The amount of sensitive corporate data uploaded by employees to AI and machine learning applications has almost doubled in the last year, putting organizations at increased risk of data breaches and cyber espionage, a new report has warned.
Published on Zscaler on June 17th 2026 AI Threat Report It says there has been a 93% year-over-year increase in employees transferring enterprise data to AI tools.
More than half of these data transfers were done by staff using two tools in particular: Grammarly (38%) and ChatGPT (21%). Other tools included OpenAI, Codium, GitHub Co-Pilot, Perplexity, Microsoft Co-Pilot, Google Gemini, and Claude.
According to Zscaler, a total of 18,033 TB of data was transferred to AI and machine learning applications during the last year. According to the report, this equates to approximately 3.6 billion digital photos.
Employee puts sensitive data into ChatGPT
Zscaler has identified over 410 million data loss prevention (DLP) policy violations related to ChatGPT. This represents a 99% increase over the previous year.
These breaches involved sensitive information such as financial records, personally identifiable information (PII), source code, medical data, and other regulated content.
Typically, employees are not acting with malicious intent, but rather are trying to transfer data to an AI model to improve their work efficiency. However, uploading this information to an AI model can have significant data privacy implications.
“The riskiest AI applications tend to be those that employees use without thinking, such as writing assistants, coding helpers, and AI capabilities built into collaboration suites. Their very convenience is what makes them so risky: They often see the same sensitive content you see the moment it is created,” the report warns.
The AI coding assistant Codium also represents a significant vector of DLP violations, with over 242 million detected by Zscaler. This represents a 100% year-over-year increase and suggests an increased risk of leaking source code and proprietary logic, which can be highly damaging to businesses.
To combat potential cybersecurity risks associated with increased use of AI by employees, Zscaler has made several recommendations.
- Create an inventory of all GenAl apps and apps with built-in AI functionality. Create a continuously updated catalog of all standalone GenAl tools and all SaaS or in-house apps with AI capabilities.
- Disable risky AI defaults: Turn off auto-enabled AI features in SaaS and productivity apps until they are reviewed and configured for risk readiness.
- Enforce zero trust for all model interactions: Implement least privilege access for all users, services, and systems that interact with your AI models.
- Strengthen AI guardrails with inline inspection: Ensure inline inspection across all AI/ML traffic to prevent external malicious activity from compromising your AI systems and prevent sensitive data from being exposed through prompts or output.
The report’s findings are based on analysis of a total of 989.3 billion AI and ML transactions on the Zscaler cloud from January 2025 to December 2025.
