The Register: Employees regularly paste company secrets into ChatGPT

Oct 7, 2025

—

Source URL: https://www.theregister.com/2025/10/07/gen_ai_shadow_it_secrets/
Source: The Register
Title: Employees regularly paste company secrets into ChatGPT

Feedly Summary: Microsoft Copilot, not so much
Employees could be opening up to OpenAI in ways that put sensitive data at risk. According to a study by security biz LayerX, a large number of corporate users paste Personally Identifiable Information (PII) or Payment Card Industry (PCI) numbers right into ChatGPT, even if they’re using the bot without permission.…

AI Summary and Description: Yes

Summary: The text highlights potential security risks associated with the use of OpenAI’s ChatGPT by corporate employees, specifically regarding the unintentional exposure of sensitive data such as Personally Identifiable Information (PII) and Payment Card Industry (PCI) numbers. This issue is particularly relevant for security and compliance professionals in AI and information security.

Detailed Description: The text addresses significant concerns related to the use of generative AI technologies in corporate environments, focusing on the following key points:

– **Risk of Sensitive Data Exposure**: Employees are reportedly inputting sensitive information, including PII and PCI data, into AI platforms like ChatGPT. This practice creates vulnerabilities that could lead to data breaches.
– **Unauthorized Use of AI Tools**: The use of AI tools without proper permissions raises compliance issues, particularly in industries subject to strict data protection regulations.
– **Awareness and Training**: There is an evident need for organizations to increase awareness among employees regarding the implications of using AI for handling sensitive data. Security training should be emphasized to prevent unintentional data sharing.
– **Implications for Governance and Compliance**: Organizations may need to consider revising their policies around the use of AI tools to ensure they align with regulations surrounding data privacy and security.

In summary, the integration of generative AI tools in workplace settings demands a careful approach to ensure sensitive data remains protected from unauthorized access and misuse. Organizations should implement guidelines and training to mitigate these risks effectively.

1 10 2 2025 5 7 a access Act addresses AI AI technologies AI tool AI tools All and app art as at ated aware awareness awareness and training Bi bot breach breaches by C care CERN chat ChatGPT CI CIA co compliance compliance issues compliance professionals concerns Copilot D data data breach Data breaches data exposure data privacy Data Protection Data Protection Regulation data protection regulations data sharing de demand e effective environment environments event exp following for g Gen generative Generative AI generative AI tools GIS Go governance Governance and Compliance GPT gs guidelines H handling high Highlight http HTTPS implications in industry information information security integration intent io Iron issue J k Key l large Lead led Li line low M man Micro Microsoft Microsoft Copilot mission misuse N no NPU o of on ons open openai opilot organization organizations oS out over pay payment per permissions personally identifiable information Personally Identifiable Information (PII) pilot platform platforms point policies potential pre privacy pro professionals protection ps R Raise rate RCE re Regulation regulations report right Risk risks Ro RoT s sec secrets security security and compliance security risk security risks security training sensitive data sensitive data exposure sensitive information settings SHA sharing side Sig size SoC source specific SSE SSO study SUSE T tech technologies ted text the to tool tools TP training trie UI UN unauthorized access up US use user Users uth V vulnerabilities Ware Wi Workplace x z