The latest State of AI Usage Report 2026 by LayerX Security uncovers significant insights into enterprise AI risks. The study highlights that AI-related risks are predominantly concentrated among a select group of AI power users and a few major platforms, posing challenges for organizations in managing AI exposure effectively.
Fragmented AI Ecosystem Challenges Visibility
AI technology is rapidly diversifying across personal accounts, browser extensions, and secondary tools, complicating visibility and governance. Despite the widespread belief that AI is omnipresent in enterprises, the report reveals that only 18% of employees engage with AI on a weekly basis, suggesting most users are casual.
Contrary to expectations, fewer users do not equate to lower risk. Enterprise AI interactions are predominantly driven by a small percentage of users. This elite group conducts significantly more AI conversations, averaging 18 prompts per dialogue, compared to an overall average of 2, thereby increasing potential exposure to sensitive data.
Dominant AI Platforms and Emerging Risks
ChatGPT leads in enterprise AI usage, encompassing 36% of users and over 55% of interactions. However, Copilot M365 is gaining traction, capturing 29% of the enterprise market. This trend indicates a shift between enterprise-native and consumer-driven AI usage, with platforms like Gemini showing different risk profiles due to their prevalent use in unmanaged environments.
While corporate-managed platforms like Copilot typically ensure greater oversight, consumer-oriented tools such as Gemini pose challenges due to lack of visibility and governance, highlighting the need for improved monitoring of data flow and usage patterns.
The Expanding Shadow AI Landscape
The notion of Shadow AI has evolved beyond unapproved chatbots, now encompassing a vast array of AI tools, assistants, and software features operating outside traditional controls. Approximately 30% of enterprise users engage with multiple AI platforms, with the top 5% utilizing six or more applications, indicating a complex and interconnected AI ecosystem.
This diversification complicates governance as organizations struggle to track and manage these tools effectively. The personal use of AI accounts further exacerbates this issue, undermining centralized oversight and increasing the risk of sensitive data exposure.
Recommendations for Strengthening AI Governance
The report emphasizes the inadequacy of existing governance strategies in addressing the realities of modern AI usage. It suggests prioritizing the monitoring of high-risk power users and expanding focus beyond officially sanctioned AI applications to include the burgeoning array of tools and extensions.
Organizations are advised to enforce the use of corporate-managed AI accounts to ensure controlled data flows and develop inline guardrails that actively monitor AI interactions. These measures aim to balance productivity with security, minimizing risks without hindering AI adoption.
For a comprehensive understanding of the current AI landscape and detailed strategies for improving governance, download the full State of AI Usage report.
