A new report published in 2026 by browser security company LayerX shows that nearly half of all enterprise AI conversations happen through personal accounts rather than corporate-managed identities, creating what researchers describe as a major governance blind spot inside organisations that believe they have oversight of employee AI activity.

The State of AI Usage Report 2026, based on real-world telemetry from enterprise environments, documents how AI tool adoption has spread far beyond approved platforms and dedicated IT rollouts. It finds that 47.11% of all enterprise AI conversations are conducted through personal identities rather than corporate accounts. The remaining 52.89% use corporate identities - but even that figure conceals a secondary problem: 14.39% of conversations using a corporate email login are tied to personal AI licences, meaning the underlying data is still processed outside enterprise data governance controls and, according to LayerX, remains subject to model training by the AI provider.

AI is widespread but mostly casual

The report's headline finding on usage frequency challenges a common assumption about AI adoption in the enterprise. According to LayerX, only 18.24% of enterprise employees use AI tools on a weekly basis. The numbers grow steadily across longer time horizons - 30.47% use AI monthly, 40.57% quarterly, and 47.67% have engaged with AI tools over an extended period. The clear implication: while roughly half of employees have touched an AI tool at some point, fewer than one in five do so consistently.

This pattern matters for marketing and advertising teams because it shapes how governance frameworks get designed. AI is common enough that organisations cannot realistically block it, yet usage is scattered and often unstructured, which means a large portion of it falls outside centralised oversight. PPC Land has tracked AI adoption patterns in digital advertising, including research showing that just 5% of occupational tasks account for 59% of all AI interactions - a concentration pattern that the LayerX report reinforces from the enterprise security angle.

The frequency data also has a direct implication for risk profiling. When most users are casual - occasionally pasting something into ChatGPT rather than running sustained workflows through it - the risk is not evenly distributed. It concentrates in a small population of heavy users.

Power users generate disproportionate activity

Enterprise AI activity is deeply skewed. According to LayerX, the average enterprise user accumulates more than 36 AI conversations, but the distribution around that average is extreme. The bottom 50% of users have 12 conversations or fewer. The top 5% have 144 conversations or more - twelve times the median.

Conversation depth follows the same pattern. Across all AI interactions, the average number of prompts per conversation is 5.09. For the median user, a conversation involves just 1 to 2 prompts. The top 5% of conversations contain at least 18 prompts. For most employees, an AI interaction resembles a single-query search engine session; for power users, it is an extended multi-step workflow that may involve document uploads, iterative refinement, and data inputs spanning multiple domains.

The security implication flows directly from this distribution. A small cluster of heavy users generates a disproportionate share of all enterprise AI activity, and therefore a disproportionate share of the data exposure surface. According to LayerX, enterprise AI risk is not evenly distributed across employees. Instead, what the report calls "AI power users" - who rely on AI tools as part of their daily workflows - represent the highest concentration of potential sensitive data exposure and unmanaged AI interactions.

ChatGPT leads; Copilot M365 closes the gap

Platform market share within the enterprise shows a clear hierarchy. ChatGPT is used by 36.19% of enterprise users and drives 55.08% of all AI conversations. The gap between user share and conversation share is significant: it shows ChatGPT users engage more intensively than users of competing platforms. They generate 2.3 times more conversations per user than Microsoft Copilot M365 users, according to LayerX.

Copilot M365 is the second-largest platform, reaching 29.57% of enterprise users and accounting for 23.61% of all conversations. The platform's growth reflects Microsoft's strategy of embedding AI directly into Microsoft 365 productivity tools including Outlook, Teams, and Excel. A September 2025 SURF assessment of Copilot in educational environments found that persistent privacy concerns around metadata retention remained, even after the vendor downgraded other risk categories - a dynamic that the LayerX data contextualises: Copilot M365 shows the lowest sensitive data exposure rate of any major platform at 3.65%.

