Enterprise AI Risk Hides in Power Users, Report Finds

Robert Moore · 2026-05-28

A new report from LayerX Security dives deep into how companies are actually using AI tools at work. And the findings might surprise you. It turns out that most organizations don't have a clear picture of their AI exposure. They think they do, but they don't. The report, called the State of AI Usage Report 2026, points to a big blind spot: the "enterprise AI visibility gap." ### What the Report Reveals The research shows that AI risk isn't spread evenly across an entire company. It's not like everyone is equally likely to cause a problem. Instead, it's heavily concentrated among a small group of people the report calls "AI power users." Think of it like this: in any workplace, you've got a few people who are really into the latest tech. They're the ones who try every new AI tool, share prompts with colleagues, and push the boundaries of what's possible. They're also the ones most likely to accidentally expose sensitive data. ### Who Are These Power Users? Power users aren't necessarily in IT or security roles. They can be anywhere in the company. According to the report, these individuals: - Use AI tools far more frequently than the average employee - Experiment with a wider range of platforms and applications - Often bypass official IT policies to get their work done faster - May not even realize they're creating security risks ### Why This Matters For security teams, this is a wake-up call. Most organizations focus on blocking access to certain websites or tools. But that approach misses the real problem. The risk isn't in the tools themselves. It's in how people use them. The report suggests that companies need to shift their focus from blanket policies to targeted monitoring. Instead of trying to lock everything down, they should identify their power users and work with them to establish better habits. ### A Practical Example Imagine a marketing manager who uses an AI writing assistant to draft customer emails. She's not thinking about data privacy. She just wants to save time. But if she pastes a list of customer names and purchase histories into the tool, that data could end up being stored or processed in ways the company never intended. The same goes for a software developer who uses AI to debug code. He might accidentally share proprietary algorithms or trade secrets without realizing it. ### What Companies Can Do The report offers a few key recommendations: - **Identify your power users** first. Don't assume everyone poses the same level of risk. - **Educate these users** about the specific risks of their AI usage. Make it personal and practical. - **Implement monitoring** that focuses on behavior, not just tool access. Look for patterns like frequent data uploads or unusual platform usage. - **Create clear guidelines** that don't stifle innovation but do protect sensitive information. ### The Bottom Line The State of AI Usage Report 2026 makes one thing clear: AI risk is real, but it's manageable. The key is understanding where it actually lives inside your organization. It's not everywhere. It's concentrated among a small, enthusiastic group of power users. Once you know who they are, you can help them use AI safely without slowing down the innovation that makes your company competitive. For security leaders, the message is simple. Don't try to boil the ocean. Focus on the people who matter most. That's where the real risk lives, and that's where you'll find the biggest opportunity to make a difference.