Your Power Users Are Your Biggest AI Risk

LayerX published the State of AI Usage Report 2026 on May 28 and the punchline is one most CISOs will not want to print. The top 5% of enterprise AI users interact with six or more AI applications. More than 6% of all enterprise AI conversations already contain sensitive data. Nearly 46% of that activity is running through personal accounts your DLP stack cannot see. The shortest version of the finding is that your highest-value AI users are also your highest-risk users, and the policy lever most security teams are reaching for will kill the productivity that justified the AI budget in the first place.

That tension is the actual story. Not “shadow AI bad.” The data underneath it is the playbook for fixing it without breaking the people you most want using AI.

Quick Verdict

Signal from LayerX May 2026	What It Means for You
Top 5% of enterprise users interact with 6+ AI applications	Your power users are also your risk concentration
6%+ of enterprise AI conversations contain sensitive data	Exposure is no longer a tail-risk scenario
46% of enterprise AI usage runs through personal accounts	Your DLP and SSO stack is blind to half the activity
ChatGPT used by 36% of employees, drives 55%+ of conversations	Platform concentration is doing your prioritization for you
DeepSeek 12.63% sensitive-data rate, ChatGPT 8.38%, Copilot M365 3.65%	Same employee, different platform, different risk profile
30% of enterprise users operate across multiple AI platforms	Single-vendor policy is a fiction
Your real lever this quarter	Sanction the platforms power users already use. Govern the data, not the headcount

What LayerX Actually Measured

LayerX runs an enterprise browser extension that sits between the user and every AI tool they open in a tab. That vantage point is the reason the report sees what most SSE and CASB stacks miss. SaaS-layer visibility shows you the AI apps your corporate identity touches. Browser-layer visibility shows you the personal Gmail account a senior product manager pasted a customer contract into at 11:47pm on a Sunday.

The Hacker News writeup on May 28 walked through the four headline numbers. I want to pull three of them apart because they reshape the governance conversation more than any of the headlines implied.

The power user concentration is the part nobody priced. Nearly half of enterprise users touched an AI tool in the past year. Only 18% use AI weekly. The top 5% interact with six or more AI applications. The shape of that distribution is a long tail that compresses risk into the same people who produce most of the value. If you cut off the 5%, you cut the value. If you ignore the 5%, you carry the risk. Most security policy is written as if the distribution were flat. It is not flat.

The personal-account number is the visibility gap that breaks the rest of the stack. 46% of enterprise AI usage happens through personal accounts. Not corporate SSO. Not a sanctioned tenant. A personal ChatGPT login on a corporate browser. That’s the channel your CASB cannot see, your enterprise contract cannot govern, and your data residency assurances do not cover. The number is high enough that any AI governance program assuming corporate-tenant coverage is governing the easy half and ignoring the hard half.

ChatGPT is doing the prioritization for you. 36% of enterprise users touch ChatGPT. That same 36% generates 55% or more of all enterprise AI conversation volume. The implication is that the platform consolidation conversation most leaders are still having (“should we standardize?”) is moot. Standardization already happened, organically, around ChatGPT. The question is whether the corporate tenant or the personal account is the version your employees are using to do it.

The Risk Profile Changes by Platform

The sensitive-data rate varies by platform in a way that should reset how most enterprises score AI vendors. LayerX’s data, summarized in the Fyself News breakdown, puts DeepSeek conversations at a 12.63% sensitive-data rate. ChatGPT at 8.38%. Microsoft Copilot for M365 at 3.65%.

Same employee. Different platform. Different probability that a given chat session contains regulated, confidential, or otherwise sensitive content. That delta is not random. It maps to the workflow each platform supports.

DeepSeek is open-weight, cheap, and reasoning-heavy. The power users who reach for it tend to be the ones running deep analytical workloads. That’s also where confidential data lives. ChatGPT is the general-purpose default. Mid-range exposure, broad surface. Copilot M365 is grounded in the data the user already has access to inside the tenant. The conversations are operational, not analytical, which is why the sensitive-data rate sits below 4%.

The reading is not “ban DeepSeek.” The reading is that your platform mix has a risk profile, the profile is measurable, and the right answer for each platform is different. That’s a more granular conversation than most AI policies are structured to support. It’s also where the DeepSeek V4 strategic read and the ChatGPT-built-market dynamic start mattering at the operational level instead of the strategic one.

