CybersecurityManagementSecurity & Business Resilience

The Hidden Security Risks Behind Popular AI Tools

By Etay Maor
brown craft paper ripped to reveal the letters "ai" on a keyboard
Immo Wegmann via Unsplash
June 5, 2026

The use of AI has exploded, with 88% of organizations using AI in at least one business function. But exponential adoption is making it difficult for security operating models to keep up. AI tools like ChatGPT and Claude are no longer exotic dishes on a technology menu, sampled out of curiosity and then forgotten. They are being consumed with gusto and treated as a part of the organizational diet, smeared like butter across daily work: drafting, coding, research, document analysis and summarization, search, email communications, and internal decision support.

These AI tools are deeply embedded in sensitive workflows, managing documents, retrieving information, absorbing context, connecting to other enterprise systems, and, in many cases, acting on behalf of users. That’s a huge security risk with the potential to have catastrophic consequences if not nipped in the bud early.

Different AI Tools Present Different Security Risks

To understand the real AI security challenge, it is important to look at how widely used AI tools are entering everyday workflows and where each can create exposure. Notable examples include:

OpenAI’s ChatGPT

28% of U.S. employees use ChatGPT at work. The tool’s usage beyond formal enterprise controls can be higher. The convenience of ChatGPT is also a reason for the increased risk. The quest for faster answers encourages employees to share proprietary code, legal documents, financial information, customer data, or PII in a prompt. In the absence of an enterprise-grade alternative with clear and comprehensive usage guardrails, this sensitive information can flow into unmanaged AI environments or the OpenAI consumer platform.

Microsoft Copilot

Copilot operates within the Microsoft 365 suite, with access to SharePoint, Teams, Outlook, OneDrive, and other information-rich applications, using permissions already granted in 365. Copilot respects, but does not exceed, the permissions of the authenticated user. The risk lies in what those permissions already cover: years of overshared documents, broken inheritance, and 'Anyone with the link' content that users technically have access to but never actively sought out. Copilot makes that latent data discoverable at conversational speed, amplifying the blast radius of existing permission sprawl.

Google Gemini

This tool works within Google Workspace, operating across Gmail, Docs, Calendar, and Drive, making more company information available for AI-driven search, summarization, and analysis. If Gemini is operating with write or send permissions, a poisoned document could, in a multi-step agentic scenario, cause it to exfiltrate data through a legitimate output channel such as email or a shared Drive file. Organizations should restrict agentic capabilities to only what is necessary and monitor AI-generated outputs through DLP or SASE controls.

Anthropic Claude

Widely adopted in enterprise contexts, Anthropic has reported significant growth in Claude's API and enterprise tier usage. The tool is commonly applied to writing, reasoning, document review, and code analysis. While Claude offers enterprise-grade controls, there is a more practical problem of the gap between sanctioned and unsanctioned use. With speed being of the essence, employees might use free or personal accounts to get answers. This can lead to data exposure. The exposure risk increases if employees use enterprise and personal accounting in parallel and move sensitive information between them.

Perplexity

This tool is used for competitive intelligence, market research, pricing analysis, and product planning. To provide more context for queries, employees can share more detailed information, such as a product roadmap, financial strategy and other details. This means a third-party platform now has a searchable record of this information, which risks exposing sensitive data. Perplexity's browser extension, if granted page-reading permissions, can access the content of active browser tabs, including internal dashboards or SaaS applications left open. Employees may not fully appreciate that page content is being transmitted to a third-party platform. Organizations should audit browser extension deployments and ensure employees understand what data is shared when they use Perplexity in context-aware mode.

Key Recommendations for Securing Enterprise AI Use

Securing enterprise AI use requires organizations to move beyond tool-level controls and apply governance, monitoring, and access discipline across every AI-assisted workflow.

  • Your default stance should be to trust no AI input. Validate, sanitize, classify, and isolate all AI interactions, including prompts, documents, files, copied text, and metadata, before they enter the AI workflow. Organizations should assume that these can include malicious instructions and payloads.
  • Make sure AI workflows are part of your monitoring efforts. Don’t limit monitoring to network traffic or endpoint activity alone. To keep AI risks in check, you also need clear visibility into AI prompts, responses, downstream actions, and whether anything looks abnormal.
  • Put a governance strategy in place for enterprise AI usage. Start by building an inventory of browser-based and personal-account-based AI tools being used across the business. The next step will be to create a list of approved tools and define usage policies, data-handling rules, and even review cycles for AI integrations. 
  • Apply least-privilege to every AI agent's tool access. Each agent or workflow should receive only the permissions required for its specific task and nothing more. Prefer scoped, time-limited credentials over persistent broad access. Treat each AI-generated action as a potential privilege-escalation vector and require explicit human approval before agents execute irreversible operations (sending messages, modifying databases, exporting data).
  • With AI making impersonation easy to scale, personalized, and difficult to detect, AI-enabled social engineering and identity abuse pose a significant risk. The answer is better identity verification, document validation, and anomaly detection. Also, if a request comes in from one channel, confirming it via separate channels is necessary.

AI adoption cannot wait for security teams to catch up. Whether you know it or not, enterprise AI tools are already inside your organization’s workflow. The way forward is to govern it with the same level of care as you would identity, data, cloud, and application usage.

KEYWORDS: Artificial Intelligence (AI) Security risk and resilience security tools vulnerability management
Etay maor

Etay Maor is the Senior Director of Security Strategy for Cato Networks. Previously, Maor was the Chief Security Officer for IntSights, where he led strategic cybersecurity research and security services. Maor has also held senior security positions at IBM, where he created and led breach response training and security research, and RSA Security’s Cyber Threats Research Labs, where he managed malware research and intelligence teams. Maor is an adjunct professor at Boston College and is part of Call for Paper (CFP) committees for the RSA Conference and QuBits Conference. He holds a BA in Computer Science and a MA in Counter-Terrorism and Cyber-Terrorism.

Blog Topics

Security Blog

On the Track of OSAC

Blog Roll

Security Industry Association

Security Magazine's Daily News

SIA FREE Email News

SDM Blog

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!