Company AI policies

Nearly seven in 10 employees also reported pasting sensitive company data into AI tools, suggesting many organizations face an enforcement problem rather than an awareness problem.

Key Takeaways

• 48.3% of U.S. employees knowingly breach their company’s AI policy.
• 68.7% said they pasted internal, sensitive, or regulated data into AI tools in the last three months.
• 70.9% use AI tools daily for work.
• 42.3% reported using approved and unapproved AI tools side by side during the same browser session.
• 49.3% said they would use an unapproved AI tool if their preferred tool was not authorized.

Neon Cyber’s report, Quantifying Shadow AI Risk in the Browser, suggests many organizations face a growing AI governance challenge that extends beyond policy development. The survey of 227 U.S. employees who use AI at work found that nearly half knowingly violate their employer’s AI policies despite understanding those rules.

The report argues that the problem is no longer whether organizations have AI policies. Instead, it suggests many organizations struggle to enforce them where employees actually use AI.

Policy is not changing behavior

Among respondents, 63.0% said their organization has a clear AI policy they understand. Of those employees, 48.3% admitted they knowingly breached that policy.

The report also found that 39.6% knowingly used unapproved AI tools, while another 15.0% said they might have. Nearly half (49.3%) said they would simply switch to another unauthorized AI tool if the one they wanted was not approved by their employer.

According to the report, employees often prioritize productivity over internal approval processes, particularly as AI tools become a routine part of daily work.

Sensitive company data continues flowing into AI

The survey found that 68.7% of respondents pasted or uploaded internal, sensitive, or regulated information into AI tools during the last three months, including financial information, customer data, and login credentials.

Shadow AI is becoming routine

More than 70% said they use AI tools daily, while 51.1% reported using them multiple times each day. Nearly two-thirds described AI as essential or very necessary to their jobs.

At the same time, 42.3% said they use both approved enterprise AI tools and unapproved AI services in the same browser session, using the same corporate data. The report argues that this makes it difficult for organizations to detect unauthorized AI activity using traditional security controls.

Browser habits also contributed to the risk. Nearly 70% reported using the same browser profile for both work and personal activities, while 63.0% said they mix personal and work accounts within the same browsing session.

Neon Cyber conducted the survey in May 2026 among 227 self-identified U.S. employees who use AI at work.