The joke about AI that isn’t so funny anymore

I came across a meme that made me laugh at first, but then I realised it was a bit too real. It showed a nonchalant-looking employee sitting at their desk, blissfully unaware, with the caption: “Me after uploading 100GB of confidential company data into ChatGPT so it can write an email for me.”

 

It’s funny because it reflects reality. In many workplaces, people use AI to write emails, summarise reports, solve problems or just make their jobs easier. But while this speeds things up, it quietly increases the risk that sensitive company data could leak out, bit by bit.

 

When help becomes a hazard

 

People usually think of insider risk as someone deliberately stealing data or leaking secrets. But now, it’s often unintentional. Employees might use AI tools to improve their work, not realising the risks. Most are just trying to be efficient, learn something new or keep up with deadlines, not put the company in danger.

 

According to research by Cyberhaven, more than 11 per cent of data employees paste into ChatGPT is confidential, ranging from customer details to source code. Fast Company reports that 14 per cent of users have admitted to entering trade secrets into AI tools, and these numbers likely underestimate the scale, since few people would willingly confess such slips.

 

 The hidden cost of convenience

 

The attraction is very much understandable. Generative AI feels quite intimate and clever and, above all, it is seen as a reliable outlet that can help with almost anything. But these systems learn from what we give them.

 

When data goes into a public AI model, it might be stored, recorded or used to train future versions. Even if companies such as OpenAI say they filter out sensitive information, there isn’t enough transparency for businesses to know where their data actually goes. That uncertainty is a risk in itself.

 

Some organisations have learned this the hard way. In 2023, Samsung banned ChatGPT internally after staff reportedly uploaded confidential source code to the chatbot while trying to troubleshoot technical issues.

 

Similar incidents have since surfaced in finance, healthcare, law and other industries where data leaks would be very costly. Additionally, a Newsweek survey this year found that over half of employees use AI tools banned by their employer, often via personal accounts or browser tabs on work laptops.

 

Traditional shadow IT involved installing unauthorised software, but different from that, shadow AI hides before our eyes, embedded in browsers, apps and plugins. And in those cases, by the time a data-protection officer realises what’s happening, the data may already be gone.