Your Employees Are Feeding Company Data to AI Tools: What SMEs Need to Know

A manager needs a client contract summarized before a 3pm call. A developer is stuck on a bug and wants a second pair of eyes. An HR lead needs to tidy up notes from a difficult employee conversation. In each case, the fastest tool available is a public AI chatbot, and in each case, what gets typed or pasted in often includes exactly the kind of information that should never leave the building.
This isn't a hypothetical. Recent enterprise telemetry studies put the scale of it in concrete terms: in 2026 research, roughly 77% of employees paste data directly into generative AI tools, and more than half of those paste events contain genuine corporate information, client records, financial figures, source code, internal strategy documents. The average user pastes into an AI tool multiple times a day, and a meaningful share of those pastes include something sensitive.
Why this is different from other data leaks
Every business has dealt with data leaving through the usual channels: a lost laptop, a misdirected email, an unencrypted USB drive. Security tools have caught up to those over the years. AI chat tools are a different problem, and a harder one to catch, for two specific reasons.
First, it's invisible by design. Pasting text into a chat window doesn't trigger a file transfer alert, doesn't touch an email gateway, and leaves almost no trace for a security team to review after the fact. Unlike a ransomware attack or a phishing email, there's no obvious moment where something "happened." The data simply leaves, quietly, one prompt at a time.
Second, most of it happens outside company control entirely. Industry data consistently shows that the large majority of these risky pastes, estimates run as high as 82%, come through personal AI accounts rather than any company-managed subscription. That means even a business with reasonably good IT hygiene has essentially no visibility into what's being typed into a free ChatGPT account on someone's personal login, whether on a work laptop or a phone during lunch.
What actually gets typed in
The categories aren't exotic. They're exactly the documents that make up daily business:
- Client contracts and supplier agreements, pasted in to get a quick summary or a rewrite.
- Source code, shared with an AI assistant to debug a problem faster than searching documentation.
- Financial figures and internal pricing models, cleaned up or reformatted for a proposal.
- HR case notes and internal complaint investigations, summarized for a report.
- Customer lists with emails and phone numbers, tidied up for a mailing.
None of this is malicious. It's the same instinct that drives shadow IT adoption generally: someone found the fastest way to finish a task. The difference with AI tools is what happens to the text after it's typed. On free, consumer-tier accounts, that input can be retained and used to improve the underlying model, meaning company data doesn't just leave the building, it potentially becomes part of a system serving other users entirely.
The Samsung example, and why it matters for a much smaller company
The most-cited case remains Samsung's 2023 incident, where engineers in the company's semiconductor division pasted proprietary source code and confidential meeting notes into ChatGPT to speed up debugging and optimization work. None of it was an attack. It was several employees independently trying to work faster, using a tool that was freely available and genuinely useful. The result was a company-wide ban on generative AI tools, put in place only after the exposure had already happened.
The lesson isn't really about Samsung's scale, it's about the mechanism. A 15-person company has the exact same exposure per employee that a semiconductor giant does. If anything, a small business has less capacity to run the kind of after-the-fact investigation Samsung could afford, and a leaked client contract or pricing model can matter proportionally more when you have a handful of key accounts rather than thousands.
Is this actually a data breach
If the text pasted into a public AI tool contains personal data (client names, contact details, employee records), then yes, this can constitute a genuine data protection incident under GDPR. Sending that information to a third-party system outside your control, without a data processing agreement in place, is precisely the kind of unauthorized transfer the regulation is meant to prevent. It doesn't need to be dramatic to count. A single pasted spreadsheet of customer contacts, on a free AI account, can be enough to trigger a reportable incident if it's ever traced back.
What actually works, without banning the technology outright
An outright ban is the instinctive first reaction, and it rarely survives contact with reality. The tools are genuinely useful, adoption is already widespread, and a ban that isn't enforceable just pushes the behavior onto personal phones and home laptops, where visibility drops to zero. The approaches that hold up in practice combine a handful of concrete steps:
- Write one page, not ten. A short, specific rule beats a long policy nobody reads: never paste client data, personal data, contracts, source code, or anything marked confidential into a public AI tool, full stop, and here is the approved tool to use instead.
- Give people an approved alternative. Business and enterprise tiers of the major AI providers generally commit contractually not to train their models on customer data and offer administrative oversight. Once employees have a sanctioned, equally convenient option, the pull toward the free consumer version drops sharply.
- Say who to ask. Most policies fail not because people ignore them, but because nobody knows who to check with when a case feels ambiguous. Naming a single point of contact removes the guesswork.
- Treat an incident as an incident. If confidential or personal data has already been pasted into an unsanctioned tool, that's a data event worth logging and assessing, not something to quietly let go because no visible harm resulted.
- Revisit it once a quarter. AI tool adoption inside a company moves fast enough that a policy written a year ago is likely already out of date. A short quarterly review, alongside a broader look at unsanctioned tools generally, keeps the policy relevant.
The real point
Employees aren't the problem here. They're solving a real productivity need with the tools available to them, and the businesses that get this right aren't the ones that ban AI outright, they're the ones that make the safe path the fast path. A one-page policy and a sanctioned tool cost very little. Discovering, months later, that a client's contract terms have been sitting in a public AI model's training data costs considerably more.


