains the dominant platform inside enterprises, accounting for 36% of enterprise AI users and more than 55% of all AI conversations. Copilot M365 is growing rapidly, reaching 29% adoption and nearly a quarter of enterprise AI conversations.

But usage patterns diverge. Copilot M365 usage is largely tied to corporate-managed Microsoft environments, where organizations typically have stronger visibility and governance controls. By contrast, the report says most enterprise use of Gemini occurs through the regular consumer version rather than Gemini Enterprise; employees often access it via personal accounts and unmanaged environments, leaving organizations with limited visibility into retention, model-training policies, and data handling.

Personal accounts, extensions and connectors: the hidden channels

LayerX describes modern Shadow AI not as a single unauthorized chatbot but as a long tail of embedded assistants, browser extensions, AI connectors, and other under-the-radar tools. Nearly 30% of enterprise users already use multiple AI platforms, and the top 5% interact with six or more AI applications.

About 15% of enterprise users run at least one AI browser extension; nearly 75% of those extensions request high or critical browser permissions, and more than 16% already have known vulnerabilities. AI connectors are increasingly linking AI systems to enterprise applications such as SharePoint, GitHub, Slack, Atlassian, and Google Workspace, granting persistent, programmatic access to documents and internal knowledge repositories.

These channels mean AI usage often occurs without manual copying and pasting into a chatbot window — the systems themselves can be given ongoing access to corporate data, expanding the attack surface in ways traditional governance tools may not detect.

Sensitive data flows and platform differences: DeepSeek and ChatGPT lead

The report finds more than 6% of enterprise AI conversations contain sensitive data, with personal data the most common category at 5.81% of conversations. Financial and IT-related data appeared less frequently but still represented meaningful exposure.

By platform, DeepSeek showed the highest sensitive-data exposure rate at 12.63% of conversations. ChatGPT followed at 8.38%, while Copilot M365 showed a significantly lower exposure rate at 3.65%. LayerX interprets these contrasts as evidence that enterprise-integrated AI platforms may operate within more controlled governance environments, while consumer-oriented tools see riskier usage patterns.

What CISOs and security teams should do next

  • Identify and Monitor High-Risk AI Power Users: The report urges security leaders to focus on the small group generating disproportionate exposure instead of treating all AI usage equally.
  • Stop Focusing Only on "Approved AI": Security teams should broaden visibility beyond a few sanctioned platforms to the long tail of embedded assistants, extensions, and connectors.
  • Block Personal Account Usage as Active Shadow AI: LayerX recommends enforcing corporate AI identities and blocking personal account usage to preserve visibility into retention, audit trails, and model training exposure.
  • Shift From "Block or Allow" to Inline AI Guardrails: The report counsels moving beyond a binary posture; organizations need real-time guardrails that monitor prompts, uploads, responses, and AI-driven actions without fully disrupting productivity.

LayerX's findings paint enterprise AI risk as concentrated, fragmented and increasingly personal. The narrowing of risk onto a small group of power users — combined with the spread of consumer tools, extensions and programmatic connectors — reframes governance from broad policy to targeted visibility, enforcement and inline controls. For security leaders, the practical imperative in the report is clear: stop treating AI as a single asset class and start instrumenting where exposure actually concentrates.

Original story