Why Restricting Power Users Is the Wrong Move

The reflex response to the LayerX report inside most security teams will be to restrict the 5%. Tighten policy. Force corporate-only logins. Block the secondary AI apps. Throttle the workflows that triggered the alerts.

That reflex is going to destroy the case you spent the last 18 months building for AI inside the org.

Three reasons the restriction move loses.

The 5% generate the ROI receipts your CFO is already counting. The same power users hitting six apps are the ones producing the workflow rebuilds that justified the AI budget. Marketing analytics that used to take a week now run in a day. Legal research that used to take a team runs solo. Finance modeling that was a quarterly grind is now weekly. Pull the tooling and you pull the receipts. The CFO that signed the budget will notice inside one cycle, and the next budget conversation will be the audit one.

Restricted power users go further underground, not back to compliance. The 46% personal-account number is already the data showing that policy without an alternative pushes activity into channels the org cannot see. Tighten the screw and the activity migrates faster. Personal device. Personal phone. Personal cloud sync. The visibility problem gets worse, not better. The shadow AI cost analysis I published earlier walked through how this same dynamic broke the first wave of governance programs.

Single-vendor policy is a fiction. 30% of enterprise users already operate across multiple AI platforms simultaneously. Telling them to use only the sanctioned tool ignores that the workflow they actually run requires three of them. A power user pulling a customer support workflow might use Claude for tone, ChatGPT for code, and Copilot for the Outlook integration on the same task. Pick one and they will quietly switch the other two to personal logins. You will have governed the tool you can see and lost visibility on the tools you cannot.

The right framing is not “fewer users, fewer tools.” It is “more sanctioned coverage of the tools the users are already on.” That is a different governance posture than most enterprise AI policies are written against.

How Should Enterprise AI Governance Treat Power Users?

Enterprise AI governance in 2026 should treat the top 5% of AI users as a privileged class to be enabled, monitored, and contracted with, not as a risk class to be restricted. That means sanctioning corporate-tenant access to the six-plus AI applications the power users are already reaching for, deploying browser-layer visibility to govern the data flowing in and out of those tools, and writing a data-handling agreement with the power user cohort that names the workflows, defines the sensitive categories, and assigns accountability without throttling throughput. The governance burden moves to the data and the platform contracts. The productivity burden stays on the user. That split is what keeps the 5% generating the ROI that funded the program.

Three Reallocations That Actually Move the Needle

Most AI governance budgets are aimed at the wrong half of the problem. The LayerX numbers point at where the spend should be going instead.

Browser-layer visibility over network-layer DLP. The 46% personal-account number means network-layer detection misses half the activity. Browser-layer telemetry, of the type LayerX itself runs but also of the type Microsoft’s open-source agent governance toolkit and the SSE players are now shipping, sees the activity regardless of which tenant the user is logged into. Move budget from the perimeter inspection layer to the browser layer. The return on the second dollar is higher than the return on the eleventh dollar of the first kind.

Sanctioned access for the power user platforms over restriction lists. Spend the procurement cycle on getting corporate-tenant contracts in place for the six-or-more AI apps your top 5% are using. ChatGPT Enterprise, Claude Enterprise, Copilot M365, the secondary tools your power users keep showing up on. The contracted version of the tool ships with data residency, audit logging, retention controls, and the ability to revoke access centrally. The personal version ships with none of that. Every power user you migrate from personal to corporate tenant turns an invisible workflow into a governed one.

Data classification at the prompt boundary over policy training. Most AI governance training spends the budget on telling employees not to paste confidential data into AI tools. The LayerX 6% sensitive-data rate is the receipt that the training is not landing. The replacement is automated classification at the moment of the prompt. Browser-layer scanners catch the paste, classify the content, and either redact, warn, or block based on the data class and the destination platform. That moves the policy from the human’s memory to the machine’s enforcement layer. The productivity tax is near zero. The exposure rate drops materially.

The pattern across all three is the same. Move the governance burden away from “tell the user no” and onto “make the right path the default.” The Deloitte SMB governance framework makes the same point on a smaller scale. The LayerX data makes it at enterprise scale.

The Power User Contract

The piece of this most security programs do not have, but should write before Q3, is a power user contract. A short, named, signed agreement with the 5% cohort that runs the heaviest AI workflows. Three clauses.

The first names the sanctioned platforms. Six to ten by application class. Each one mapped to a corporate tenant, an audit log, and a retention policy. The contract says: these are the tools the org has cleared for your workflow class, and the procurement team will add a new one within 14 days if you can name the use case and the data handling requirement.

