In a troubling revelation, a recent report has illuminated the escalating risks associated with data security as employees increasingly upload sensitive enterprise information to AI and machine learning applications. The findings, articulated in the 2026 AI Threat Report by Zscaler, indicate that the transfer of such data has surged by 93% year-over-year, creating an environment ripe for potential data breaches and cyber espionage.

Published on June 17, the report details a staggering phenomenon: employees have uploaded a total of 18,033 terabytes of data to various AI tools in the past year. To put this volume in perspective, it equates to approximately 3.6 billion digital photos. The substantial rise in data transfers has raised red flags across organizational landscapes, compelling cybersecurity experts to urge businesses to reevaluate their data protection strategies.

Interestingly, a significant portion of these data transfers can be traced back to two major applications: Grammarly, which accounted for 38% of data uploads, and ChatGPT, with a notable 21%. Other applications contributing to the trend include OpenAI, Codium, GitHub Co-Pilot, Perplexity, Microsoft Co-Pilot, Google Gemini, and Claude. While these tools offer tremendous benefits by enhancing productivity and streamlining various tasks, the integration of sensitive data poses considerable risks.

One alarming statistic highlighted by Zscaler is the identification of over 410 million violations of Data Loss Prevention (DLP) policies connected to ChatGPT alone. This marked a dramatic increase of 99% compared to the previous year, with the violations predominantly involving sensitive categories of information such as financial records, personally identifiable information (PII), source code, healthcare data, and other regulated content. This suggests a growing disregard for data privacy, driven not by malicious intent but rather a quest for efficiency in completing work tasks.

Zscaler emphasized the dangers surrounding AI applications, particularly those that users deploy without due diligence. The report warns that tools such as writing assistants, coding helpers, and AI-enhanced collaborative features present a unique paradox: their convenience often blinds users to the risks they pose. The danger is compounded by the fact that these applications have access to the same sensitive material as employees, often at the very moment it is created.

Another pivotal point raised in the report pertains to the AI coding assistant Codium. Zscaler recorded more than 242 million DLP violations linked to Codium, highlighting an even starker increase of 100% year-on-year. The risk of sensitive source code and proprietary logic leakage is particularly concerning for organizations, as this information is critical to maintaining a competitive edge in their respective industries.

To combat this rising tide of cybersecurity risks, Zscaler has put forward a series of recommendations aimed at helping organizations safeguard their sensitive data in an increasingly AI-driven workplace environment. These strategies include:

1. Inventory All Generative AI Applications: Organizations are encouraged to establish a continuously updated catalog of all standalone Generative AI tools and any software as a service (SaaS) or internal applications that incorporate AI functionality.

2. Disable Risky AI Defaults: Companies should consider turning off auto-enabled AI features in SaaS and productivity applications until a thorough review can ascertain their compatibility with the organization’s risk profile.

3. Apply Zero Trust Principles: Adopting a zero-trust framework can help ensure that every user, service, and system interacting with AI models operates under least-privilege access—minimizing exposure to sensitive data.

4. Enforce AI Guardrails with Inline Inspection: It’s crucial for businesses to implement inline inspection across all AI and machine learning traffic. This measure can help thwart external malicious activities that could compromise AI systems and prevent sensitive data from being inadvertently exposed through prompts or outputs.

The insights contained in the report stem from a meticulous analysis of 989.3 billion AI and machine learning transactions processed through the Zscaler cloud over the course of 2025. As organizations increasingly rely on AI to enhance productivity, the findings underscore the urgency for businesses to take proactive measures in safeguarding their sensitive information.

Source link