I had a conversation with a CFO last week who was proud of his company’s AI policy. “We’ve banned ChatGPT,” he told me. I asked him if his team used Grammarly. He said yes, of course, everyone does.
That’s the problem right there.
New data from Zscaler’s ThreatLabz 2026 AI Security Report makes for uncomfortable reading if you run any kind of business. Researchers analysed 989.3 billion AI and machine learning transactions across enterprise networks in 2025, and what they found should be on every board agenda this week.
Employees at enterprise companies transferred 18,033 terabytes of data to AI apps last year. That’s a 93% jump in a single year. The biggest recipient wasn’t ChatGPT. It was Grammarly, with 3,615 terabytes of corporate text flowing into its systems. ChatGPT came in second at 2,021 terabytes. Those 410 million Data Loss Prevention violations tied to ChatGPT alone included attempts to share social security numbers, source code and medical records.
Let that sink in. 410 million violations. In one year. From one tool.
The tools your people are using every day have quietly become, as the Zscaler report puts it, “the world’s most concentrated repositories of corporate intelligence.” Grammarly reads your emails, your proposals, your legal documents, your client strategies. Every time someone pastes text into it and hits “improve,” that text goes somewhere.
This isn’t a criticism of Grammarly or ChatGPT specifically. The problem is the governance gap, or rather, the total absence of one. Enterprise AI usage grew 91% year-on-year across more than 3,400 applications. Engineering teams account for nearly half of all AI usage (48.9%). IT teams handle another 31.8%. These are the people touching your most sensitive systems and codebases.
Meanwhile, separate research from Hadrian, drawn from data across 300-plus organisations, found that 99.5% of security alerts are false positives. Security teams are drowning in noise, unable to find the 0.47% of genuinely exploitable issues buried in thousands of irrelevant notifications. The average time to remediate a critical vulnerability is four days. Some stay open for four months. Not because nobody noticed. Because teams couldn’t distinguish the real threats from the background static.
So here’s where we are: AI adoption is accelerating at machine speed, governance is moving at human speed, and security teams can barely see what’s real. Attackers, by contrast, are using AI for reconnaissance, for exploit chaining, for automated lateral movement. They know exactly where to strike. Defenders are still reading tickets.
What you should actually do about this
Start with a simple audit. List every AI tool your team uses, including the ones embedded in existing software (AI writing assistants baked into Microsoft 365, for instance, or AI features inside your CRM). You probably don’t have a complete list. That’s the point.
Second, implement Data Loss Prevention policies before your employees paste something they shouldn’t. Most enterprise security platforms support DLP rules for common AI endpoints. It’s not a perfect solution but it closes the most obvious doors.
Third, if you’re in finance, healthcare, legal, or any regulated industry, you need to categorise what data is allowed to touch external AI systems. Source code, client contracts, financial projections and patient records should have explicit policies attached. “We don’t use AI with sensitive data” is not a policy. It’s a wish.
Finally, ask your security team how they’re handling alert triage. If the answer is “manually,” you have a problem. The math doesn’t work when you’re looking at thousands of alerts per day and 99.5% of them are noise. Automation and prioritisation tools aren’t optional extras anymore.
The Zscaler report notes that AI governance “has transitioned from a policy discussion to an immediate operational necessity.” The simpler version: your staff are feeding your business intelligence into AI systems you didn’t approve, at a scale you probably haven’t measured, and most of those systems have been found to contain critical vulnerabilities. Every single enterprise AI system in the Zscaler research had at least one. Every one.
That’s not a technology problem. It’s a leadership problem.
“The biggest risk going into 2026 isn’t that organisations lack security tools. It’s that they no longer know which threats are real while attackers know exactly where to strike.”
Rogier Fischer, CEO, Hadrian