Perilous prompts: How generative Artificial Intelligence (AI) is leaking companies' secrets

Beneath the surface of GenAI's outputs lies a massive, mostly unregulated engine powered by data – your data. And whether it's through innocent prompts or habitual oversharing, users are feeding these machines with information that, in the wrong hands, becomes a security time bomb.
A recent Harmonic report (https://apo-opa.co/3Sw1K4N) found that 8.5% of employee prompts to generative AI tools like ChatGPT and Copilot included sensitive data – most notably customer billing and authentication information – raising serious security, compliance, and privacy risks.
Since ChatGPT's 2022 debut, generative AI has exploded in popularity and value – surpassing $25 billion in 2024 (https://apo-opa.co/3Z7wOf2) – but its rapid rise brings risks many users and organisations still overlook.
'One of the privacy risks when using AI platforms is unintentional data leakage,' warns Anna Collard, SVP Content Strategy&Evangelist at KnowBe4 Africa. 'Many people don't realise just how much sensitive information they're inputting.'
Your data is the new prompt
It's not just names or email addresses that get hoovered up. When an employee asks a GenAI assistant to 'rewrite this proposal for client X' or 'suggest improvements to our internal performance plan,' they may be sharing proprietary data, customer records, or even internal forecasts. If done via platforms with vague privacy policies or poor security controls, that data may be stored, processed, or – worst-case scenario – exposed.
And the risk doesn't end there. 'Because GenAI feels casual and friendly, people let their guard down,' says Collard. 'They might reveal far more than they would in a traditional work setting – interests, frustrations, company tools, even team dynamics.'
In aggregate, these seemingly benign details can be stitched into detailed profiles by cybercriminals or data brokers – fuelling targeted phishing, identity theft, and sophisticated social engineering.
A surge of niche platforms, a bunch of new risks
Adding fuel to the fire is the rapid proliferation of niche AI platforms. Tools for generating product mock-ups, social posts, songs, resumes, or legalese are sprouting up at speed – many of them developed by small teams using open-source foundation models. While these platforms may be brilliant at what they do, they may not offer the hardened security architecture of enterprise-grade tools. 'Smaller apps are less likely to have been tested for edge-case privacy violations or undergone rigorous penetration tests and security audits,' says Collard. 'And many have opaque or permissive data usage policies.'
Even if an app's creators have no malicious intent, weak oversight can lead to major leaks. Collard warns that user data could end up in:
● Third-party data broker databases
● AI training sets without consent
● Cybercriminal marketplaces following a breach
In some cases, the apps might themselves be fronts for data-harvesting operations.
From individual oversights to corporate exposure
The consequences of oversharing aren't limited to the person typing the prompt. 'When employees feed confidential information into public GenAI tools, they can inadvertently expose their entire company,' (https://apo-opa.co/3Hked9o) explains Collard. 'That includes client data, internal operations, product strategies – things that competitors, attackers, or regulators would care deeply about.'
While unauthorised shadow AI remains a major concern, the rise of semi-shadow AI – paid tools adopted by business units without IT oversight – is increasingly risky, with free-tier generative AI apps like ChatGPT responsible for 54% of sensitive data leaks due to permissive licensing and lack of controls, according to the Harmonic report.
So, what's the solution?
Responsible adoption starts with understanding the risk – and reining in the hype. 'Businesses must train their employees on which tools are ok to use, and what's safe to input and what isn't," says Collard. 'And they should implement real safeguards – not just policies on paper.
'Cyber hygiene now includes AI hygiene.'
'This should include restricting access to generative AI tools without oversight or only allowing those approved by the company.'
'Organisations need to adopt a privacy-by-design approach (https://apo-opa.co/3Ze1hbj) when it comes to AI adoption,' she says. 'This includes only using AI platforms with enterprise-level data controls and deploying browser extensions that detect and block sensitive data from being entered.'
As a further safeguard, she believes internal compliance programmes should align AI use with both data protection laws and ethical standards. 'I would strongly recommend companies adopt ISO/IEC 42001 (https://apo-opa.co/3HmoD8l), an international standard that specifies requirements for establishing, implementing, maintaining and continually improving an Artificial Intelligence Management System (AIMS),' she urges.
Ultimately, by balancing productivity gains with the need for data privacy and maintaining customer trust, companies can succeed in adopting AI responsibly.
As businesses race to adopt these tools to drive productivity, that balance – between 'wow' and 'whoa' – has never been more crucial.
Distributed by APO Group on behalf of KnowBe4.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Zawya

an hour ago

• Zawya

Egypt assumes vice presidency of the International Gas Union, paving the way for 2028 presidency

