A new report from LayerX Security has highlighted growing concerns around enterprise artificial intelligence usage, revealing that AI related security risks are heavily concentrated among a relatively small group of employees categorized as “AI power users.” According to LayerX’s State of AI Usage Report 2026, enterprise AI exposure is not evenly distributed across organizations but is instead driven by a handful of highly active users and a limited number of dominant AI platforms. The research indicates that many organizations still face significant visibility gaps regarding how employees interact with artificial intelligence systems, particularly as AI usage becomes fragmented across browser extensions, embedded assistants, personal accounts, AI connectors, and secondary productivity tools operating outside conventional governance frameworks. The report is available through LayerX State Of AI Usage Report 2026.
The findings challenge the assumption that widespread AI adoption means most employees are heavy users of artificial intelligence. While nearly half of enterprise users interacted with AI tools over the past year, only 18 percent reportedly used them on a weekly basis, suggesting that most employees remain occasional users. However, researchers found that enterprise AI activity is highly concentrated among a limited number of workers. Half of users recorded 12 or fewer AI conversations, while the top five percent conducted at least 144 interactions and engaged in significantly deeper prompt chains. These users averaged 18 prompts per conversation compared to the broader average of only two prompts. According to LayerX, this concentrated behavior creates a category of AI power users who interact with multiple AI platforms and account for a disproportionate share of enterprise exposure to sensitive information.
ChatGPT continues to dominate enterprise AI adoption, accounting for 36 percent of enterprise users and more than 55 percent of all AI conversations, while Microsoft Copilot M365 has expanded rapidly to represent 29 percent of enterprise AI users and nearly a quarter of total interactions. Researchers said this growth reflects an emerging split between governed enterprise native AI environments and consumer driven AI usage. However, risk levels vary significantly depending on platform selection and account management. While Copilot M365 usage generally occurs inside corporate managed Microsoft environments with stronger oversight, Gemini usage often relies on consumer accounts outside enterprise controls. LayerX found that nearly half of enterprise AI conversations occur through personal identities rather than managed corporate accounts, while over 14 percent of conversations conducted using corporate identities were linked to personal AI licenses. Researchers warned that this creates governance blind spots because organizations lose visibility into retention practices, auditability, model training exposure, and data handling policies when employees use unmanaged accounts.
The report also highlights increasing risks linked to Shadow AI, a growing ecosystem of AI browser extensions, coding copilots, search engines, embedded assistants, and connectors integrated into enterprise workflows. Nearly 30 percent of enterprise users already rely on multiple AI platforms, while the most active five percent use six or more applications. Around 15 percent of enterprise users have installed at least one AI browser extension, with almost 75 percent requesting elevated browser permissions and more than 16 percent linked to known vulnerabilities. Researchers additionally found that over six percent of enterprise AI conversations contain sensitive information, with personal data appearing most frequently. DeepSeek recorded the highest sensitive data exposure rate at 12.63 percent of conversations, followed by ChatGPT at 8.38 percent, while Copilot M365 showed a lower rate of 3.65 percent. LayerX advised organizations to improve visibility into high risk AI users, reduce reliance on unmanaged personal accounts, monitor under the radar AI applications, and implement real time guardrails capable of managing prompts, uploads, and AI generated actions without interrupting employee productivity.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.