The second names the sensitive categories. Customer PII. Source code. Financials in the close window. M&A working documents. Each category gets a handling rule that the browser-layer scanner enforces automatically. The power user does not have to remember the policy. The policy is in the tooling.

The third names the accountability. The power user signs off that they understand the categories, the platforms, and the audit trail. The accountability sits with the user, the visibility sits with the security team, the productivity sits with the workflow. None of those three displaces the others.

That contract reframes the 5% from “risk concentration the org needs to contain” to “privileged operators the org has chosen to enable under specific terms.” The reframe is the part most policies are missing. It is also the part that holds up at audit, because the audit trail is named, signed, and continuously monitored.

The Anti-Hype Read

Two cautions before the slide deck gets built.

The 6% sensitive-data rate is an average across all enterprise AI conversations. The distribution underneath it is not flat. A small share of users in a small set of platforms produce most of that 6%. The number is real, the exposure is real, but treating every AI conversation in the org as equally risky is the same misread that drove the original DLP overreach a decade ago. Targeted controls beat blanket ones. The LayerX numbers point at where the targeting should land.

The 46% personal-account number is sensitive to how each org rolls out sanctioned access. Enterprises with mature corporate-tenant programs for ChatGPT and Copilot already see lower personal-account rates than the average. The number is a market average, not a ceiling. The orgs that move fastest on sanctioned access for the six-plus app cohort will see their own personal-account rate drop inside two quarters. That delta is measurable and is the right KPI to put on the dashboard.

Neither caution softens the directional read. The risk is concentrated. The visibility is partial. The fix is sanctioned coverage and browser-layer enforcement, not restriction.

Your Three Moves Before Q3

Sized for an enterprise CISO, CIO, or AI program lead running a real governance program. Doable inside 90 days. Will position your AI policy against the LayerX data instead of the 2024 threat model.

1. Identify your top 5% AI power users by next Friday. Pull the corporate-tenant usage logs from the AI tools you already sanction. Sort by session count and unique-app count. The top 5% by either metric is your power user cohort. Send them a 10-minute survey that asks which tools they use that the org does not currently sanction. The answers are your platform contract list for the next procurement cycle.

2. Move one unsanctioned AI platform to corporate-tenant access this month. Pick the highest-volume tool from the survey that is not currently on a corporate contract. Negotiate the enterprise tenant. Migrate the power users from personal logins. Measure the personal-account rate before and after for that platform. The delta is the proof point for the next platform on the list. The enterprise AI vendor decision framework covers the procurement angle in depth.

3. Pilot browser-layer prompt classification on one team this quarter. Pick the team with the highest power user density. Deploy a browser-layer scanner that classifies prompts at submission time and enforces handling rules by data category. Measure the sensitive-data rate before and after, the productivity impact on the team, and the false-positive rate on the classifier. The before/after numbers are the business case for rolling the scanner across the rest of the org.

The career version of this move matters too. The orgs that respond well to the LayerX data will be hiring AI governance engineers, browser-layer security analysts, and power-user enablement leads through the back half of 2026. Those titles barely existed 18 months ago. They are now line items in real budgets, sitting next to the AI agent identity roles the Akeyless data pointed at.

Bottom Line

LayerX just gave the field its cleanest snapshot yet of where enterprise AI risk actually lives. Not in the casual user pasting an email into ChatGPT once a quarter. In the power user cohort running six-plus AI applications across personal and corporate accounts, generating the bulk of the productivity and the bulk of the exposure at the same time. That concentration is the governance problem most policies are not written for.

The reflex move is to restrict the 5%. The right move is to enable them under contract. Sanction the platforms they are already using. Move the visibility to the browser layer. Classify the data at the prompt boundary. Sign a power user contract that puts accountability, visibility, and productivity on three different tracks that do not displace each other.

Identify the cohort this week. Sanction one new platform this month. Pilot the browser-layer classifier this quarter. Three moves. Doable inside one governance cycle. The risk concentration is already named. The question is whether your policy targets it precisely or restricts the people who built the ROI case for AI in the first place.

The power users are the program. Govern them like it.

---

Related Reading:

• Shadow AI Is Costing More Than Productivity. Here’s How to Fix It.
• The AI Decision Your IT Team Already Missed
• DeepSeek V4 and the SMB Strategy Read
• Microsoft’s Free Toolkit Fixes Your Agent Governance Problem
• Your Agents Are Already Out of Bounds
• The Deloitte SMB AI Governance Playbook