Annual Report

The LayerX Enterprise AI & SaaS Data Security Report 2025

Why AI is Already the #1 Data Exfiltration Channel in the Enterprise

Why This Report Matters To You?

AI and SaaS have become the backbone of enterprise productivity, but also the primary vectors for uncontrolled data movement. Traditional file-based DLP solutions miss where the real risk lies today: GenAI tools, unmanaged accounts, and file-less transfers.
This report, based on real enterprise browsing telemetry, reveals how sensitive data truly flows through AI and SaaS apps and why common security assumptions no longer hold.

Cover book_Hubspot LP guide 8

Key Findings You’ll Discover

  • AI has already overtaken SaaS as the #1 exfiltration channel. Nearly half of employees use GenAI tools, and 40% of file uploads include PII or PCI data.
  • Copy/paste is the new blind spot. 77% of employees paste data into GenAI prompts, 82% of which come from unmanaged accounts, outside any enterprise oversight.
  • Corporate logins ≠ secure logins. Even “official” access to CRM and ERP is riddled with non-SSO logins, making corporate credentials no safer than personal ones.
  • Chat and IM apps are invisible risks. 87% of activity flows through unmanaged accounts, with 62% of users pasting sensitive data directly into chat.

Why This Report Matters To You?

AI and SaaS have become the backbone of enterprise productivity, but also the primary vectors for uncontrolled data movement. Traditional file-based DLP solutions miss where the real risk lies today: GenAI tools, unmanaged accounts, and file-less transfers.
This report, based on real enterprise browsing telemetry, reveals how sensitive data truly flows through AI and SaaS apps and why common security assumptions no longer hold.

Key Findings You’ll Discover

  • AI has already overtaken SaaS as the #1 exfiltration channel. Nearly half of employees use GenAI tools, and 40% of file uploads include PII or PCI data.
  • Copy/paste is the new blind spot. 77% of employees paste data into GenAI prompts, 82% of which come from unmanaged accounts, outside any enterprise oversight.
  • Corporate logins ≠ secure logins. Even “official” access to CRM and ERP is riddled with non-SSO logins, making corporate credentials no safer than personal ones.
  • Chat and IM apps are invisible risks. 87% of activity flows through unmanaged accounts, with 62% of users pasting sensitive data directly into chat.