Companies struggle to track employees’ use of AI tools at work
Harmonic research reveals that employees are using personal AI accounts for work, raising major security concerns.
New research from Harmonic Security has found that employees are increasingly using personal artificial intelligence accounts for work-related tasks, creating significant security and governance concerns for organisations. The study revealed that 64.5% of all activity on personal and free AI accounts is work-related, leaving much of this usage outside employers’ visibility.
The findings also showed that workers are blurring the lines between personal and company-approved AI tools. According to research, 45.6% of personal AI activity occurs on employer-funded licensed accounts, while enterprise-grade AI tools are also used for personal queries. The report suggests employees are prioritising convenience over corporate security policies, often using whichever AI platform is already open or easiest to access on their devices.
Researchers said this behaviour is creating a growing “visibility gap” for organisations attempting to manage AI use responsibly. Instead of separating work and personal tasks, employees are switching between tools without considering whether their employer approves the platform or whether sensitive information is being exposed.
The report comes at a time when businesses worldwide are investing heavily in generative AI technologies to improve efficiency, automate tasks, and stay competitive. However, the study indicates that many organisations still lack a clear understanding of how staff are actually using these tools in day-to-day operations.
Visibility and security concerns continue to grow
Harmonic’s research found that legal and governance teams are among the heaviest users of AI tools, accounting for 19.5% of all AI-related working hours across organisations. The study noted that 81% of this activity occurs on approved enterprise platforms, giving employers relatively strong visibility into how these departments are using AI.
Go-to-market teams ranked second-largest users, accounting for 17.5% of AI working hours. However, only 39% of their activity was conducted through company-approved tools. Visibility was even lower among operations teams, where only 18% of AI activity took place on enterprise accounts managed by employers.
The research also explored the main reasons employees are using AI in the workplace. Efficiency and automation emerged as the dominant use case, accounting for 47% of activity. Decision support and risk and compliance functions each accounted for 20% of usage, while revenue generation and innovation were less common at 7% and 6%, respectively.
Harmonic argued that its approach to measuring AI usage differs from previous studies because it focused on “minutes” spent using tools rather than the number of prompts or queries submitted. The company said measuring time provides a clearer indication of how much data may be exposed during AI sessions.
The findings showed that Anthropic’s Claude platform generated longer average sessions than OpenAI’s ChatGPT. Users spent an average of 10 minutes and 12 seconds on Claude compared with 5 minutes and 53 seconds on ChatGPT. Harmonic suggested that longer sessions may indicate deeper engagement with sensitive company information.
The report warned that using personal AI accounts for work poses long-term risks for businesses. Sensitive information entered into personal accounts may remain permanently stored in users’ chat histories, even after employees leave a company. Because the accounts are privately owned, organisations may have no legal or technical ability to recover or delete that information, potentially leading to permanent intellectual property loss.
Companies urged to simplify access to approved AI tools
According to Harmonic, one reason employees continue to favour personal AI accounts is that enterprise systems are often difficult to access. Many organisations require complicated authentication procedures for approved tools. In contrast, consumer AI platforms such as Google Gemini, ChatGPT, Claude and Perplexity AI typically require only a basic login linked to a Google or similar account.
The company said this ease of access encourages workers to bypass official systems in favour of faster and simpler alternatives. At the same time, businesses are paying substantial sums for enterprise AI licences that employees may not widely adopt. Harmonic pointed to products such as Microsoft 365 Copilot, which commonly costs US$30 per user each month, while ChatGPT Business plans are priced between US$20 and US$25 per month.
Alastair Paterson, chief executive of Harmonic Security, said many organisations still lack visibility into how AI tools are being used internally despite significant spending on the technology.
“Every organisation is pouring money into AI right now, and almost none of them know what their people are actually doing with it,” Paterson said.
He added that the report is the first study of its kind to uncover how AI is “actually being used at work”.
The research suggests the problem may not be the availability of enterprise AI tools themselves, but rather the difficulty employees face in accessing them. Harmonic recommended that organisations introduce universal single sign-on systems to simplify access to approved AI services and reduce reliance on personal accounts.
However, the company also warned against adopting a “one size fits all” strategy for AI deployment. Instead, employers were advised to consider the specific workflows and needs of different departments to ensure teams have access to the most appropriate tools for their roles.
