‘When an employee leaves an organization, the business context embedded in their personal AI history leaves with them’
Employees are doing most of their work-related artificial intelligence (AI) tasks through personal accounts that employers cannot easily monitor, creating fresh governance, privacy and offboarding risks for HR professionals, according to new research.
Nearly two-thirds (64.5%) of all activity on personal and free‑tier AI accounts is business use rather than personal use, finds Harmonic Security, which analysed 1,935,247 classified AI‑session minutes over a seven‑week period to understand how employees actually use AI at work across six tools: ChatGPT, Claude, Google Gemini, Microsoft Copilot, Perplexity and DeepSeek.
Overall, 74.6% of all AI use at work had a clear business purpose, compared with 13.3% classified as personal use and 12.1% as ambiguous. The company reports that employees use “whichever AI is already open,” whether it is an employer‑provided enterprise tool or a personal, free account.
“Every organization is pouring money into AI right now, and almost none of them know what their people are actually doing with it,” says Alastair Paterson, CEO and co‑founder of Harmonic Security. “This is the first cross‑platform analysis of AI use cases at scale, across personal and enterprise accounts together.”
More than 70% of employees are using AI tools every week, and up to one-third are doing so without IT oversight, pointing to the rise of “shadow AI” across workplaces, according to a previous report.
Blurred lines between personal and enterprise use
The reverse pattern holds when looking at personal use, Harmonic Security notes. Of all personal AI minutes, 45.6% occur on enterprise‑licensed plans that organisations are already paying for, 29.9% on paid consumer plans, and 15.5% on free or guest accounts.
The company argues that this undermines the common assumption that enterprise plans are used strictly for work and personal or free‑tier accounts are used strictly for non‑work activity.
“A free‑tier session might be a contract review; an enterprise session might be a personal email draft,” Harmonic Security notes, warning that controls based only on plan type will misclassify risk.
Data portability from personal tools is highlighted as a key concern. “When an employee leaves an organization, the business context embedded in their personal AI history leaves with them,” the report states, adding that this can include “contracts strategies and deals which are stored in accounts the organization never owned and cannot recover.” 
The study also shows that across all tools, the distribution of work types is broadly similar:
-
47% of AI time goes to efficiency and automation
-
20% to decision support
-
20% to risk and compliance
-
7% to revenue and growth
-
6% to innovation and creation.
Legal covered, commercial teams and HR more exposed
By department, Legal and Governance are the heaviest AI users, accounting for 19.5% of all AI hours, followed by Go to Market teams at 17.7%, Design and Development at 13.3%, Strategy at 11.9% and People and Talent at 10.4%. Harmonic Security notes that Legal activity is highly concentrated on enterprise plans, with 81% of its AI use happening on employer‑licensed accounts.
On enterprise AI plans, Legal and Governance account for 32.3% of activity, while they are barely present on free accounts. Go to Market teams show the opposite pattern, representing 28.6% of free‑account AI hours but only 10.1% of enterprise usage, meaning much of their work happens on personal accounts that employers cannot see.
“Legal teams have largely adopted enterprise AI. Sales and marketing teams are largely running on personal accounts their employers cannot see,” Harmonic Security states. “The governance coverage follows the opposite of the risk.”
People and Talent teams rely heavily on tools such as ChatGPT, which accounts for a majority share of HR‑related AI hours in the dataset, according to Harmonic Security. With average session lengths of 5.5 minutes for People and Talent, the company suggests HR staff are using AI for activities such as job descriptions, communications and candidate screening, often involving sensitive personal information.
“Teams that govern only corporate‑issued AI accounts are governing a minority of where work actually happens,” Harmonic Security concludes.
Canadians continue to express concern about AI, yet a growing share are allowing AI systems to act on their behalf — which poses a challenge to HR professionals, according to a previous EY report.
How to protect company data amid AI use?
