The amount of sensitive enterprise data which employees uploaded to AI and machine learning applications has almost doubled in the last year, putting organizations at increased risk of data breaches and cyber espionage, a new report has warned.
Published on June 17, the Zscaler 2026 AI Threat Report said that there has been a 93% year-over-year increase in employees transferring enterprise data to AI tools.
Over half of these data transfers were driven by staff using two tools in particular: Grammarly (38%) and ChatGPT (21%). Other tools included OpenAI, Codium, GitHub Co-Pilot, Perplexity, Microsoft Co-Pilot, Google Gemini and Claude.
According to Zscaler, a total of 18,033 TB of data was transferred to AI and machine learning applications during the last year. The report stated that this is roughly equivalent to 3.6 billion digital photos.
Employees Putting Sensitive Data in ChatGPT
Zscaler identified over 410 million Data Loss Prevention (DLP) policy violations related to ChatGPT, representing an increase of 99% year-over-year.
These violations were related to sensitive information such as financial records, personally identifiable information (PII), source code, healthcare data, and other regulated content.
Employees are not typically acting with malice, rather they are attempting to transfer data to AI models to help them be more efficient at work. However, uploading this information to AI models could have potentially significant data privacy implications.
“The riskiest AI applications tend to be those that employees use without thinking—writing assistants, coding helpers, or AI features layered into collaboration suites. Their convenience is exactly what makes them higher risk; they see the same sensitive content employees do, often at the moment it’s created,” warned the report.
The AI coding assistant Codium also represented a significant vector for DLP violations, with over 242 million detected by Zscaler. This represented a 100% year-over-year increase, suggesting increased leakage risk for source code and proprietary logic, something which could be highly damaging to businesses.
To counter the potential cybersecurity risks around the increased use of AI by employees, Zscaler has made several recommendations:
- Inventory all GenAl apps and apps with embedded AI functionality: Create a continuously updated catalog of every standalone GenAl tool and every SaaS or internal app that includes AI functionality or features
- Disable risky AI defaults: Turn off auto-enabled AI functionality in SaaS and productivity apps until they have been reviewed and configured to match your risk posture
- Apply zero trust to all model interactions: Implement least-privilege access for every user, service, and system that interacts with an AI model
- Enforce AI guardrails with inline inspection: Ensure inline inspection across all AI/ML traffic to prevent external malicious activity from compromising AI systems and stop sensitive data from being exposed via prompts or in outputs
The findings in the report are based on analysis of 989.3 billion total AI and ML transactions in the Zscaler cloud from January 2025 through December 2025.
