New AI Usage Report: Enterprise AI Risk Is Heavily Concentrated Among a Small Group of AI "Power users"

State of AI Usage Report 2026 (full report here) by LayerX Security reveals the extent of the enterprise AI visibility gap and why most organizations still don't understand where their AI exposure is actually coming from. The research shows that enterprise AI risk is not distributed evenly across users or platforms. Instead, it is heavily concentrated among a small group of AI power users and a

According to LayerX Security’s State of AI Usage Report 2026, a small group of AI "power users" and a handful of dominant AI platforms generate a disproportionate share of enterprise AI activity and sensitive data exposure, with more than 6% of enterprise AI conversations containing personal, financial, or IT-related data.[1] The report also finds that nearly half of AI conversations use personal identities, many AI tools operate as unmanaged Shadow AI (extensions, connectors, personal accounts), and some platforms show double‑digit sensitive data exposure rates.[1] From a CyberSE.AI perspective, this concentration of usage and use of personal accounts creates a high-impact data leakage risk that requires targeted controls for power users, monitoring of AI connectors and extensions, and strong identity and data governance around AI access. Organizations should combine readiness assessments, explicit AI policies, and continuous red teaming of AI workflows to detect and mitigate sensitive data exposure where AI usage is heaviest and least governed.