I was talking to a CISO at a mid-sized logistics company last autumn. He pulled up a dashboard showing six months of outbound clipboard events flagged by their new DLP system. One number stuck with me: 1,200-plus incidents where an employee had copied data containing personal identifiers and pasted it directly into a public AI interface. His comment: "We had no idea. Our SIEM was clean."
That gap โ between what traditional security tools see and what's actually happening at the user-AI boundary โ is where most modern data leaks occur. And it's growing.
Why This Keeps Happening
The conversation around AI data leaks tends to frame it as a discipline problem. If employees just followed the rules, we wouldn't have this issue. That framing is wrong, and it leads to the wrong solutions.
The actual dynamic is simpler: AI tools are genuinely useful, they're available to everyone, and there's no obvious feedback loop telling a user that what they just did was a security incident. When an accountant pastes a client spreadsheet into ChatGPT to quickly reformat it โ the spreadsheet gets reformatted. The model responds helpfully. No alarm sounds. No warning appears. The data traveled to an external server and the employee has no idea anything happened.
Cybersecurity awareness training, to the extent companies run it at all, still focuses on phishing emails and password hygiene. The curriculum hasn't caught up with how work actually happens in 2026, where ChatGPT, Copilot, Claude, and Gemini are as natural a part of the workflow as email.
The Data That Moves
When we look at incident patterns across Inscryble customers, the sensitive data most commonly leaked to AI tools falls into a few predictable categories โ not because of carelessness, but because of context. Developers paste code snippets to debug issues, and those snippets often contain hardcoded credentials or API keys that were meant to be temporary. Analysts paste report fragments to generate summaries, and those fragments contain customer names, account numbers, revenue figures. HR professionals paste application data into AI writing tools, and that data includes names, contact details, employment history.
None of these are reckless decisions at the individual level. Each one makes sense in the moment. The problem is structural: people don't have a clear mental model of where AI-processed data goes, who has access to it, and what the retention policies are.
What Actually Happens on the Other Side
This is the question I hear most often: "Does OpenAI actually see what I paste?" The honest answer is: it depends, and it's more complicated than most people want it to be.
Enterprise plans from most major AI vendors include data processing agreements that prohibit training on your data. But most employees aren't on enterprise plans โ they're using free or personal accounts, sometimes unknown to IT. Even on enterprise plans, data is processed on vendor infrastructure, exists in logs, and is subject to the vendor's security posture. In March 2023, OpenAI disclosed a bug that allowed some users to see conversation history belonging to other users. These things happen.
From a regulatory standpoint, the question of what physically happens to the data is secondary. Under GDPR, if personal data leaves your controlled environment without a legal basis, that's a breach โ regardless of whether anyone at OpenAI ever reads it. Notification obligations, potential fines, and reputational exposure follow from the act of transfer, not from demonstrated misuse.
The Limitation of Policy-Only Approaches
"Don't paste sensitive data into AI tools" is a reasonable policy. It's also largely unenforceable, because it requires every employee to make a correct classification judgment every time they're about to do something that makes their job easier. Human error rates at repetitive judgment tasks are not zero. They're not even close to zero.
The more durable approach is to build the protection into the workflow rather than relying on individual vigilance. That's the architecture behind Inscryble: a desktop agent and browser extension that monitors what's being moved to AI interfaces, detects sensitive patterns โ PII, credentials, financial data โ and intervenes based on your policy configuration. Block the transfer, anonymize the data before it sends, or simply log the event for later review.
One design decision we consider important: raw text never leaves the endpoint. What Inscryble sends to its servers is a hash of the event and its metadata โ what type of sensitive data was detected, which application was the source, which AI tool was the target. We don't need to see the actual content to know that an incident occurred.
The dashboard gives security teams what they need to understand the real scope of the problem at their company โ and that number is usually surprising. Most organizations, once they deploy monitoring, find far more AI-related data movement than they expected. That visibility is step one. The automated protection handles the incidents you'd otherwise miss.
If you want to see what your own exposure looks like, the 14-day trial takes less than ten minutes to set up. The first incidents show up the same day.