Gemini reaches 13.02% of enterprise users but generates only 10.43% of conversations. Claude accounts for 11.93% of users and 6.47% of conversations. DeepSeek sits at the bottom of the table: 0.42% of users and 0.26% of conversations, despite significant media attention since its January 2025 launch.

Microsoft and Google show contrasting governance profiles. Copilot M365 - the enterprise-integrated variant - accounts for 29.57% of enterprise users, while the standalone consumer Copilot reaches only 3.69%. Enterprise deployment is the dominant pattern for Microsoft. Gemini shows the opposite. The consumer Gemini version reaches 13.02% of enterprise users, but Gemini Enterprise reaches only 5.18%. Most Gemini usage inside companies runs through the free consumer version, outside corporate identity management. According to LayerX, this suggests Microsoft users are more likely to operate within enterprise-governed AI environments, while many Gemini users still rely on consumer access paths outside centralised governance.

Sensitive data already flows out at scale

The exposure numbers are specific and quantifiable. According to LayerX, 6.48% of all enterprise AI conversations contain sensitive data. That figure is the aggregate across all platforms, but the per-platform breakdown reveals substantial variation.

DeepSeek shows the highest sensitive data exposure rate at 12.63% of conversations. ChatGPT follows at 8.38%. Copilot (the standalone consumer version) sits at 8.31%. Claude registers 6.43% and Gemini Enterprise 6.14%. Copilot M365 shows the lowest exposure rate at 3.65%.

The combination of ChatGPT's conversation dominance and its high exposure rate makes it the single largest channel for sensitive data entering AI systems. It accounts for 55.08% of all enterprise AI conversations while carrying an 8.38% sensitive data exposure rate. Copilot M365 handles 23.61% of conversations but at a 3.65% exposure rate - suggesting that the enterprise integration and identity controls built into the Microsoft stack produce a materially different risk profile.

What types of data appear in these conversations? Personal data is by far the most common sensitive category, appearing in 5.81% of all AI conversations. This includes employee names, email addresses, phone numbers, customer records, and other personally identifiable information. Financial data appears in 0.96% of conversations and includes payroll details, banking information, credit card numbers, and financial forecasts. IT and security data - IP addresses, SSH keys, API tokens - appears in 0.94% of conversations.

Canadian regulators found in a May 2026 investigation that OpenAI launched ChatGPT without establishing the accuracy level of personal information in its outputs, without a retention policy for personal information, and without fully addressing known privacy risks. That regulatory finding sits alongside the LayerX exposure data: it is not merely a theoretical concern that employee prompts containing personal data could be retained, used for training, or shared with third-party providers. Multiple enforcement actions and lawsuits have established that this data flow is real and material.

A separate investigation published on PPC Land found that AI chatbots including ChatGPT transmit prompt-related data to third-party ad networks, raising further questions about how enterprise-grade sensitive data entered into these platforms is treated once it leaves the user's browser.

The identity gap: personal accounts inside corporate systems

The 47.11% personal identity figure understates the governance problem, according to LayerX, because even the corporate identity category contains a hidden personal layer. Of conversations conducted with a corporate email login, 14.39% are tied to personal AI licences rather than enterprise-managed subscriptions. Employees using a corporate email address to log into a personal ChatGPT account, for example, may assume they are operating inside their organisation's data governance perimeter. According to LayerX, they are not: the organisation has no control over how data is stored, retained, governed, or potentially shared with third-party providers, and that data remains subject to model training.

The platform-level breakdown of corporate versus personal identity use reveals just how divergent the major tools are. ChatGPT, Claude, standalone Copilot, and DeepSeek all show over 60% of conversations tied to personal accounts. Gemini Enterprise conducts 98.15% of its conversations through corporate-managed accounts. Copilot M365 conducts 90.55% through corporate accounts. The enterprise integration strategy of those two platforms - bundled into Microsoft 365 and Google Workspace respectively - appears to drive higher corporate identity usage.