Below is a practical overview of how employers can secure data when employees use AI, according to multiple sources:
|
Recommendation |
Why it works (evidence-based rationale) |
Source |
|
Favour governance over prohibition — research shows blanket bans push workers to shadow AI rather than eliminate the behaviour |
Verizon's 2026 DBIR found AI use on corporate devices jumped from 15% to 45% in one year, with 67% of those users accessing AI via personal accounts — a pattern analysts compare to past failures of email-to-personal-account bans |
2026 Data Breach Investigations Report, Verizon Business, May 2026; analysis in Kiteworks, "Verizon DBIR 2026: Shadow AI Now a Top Insider Threat," 19 May 2026 (kiteworks.com) |
|
Provide enterprise-grade, sanctioned AI tools |
Only ~25% of Canadian office workers using AI rely on company-sanctioned tools; the rest mix in or rely entirely on personal apps, which IBM links to higher breach costs. Rob Wilmot of IBM Consulting Canada: "Without secure, enterprise-grade solutions … businesses risk productivity losses and data exposure as employees seek alternatives." |
IBM Canada press release, "IBM Study: Shadow AI Use Surges as Canadian Workers Outpace Employers in AI Adoption," 3 Sept. 2025 (canada.newsroom.ibm.com) |
|
Publish a clear AI-use policy specifying prohibited data classes (personal information, source code, financials, HR data, etc.) |
KPMG Canada found 24% of Canadian users entered proprietary company data and 19% entered private financial data into public GenAI. Lewis Curley, Partner, People and Change practice at KPMG in Canada, warned: "If organizations don't implement guardrails and provide training around generative AI use, employees could inadvertently enter sensitive company data into generative AI tools." Verizon's 2026 DBIR adds that source code is now the data type most often uploaded to unsanctioned AI services. |
KPMG in Canada, Generative AI Adoption Index, Nov. 2024 (kpmg.com); Verizon, 2026 DBIR |
|
Conduct a privacy impact / risk assessment before deployment under PIPEDA and provincial privacy regimes |
Canadian legal analysis recommends a privacy risk assessment that considers the purpose of the AI, whether less privacy-invasive means are available, and whether the loss of privacy is proportional to the benefits. Professor Teresa Scassa (University of Ottawa) similarly notes that Canadian privacy law already constrains how personal information may be handled regardless of whether an AI system is involved. |
Gowling WLG, "Are you managing your AI risk? Insights and tips for Canadian employers," 10 June 2025 (gowlingwlg.com); Canadian HR Reporter, "AI in Canadian workplaces: why clear policies can't wait," 2 Dec. 2025 (hrreporter.com) |
|
Adopt a recognized governance framework (NIST AI RMF 1.0) structured around the Govern, Map, Measure, and Manage functions |
NIST's voluntary AI Risk Management Framework is widely recommended for Canadian organizations as a way to embed AI-specific controls — covering data quality, security, bias, and transparency — across the AI lifecycle |
National Institute of Standards and Technology, AI Risk Management Framework (AI RMF 1.0), Jan. 2023 (nist.gov); applied to Canadian SMBs in SecurIT, "AI Risks Canadian Businesses: SMB Cybersecurity Guide 2025," 23 Feb. 2026 (securitdata.ca) |
|
Train employees regularly — irregular or absent training correlates with the highest leak rates |
Lenovo's 2026 research found between one-fifth and one-third of workers use AI outside IT governance; ~31% of AI users receive no employer training, and many who do describe it as irregular or ineffective |
Work Reborn Research Series 2026, Lenovo, reported in Help Net Security, "Shadow AI risks deepen as 31% of users get no employer training," 1 May 2026 (helpnetsecurity.com) |
|
Monitor for shadow AI with DLP and AI security posture management tools, and audit prompts/outputs where feasible |
Canadian cybersecurity guidance recommends AI security posture management platforms (e.g., HiddenLayer, CalypsoAI, Robust Intelligence) to continuously assess model vulnerabilities, data exposure, and compliance — integrated with endpoint tools that flag unusual AI usage and unauthorized API access |
SecurIT, "AI Risks Canadian Businesses: SMB Cybersecurity Guide 2025," 23 Feb. 2026 (securitdata.ca) |
