China-headquartered generative AI tools are being used inside UK and US organizations, often without any formal oversight, although ChatGPT accounts for the lion’s share of company data exposure.
An analysis by Harmonic Security examined the extent to which an organization’s data – including the prompts it sends to AI platforms – was left vulnerable to exposure and beyond the sender’s control.
The findings come from Harmonic’s AI Usage Index, based on over 22 million anonymized enterprise prompts collected between January 1st and December 31st, 2025.
Harmonic counted a prompt as a data exposure when an employee passed or uploaded company-sensitive information into a generative AI tool.
The company found that over 900,000 prompts – around 4% of total usage – were sent to China-based AI applications in 2025.
Tools such as DeepSeek and Kimi Moonshot were in active use, with DeepSeek showing particularly high source code exposure. According to the report’s authors, Kimi Moonshot generated the highest overall traffic.
While the proportion is relatively small, Harmonic said jurisdictional risk remains significant, particularly where data governance, auditability, and model training practices are unclear.
The data was gathered through the security vendor’s Harmonic Protect, which monitors browser-based AI usage across organizations in the United States and the United Kingdom.
Chat GPT responsible for over 70% of data exposure
Beyond China-based tools, the report shows that overall, the bulk of security risk is heavily concentrated on a small number of mainstream chatbots.
Of the 671 tools identified, just six accounted for over 90% of total data exposure.
Chat GPT alone accounted for over 70% of all data exposures and almost 45% of total prompts. Microsoft Copilot (3%) and Google Gemini (3%) showed smaller but still disproportionate risk-to usage ratios.
Overall, Harmonic found that 579,000 prompts (almost 3% of all usage) contained highly sensitive company information. Code was the most exposed category (30%), followed by legal content (22%), M&A data (13%), financial projections (8%), and investment portfolio data (5%).
Of 98,034 sensitive incidents, 87% occurred through ChatGPTFree, often via personal accounts, “where firms have no visibility, no audit trails, and data may train public models.”
'Outright chatbot bans don’t work'
While Alistair Paterson, CEO and founder of Harmonic Security, says that regulating the use of the main chatbots will help firms control their data exposure, he advises against outright blocking the apps.
“Regulating access to the ‘big six’ GenAI apps can mean organizations take a giant step towards controlling their overall AI data exposure. ChatGPT in particular needs to be tightly controlled with a data exposure risk far greater than its use,” he said.
“But, critically, blocking isn’t the answer. There are multiple ways for employees to circumvent controls, and organizations are at risk of missing out on the huge productivity benefits AI can provide,” he added.
In the case of Chinese apps, for instance, the report adds that while “jurisdictional risk matters, blanket blocking breaks workflows for Asia-Pacific teams.”
Harmonic argues for what it calls an “enablement with oversight” policy: providing approved tools with better features, using warning banners and nudges to redirect users away from risky free services, and applying context-aware controls.
As an example, the report cites lawyers researching case law, which it deems as “low risk.” Uploading client contracts with confidential terms is “high risk.”
“The answer: context-aware policies that understand the difference, not blanket prohibition that drives lawyers to personal ChatGPT accounts.”
With coding, it acknowledges that developers need AI for productivity.
“Blocking coding assistants destroys engineering velocity. But pasting full proprietary algorithms or credentials needs guardrails. The answer: use enterprise coding tools with credential detection, not blocking all AI from engineering.”
“You cannot block your way to AI safety,” the report concludes.
“You need visibility, understanding, and intelligent guardrails.”
Recent incidents underline the risk of organizations blindly using AI. In one case, a US defense contractor found employees had uploaded internal threat models into ChatGPT, triggering a week-long internal investigation.
Separately, in the UK, West Midlands Police admitted an intelligence report using Copilot that referenced a football match that never existed, contributing to a flawed operational decision.
Unlock more exclusive Cybernews content on YouTube.
Your email address will not be published. Required fields are markedmarked