AI extensions: the channel security teams miss

Beyond the major chat platforms, LayerX documents a parallel adoption curve in AI browser extensions. These tools run directly inside the browser, often granting themselves access to page content, form inputs, cookies, and browsing history.

In small and mid-size enterprises, approximately 15% of employees already run at least one AI extension. Specifically, 14.55% of employees at organisations with fewer than 1,000 employees have at least one AI extension installed, and the figure rises to 17.70% at mid-size enterprises with 1,000 to 2,500 employees. Larger organisations show lower rates at 9.53%, which LayerX attributes to more conservative IT governance and regulatory constraints.

The permission profile of these extensions is concerning. According to LayerX, nearly 75% of AI browser extensions request high or critical permission levels. Of those, 56.4% request high permissions and 16.7% request critical permissions. Only 1.4% operate with low permissions. Extensions operating at high or critical permission levels can access sensitive browser data and user activity. A compromised or malicious extension with such permissions could expose sensitive information or take over authenticated user sessions.

The vulnerability data is equally stark. 16.31% of AI extensions have known CVEs - Common Vulnerabilities and Exposures - compared to 10.8% across all browser extensions. AI extensions are nearly three times more likely than the average browser extension to request cookie access. 41.91% of AI extensions request scripting access, compared to 15.4% of all extensions.

Anthropic's launch of the Claude for Chrome extension in August 2025 was initially limited to 1,000 Max subscribers precisely because of the security considerations involved in browser-level AI access - the company built in safeguards against prompt injection attacks before expanding further. The LayerX data gives that caution quantitative weight: AI extensions as a category carry a significantly higher security risk profile than standard extensions.

Connectors: AI reaches into enterprise systems

A smaller but structurally significant data point concerns AI connectors - integrations that link AI platforms directly to enterprise applications including SharePoint, Microsoft 365, Atlassian tools, Google Workspace, GitHub, Slack, and Figma.

Only 0.16% of enterprise users interact with at least one connector-enabled AI workflow, according to LayerX. That low adoption rate might suggest the issue is marginal. However, users who adopt connectors tend to connect multiple enterprise applications, averaging 4.5 connectors per user. The most common integrations observed in the dataset connect ChatGPT directly to SharePoint, Outlook Email, Microsoft (Live), Atlassian, Google, GitHub, Canva, Slack, and Figma.

The risk profile of connectors is qualitatively different from standard prompt-based AI use. Instead of an employee manually copying data into a chat window, connectors can provide AI platforms with continuous, automated access to emails, documents, collaboration platforms, code repositories, internal knowledge bases, and SaaS applications. According to LayerX, this creates a much larger and more persistent enterprise attack surface, where sensitive business data can flow continuously between enterprise systems and external AI platforms without any individual employee decision triggering each transfer.

Many platforms, limited visibility

Enterprise users interact with an average of 2.24 AI applications, with the median user relying on two tools. The top 5% of users interact with 6 or more AI applications. While 70.44% of users rely on a single AI assistant, 21.16% use two tools and over 8% use three or more.

This fragmentation creates what LayerX describes as a Shadow AI problem. The top 100 most popular AI applications observed in the dataset extend well beyond ChatGPT and Copilot. The list includes Gemini, Claude, Perplexity, Google, Google Dev, Deepseek, Canva, Forethought, Kaggle, Azure.com, Harvey AI, Vercel, Wordtune, Otter.ai, Hugging Face, Lovable, and DeepAI, among others. Many of these tools enter enterprise environments through individual employee choice rather than IT procurement, operating without security review, data handling assessment, or policy compliance verification.

According to LayerX, the biggest AI governance failures will not come from popular AI tools that security teams are already monitoring, but from the dozens of smaller AI tools that security teams do not know employees are using.

