Awareness

Unauthorized ChatGPT / Claude / Gemini Use by Employees

Published  ·  5 min read

Many employees use personal or unapproved accounts of ChatGPT, Claude, Gemini, Grok, Perplexity, or similar LLMs,  often because the official company-approved instance is slower, more restricted, or doesn't exist yet.

The problem is not the technology itself, but the data leakage, compliance violations, IP exposure, and legal risks that follow when sensitive company information is sent to third-party AI providers.

All employees share, in either an intentional or an unintentional manner, the following forms of sensitive information:
1. Customer Personal Identifiable Information (PII) and financial records
2. Financial Statements, Predictions, Mergers And Acquisitions
3. Listing of source code and proprietary algorithms along with product development timelines
4. Human resources data on employees, salaries, and performance/review data
5. Confidential Emails, Contracts And Legal Counsel
6. Strategic Plan, Price Structures And Competitive Intelligence

Once sent, data is usually retained by the provider (even if “chat history” is off), used for training unless explicitly opted out, and can appear in future responses to other users (model distillation risk).

Real Patterns Observed in 2025–2026
1. Finance & consulting firms, analysts paste client financial models → models later appear in competitor queries via model inversion attacks.

2. Proprietary source code fragments are generated by tech business engineers, subsequently generating public LLM output with regards to code being seen in the context of leaking code via applications such as GitHub Copilot.

3. Healthcare and legal companies can accidentally leak patient details through case files or records that have been pasted by service employees; due to numerous instances of this type of behavior, this becomes an issue of compliance where the GDPR and HIPAA are in play (i.e., they breach both regulations).

4. Once the product design and formula have been released as a result of shared use in R&D and manufacturing, the designs or formulas would be expected to reappear in AI-generated patents or research produced by competitive manufacturers within a short time frame of (i.e., months) of being released.

5. Executive positions can leak data from board decks, strategy memos or negotiation procedures through BEC targeting or as leverage in negotiating future contracts with other parties.

Practical Detection Methods (2026)
1. Use logs from networks (or proxies) to find outbound traffic volumes from users to the following locations: 
a) chat.openai.com / api.openai.com
b) claude.ai / api.anthropic.com
c) gemini.google.com / generativelanguage.googleapis.com
d) grok.x.ai / api.grok.x.ai
e) perplexity.ai / api.perplexity.ai Filter for strings in user agents that contain "Mozilla/5.0 (compatible; ChatGPT-User/" or similar.

2. From DNS and firewall queries, organisation should block and send alerts on the following domains:
a) openai.com, anthropic.com, googleapis.com/generativelanguage, x.ai, perplexity.ai
b) Common subdomains for these domains are as follows: api., cdn., files., playground. 

3. For endpoint detection solutions (EDRs or XDRs), employ searches for processes which open browser tabs or make API calls to these domains. The example processes to look for are:
a) chrome.exe / msedge.exe / firefox.exe with url "chat.openai.com," "claude.ai," "gemini.google.com" 
b) All unusual child processes (i.e., curl, wget, powershell) that contact APIs listed above.

4. DLP (Data Loss Prevention) Rules
a) Preventing electronic transfers of big volumes of text to publicly available Artificial Intelligence (AI) Application Programming Interface (API) endpoints(make alerts)
b) Triggers to set off an alarm on specific words within the code: internal project numbers, customer identification numbers, dollar amount, source code indication or reference of the Electronic Record.

5. Browser plug-in and endpoint policies
a) Force installation of the proxy certificate established by the corporation on computer to decrypt and inspect any and all traffic (HTTP(s)) directed to the domain of AI.
b) Using Endpoint Agent programs such as CrowdStrike, Defender for Endpoint, and SentinelOne to block or log connection attempts to any API.

Practical Mitigation Steps 
1. Setting Up an Internal LLM
a) Create a local or private cloud VPC copy of Llama-3.1, Mistral, Gemma, or Phi-3.5 and run the LLM on-premises. 
b) Develop using: Ollama, LM Studio, vLLM, Text Generation Web UI, Private GPT
c) Provide employees the opportunity to enhance performance via the employee LLMs and support the organization via no exposure to external data.

2. Revise Policy and Acceptable Use Policy
Explicitly prohibit employee use of any external LLM's for business-related work. Include in the employee handbook, employee onboarding and every annual security training.

3. Implement Technical Limitations
a) DNS filtering to prevent/redirect user requests to any known AI-related domain (Cloudflare Gateway, Cisco Umbrella, PaloAlto DNS Security). 
b) Change proxy/firewall rules to prevent employees from making outbound requests through known AI API endpoints. 
c) Create an endpoint policy that prohibits employees from using browser extensions that enable the employee to access external LLM's (e.g. ChatGPT Side Bar, Merlin, etc.). 

4. Monitor and React to Employee Use of External LLM's. 
a) At least weekly review the external AI domain connections made by employees. 
b) Establish automated alerts/configure alerts if employees are transferring a high volume of data to an external AI endpoint or transferring sensitive data to an external AI endpoint. 
c) Any time a violation occurs follow your established process to intervene immediately (HR/security interaction/conversation) and scan the employee's device.

Key Takeaways
The unauthorised use of ChatGPT/Claude/Gemini represents one of the largest uncontrolled sources of data leakage in 2026. Employees prefer it for its speed and ease but it creates a huge risk because sensitive information is sent to third parties and could be used for training, model inversion, or attempting to target you in the future. The solution has two prongs:
1. Give them a fast, secure internal/private alternative.
2. Enforce policy + technical controls to block external instances.

Do nothing → you are accepting the risk that your next strategic plan, customer list, or source code is already sitting on someone else’s server.

 

Professional Services

Explore Our Cybersecurity Services

Our insights are backed by hands-on service delivery. If your business needs professional cybersecurity support, our UK-based specialists are ready to help.

© 2016 – 2026 Red Secure Tech Ltd. Registered in England and Wales — Company No: 15581067