New Findings Reveal Imbalanced AI Tool Usage Among UK Employees
Recent behavioural data from Redflags has unearthed a striking disparity in the usage of AI tools within UK organizations. A mere 3% of employees are responsible for a staggering 18% of all AI-related activities conducted on work devices. These select few average an astonishing 235 AI engagements each, far surpassing the 35 interactions typical of their colleagues.
This insightful information originates from the Redflags Behavioural Impact Report 2026, which employs actual telemetry from devices instead of relying on self-reported surveys. Such an approach is significant, as it provides a more accurate analysis of behaviour among employees. The report encompasses over 29 million behavioural nudges delivered across 44 organizations during the 2025 calendar year, spanning various sectors, including financial services, engineering and manufacturing, and government agencies.
The data indicates a year-on-year surge of 43% in employee visits to AI-related websites in 2025. However, this figure only partially captures the evolving scenario. A noteworthy 91% increase in the number of organizations actively monitoring AI usage during the same timeframe suggests that security teams are beginning to understand the magnitude of the issue, even as corporate governance struggles to keep pace.
Concerns Surrounding Shadow AI and Data Egress
The report outlines several AI-related behaviours that pose significant challenges for security teams. These include employees uploading files to AI platforms, utilizing AI tools without corporate account logins, and accessing unapproved applications. Such actions create potential data egress points, which can be difficult to monitor without ongoing behavioural visibility.
An analysis of the data reveals that OpenAI constitutes a staggering 93% of all observed AI site visits, while other platforms such as Gemini, Copilot, Perplexity, Claude, and DeepSeek account for only a small fraction—each contributing under 1%. The concentrated usage of a dominant tool may not necessarily mitigate security risks, largely depending on whether the tool is utilized within the parameters of corporate governance and accounts.
Tim Ward, CEO of Redflags, highlighted this critical insight by stating, “The speed at which AI usage is growing inside organizations is remarkable, but what’s equally striking is how many companies are only now starting to understand what’s actually happening on their employees’ devices. Governance is racing to catch up with behaviour, and the gap between the two is where risk lives.”
Ward also pointed out the intrinsic motivations behind the growing usage of AI tools. He noted, “The human brain is wired to seek novelty. New AI tools trigger dopamine responses associated with excitement and reward. This makes them inherently compelling to employees, regardless of whether they’re approved by the business. Understanding that this is a human behaviour challenge, not just a technology policy one, is critical to building an effective response.”
Addressing Persistent Phishing Threats
In addition to the insights regarding AI usage, the report serves as a reminder that traditional security threats, such as phishing, continue to challenge organizations. Clicking on links embedded in emails from unfamiliar senders emerged as the most frequently flagged risky behaviour, identified by 93% of the organizations participating in the study.
Nonetheless, the data also underscores the effectiveness of behavioural interventions. Redflags’ nudge-based strategy, which delivers timely prompts on employees’ devices at moments of heightened risk, resulted in an average 35% reduction in dangerous link clicks across the dataset, with peak decreases reaching an impressive 83% in top-performing organizations.
This success is grounded in cognitive science principles. Engaging with links from unknown sources often involves swift, instinctive decisions rooted in the brain’s System 1 thinking. Conversely, nudges can interrupt this automatic response, prompting a more measured evaluation typical of System 2 thinking. Over a six-month period, the report noted a 28% increase in the hover-to-click ratio, illustrating that employees are beginning to develop more cautious online habits.
The reductions in credential loss align with these findings as well. A 22% average decline in passwords being entered on sites accessed through dubious email links supports the notion that the nudge effect influences behaviour throughout the entirety of the phishing experience, rather than just at the moment of clicking.
Implications for Security Teams
For Chief Information Security Officers (CISOs) and security awareness leaders, the report presents a valuable benchmark and a compelling argument for strategic planning. The Redflags data is unique in that it is measured pre- and post-intervention, gathered from actual devices operating under real-world conditions, rather than being simulated or self-reported. This distinction makes it one of the few resources capable of demonstrating genuine behaviour change.
The insight regarding the 3% of users who dominate AI activity carries practical implications. By identifying and monitoring this small group of power users—whether they are enthusiastic early adopters or those circumventing established policies—security teams may adopt a more focused approach. Such targeted interventions may prove to be a more effective allocation of resources, rather than implementing blanket controls that affect all employees uniformly.