Data Exfiltration Trends Shift: Copy-and-Paste Surpasses File Transfers

Copy-and-paste actions have now surpassed file transfers as the primary method of corporate data exfiltration. This shift is significantly influenced by the rise of generative artificial intelligence, or genAI.

According to a report highlighted by LayerX CEO Or Eshed, 77% of employees are engaging in copy-pasting data into AI prompts, with 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.

This trend underscores a major evolution in how sensitive corporate information is being handled and potentially leaked. The report indicates that genAI now accounts for 11% of enterprise application usage, with adoption rates accelerating faster than many data loss prevention controls can adapt.

Notably, 45% of employees actively use AI tools, and among these, 67% access them via personal accounts. ChatGPT, in particular, has emerged as the dominant player, comprising 92% of all AI tool usage.

The implications of these findings are significant for corporate governance and cybersecurity. Traditional data governance frameworks, which were originally designed for managing email, file-sharing, and sanctioned software as a service applications, have not anticipated the extent of data leakage through browser prompts.

As the LayerX report states, the governance of AI tools' access to corporate data needs to be prioritized immediately. The emergence of AI-driven browsers such as OpenAI's Atlas and Perplexity's Comet further complicates these challenges.

Organizations must adapt their security protocols to effectively address these evolving vulnerabilities in data protection. The report serves as a critical reminder of the urgent need for businesses to rethink their cybersecurity strategies in light of the growing use of generative AI in the workplace.