Verizon recently published its 2026 Data Breach Investigations Report, which is full of helpful information for cybersecurity professionals to implement strategies for protection of systems. For a summary, click here.
The Report notes that a whopping “67% of users are using non-corporate accounts on their corporate devices to access AI services” and “45% of employees are now considered regular users of AI (authorized or not) on their corporate devices.” Verizon’s data shows that “Shadow AI is now the third most common non-malicious insider action detected…a fourfold increase in percentage from the previous year.”
The most common type of data submitted to an external generative artificial intelligence model was company source code. In addition, the data showed that users were uploading images, structural data, and “even found research and technical documentation being uploaded to those unauthorized AI systems, which presents a risk of intellectual property exposure.”
The Verizon report reiterates the exponential growth of unauthorized use of gen AI systems, which will continue as users become more comfortable with the technology. This presents a significant data loss risk to organizations of intellectual property, proprietary and confidential information and sensitive personal information. No matter what industry, how big or small an organization is, whether for profit or not-for-profit, now is the time to address this risk and develop an AI Governance Program.