Why this matters for marketing and advertising teams

The marketing community occupies a specific position in this risk landscape. Marketing and advertising professionals are among the heaviest professional users of AI tools - IAB UK research published in May 2026 found 95% adoption of AI tools in UK digital advertising companies. The tasks that attract heaviest AI engagement - creative work, data synthesis, audience analysis, content generation - are precisely the tasks that involve sensitive client data, campaign strategies, and proprietary audience intelligence.

When a media planner pastes a client brief into ChatGPT, or a performance marketer uploads campaign data into an AI analytics tool, or an agency account manager uses a personal AI subscription to draft strategy documents, all of those interactions could fall into the 47% of enterprise AI conversations happening outside corporate governance. The LayerX data suggests that the marketing industry's high AI adoption rate, combined with the data-intensive nature of advertising work, creates an elevated exposure surface.

The question facing marketing organisations is not whether employees are using AI - the adoption data makes that settled. The question is how many of those interactions involve client data, proprietary campaign information, or personally identifiable information about consumers, and what governance exists for those specific flows.

Timeline

  • January 2025: DeepSeek launches publicly, generating significant industry attention; enterprise adoption remains minimal according to LayerX data (0.42% of enterprise users)
  • April 9, 2025: Anthropic launches Max plan for Claude AI with 5-20x higher usage limits targeting power users - a tier that mirrors the power-user concentration pattern documented later in the LayerX report
  • August 26, 2025: Anthropic launches Claude for Chrome extension as a research preview limited to 1,000 Max subscribers, with security controls against prompt injection - illustrating the category risks quantified by LayerX
  • September 28, 2025: SURF assessment of Microsoft Copilot in education downgrades some risks to medium while metadata retention concerns persist, contextualising Copilot M365's lower sensitive data exposure rate in the LayerX dataset
  • May 14, 2026: IAB UK publishes research showing 95% AI adoption in UK digital advertising, establishing the marketing industry as among the heaviest enterprise AI user segments
  • May 2026: Canadian regulators conclude that OpenAI launched ChatGPT without established privacy protections, finding the platform broke privacy rules from its initial deployment
  • May 2026: Research finds AI chatbots including ChatGPT share prompt-related data with ad networks, adding a commercial tracking dimension to the governance concerns documented by LayerX
  • May 31, 2026: LayerX publishes the State of AI Usage Report 2026 documenting real-world enterprise AI consumption patterns, platform market share, identity gaps, sensitive data exposure rates, and browser extension risks

Summary

Who: LayerX, a browser security company, published the State of AI Usage Report 2026. The report covers enterprise employees across organisations using LayerX's platform, spanning small firms, mid-size companies, and large enterprises.

What: The report documents real-world enterprise AI usage patterns across major platforms including ChatGPT, Copilot M365, Gemini, Claude, and DeepSeek. Key findings include: 47.11% of enterprise AI conversations happen through personal identities outside corporate governance; ChatGPT accounts for 36.19% of enterprise users but 55.08% of all conversations; 6.48% of all enterprise AI conversations contain sensitive data; 16.31% of AI browser extensions have known CVEs; and the top 5% of enterprise AI users generate 144 or more conversations compared to a median of 12.

When: The State of AI Usage Report 2026 was published by LayerX in 2026, drawing on telemetry data collected across enterprise environments over the preceding period.

Where: The findings apply across enterprise environments globally, with data collected through LayerX's browser security platform deployed inside organisations of varying sizes. The browser is identified as the primary location where enterprise AI activity occurs, covering direct platform usage through chat interfaces, AI browser extensions, and connector-enabled workflows.

Why: Enterprise AI adoption has spread faster than governance frameworks have kept pace. Employees use AI through personal accounts, personal licences on corporate logins, unapproved browser extensions, and an expanding ecosystem of secondary tools that security and IT teams are not monitoring. This creates compliance exposure, data residency risks, potential intellectual property leakage, and visibility gaps that could affect regulatory obligations in jurisdictions with data protection requirements.

Share this article
The link has been copied!