Mohamed Fouad: The Egyptian Gas & Energy Association has launched an advisory council comprising senior leaders from both public and private sectors and international partners. Karim Shaaban: We aim to enhance internal integration among the IGU's committees to ensure its initiatives align with member states' priorities. Cairo — For the first time ever, Egypt has officially assumed the position of Vice President of the International Gas Union (IGU) through the Egyptian Gas & Energy Association. This step paves the way for Egypt's upcoming presidency of the next triennium (2028-2031). This role reflects increasing international confidence in Egypt's capabilities to effectively contribute to shaping the future of global energy, marking it as the first country from Africa and the Middle East to hold this prestigious position. Eng. Khaled AbuBakr, Chairman of the Egyptian Gas & Energy Association (EGEA), has taken up the role of IGU Vice President. In this capacity, he participates in all meetings and activities of the IGU and the Executive Committee. He also represents the IGU in the ongoing gas debates, such as the G7, G20, and UN Climate Change Conferences, in addition to the major international conferences, to advance its strategic vision and enhance its global influence. Eng. Mohamed Fouad, Secretary General of EGEA, serves as the Egyptian Presidency Team Director for the IGU, in addition to his role as Chair of the National Organization Committee for the 2031 World Gas Conference (WGC), which is to be held in Egypt. Meanwhile, Eng. Karim Shaaban, Head of the Strategy and Planning Committee of EGEA, holds the position of Vice Chair of the Coordination Committee and a member of the Executive Committee of the IGU. His responsibilities include overseeing the work of the IGU's committees and contributing to the preparation and submission of the Triennial Work Programme (TWP) to the Executive Committee. In this context, Eng. Khaled AbuBakr, Vice President of the IGU and Chairman of EGEA, stated: 'From Egypt and Africa, we embark to power the whole world with secure and clean energy. This leadership role represents a significant step through which we intend to enhance energy security by developing gas policies and infrastructure, improving the Gas industry's resilience to price volatility, providing necessary investments, and accelerating the transition towards more sustainable energy sources. We are fully committed to coordinating with the Italian Presidency of the IGU to ensure the Union's objectives are achieved during this phase.' Abubakr added: 'Through this position, we aim to transform the Egyptian experience into an international model to be emulated. This role enables Egypt to strengthen international cooperation and attract investment, supporting its pursuit of sustainable development and solidifying its role as a regional energy hub. We deeply appreciate the Egyptian government's support in securing this nomination.' Eng. Mohamed Fouad, Secretary General of the Egyptian Gas & Energy Association (EGEA), also outlined the Association's expanded strategy, which extends beyond natural gas to include low-carbon technologies and renewable energy. This expansion stems from the EGEA's strong belief in the importance of a balanced and inclusive energy transition. Fouad added, "The Association has launched its new Advisory Board, comprising a distinguished group of senior leaders from both the public and private sectors, as well as international partners operating in Egypt's energy and gas sector. The private sector will provide deep insights into market trends and investment opportunities, while the public sector will ensure initiatives align with regulatory policies." For his part, Eng. Karim Shaaban, Vice Chair of the Coordination Committee and member of the Executive Committee of the IGU, and Head of the Strategy and Planning Committee of EGEA, stated: "Through this committee, we aim to enhance internal integration among the IGU's committees and working groups, ensuring its initiatives align with member states' priorities. We also contribute to preparing the program for the 2028 World Gas Conference and collaborate with the leadership of the R&D and Innovation Committee to formulate sessions for the International Gas Research Conference (IGRC). These efforts contribute to elevating the Union's standing in the global gas industry." As a result of winning the presidency of the International Gas Union (IGU) for the 2028-2031 term, Egypt is set to host the 31st edition of the World Gas Conference (WGC) in 2031, marking the IGU's centenary anniversary. This event stands as the global gas and energy industry's most significant gathering, convening top experts and decision-makers to delve into the sector's primary challenges and opportunities. Hosting the WGC will underscore Egypt's leadership in energy transition and technological innovation, along with its initiatives to establish a regional green energy hub, ultimately bolstering its standing as a prime destination for investment and tourism.

Zawya

6 hours ago

• Zawya

CI Capital successfully concludes EGP 665.5mln securitized bond issuance for Aman Consumer Finance

Cairo: CI Capital ( the leading diversified financial services group, announced today the successful conclusion of the third securitized bond issuance on behalf of Aman Securitization, with the originator being Aman Consumer Finance. The issuance comes in 3 tranches: the first valued at EGP 307 Mn, with a tenor of 6 months, The second tranche, valued at EGP 222 Mn, with a tenor of 12 months. Both tranches received a Prime 1 rating from Middle East Ratings and Investor Services (MERIS). The third tranche, valued at EGP 136.5 Mn, with a tenor of 23 months, received a rating of A-. "This issuance, marking the Seventh issuance concluded by CI Capital for Aman Holding, a portfolio company of Raya Holding, reflects CI Capital's series of successes by executing numerous key transactions, further reinforcing our leading position as Egypt's leading advisory house. This issuance also affirms our ability to provide our clients with diverse and innovative investment solutions,' Commented Amr Helal, Chief Executive Officer (Sell-Side) of the Investment Bank at CI Capital. 'CI Capital has effectively concluded seven securitized bond issuances for Aman since 2023, strongly indicating the solid partnership between the two companies. He expressed his aspiration to enhance strategic cooperation between the two companies further, considering Aman one of CI Capital's most significant partners,' Added Helal. In the same context, Eng. Hazem Moghazi, Co-CEO of Business and Commercial Affairs at AMAN Holding, added: 'The success of this issuance reflects the strong confidence that investors place in AMAN Holding and in the Egyptian market overall. Since the launch of our securitization program, we have successfully completed issuances totaling nearly EGP 9.7 billion to date, which stands as a testament to our commitment to sustainable growth and to contributing to the development of Egypt's non-banking financial sector. We are proud to collaborate with all stakeholders involved in AMAN Securitization's various issuances, and we remain committed throughout 2025 to implementing our strategy of diversifying funding sources and enhancing financial transparency—supporting market stability and aligning with the aspirations of the national economy.' Mohamed Abbas, Head of DCM at CI Capital, expressed his pleasure for the successful conclusion of the issuance in partnership with Aman, noting that Aman is one of CI Capital's key success partners. He also emphasized his pride in the enduring relationships with Aman, having executed issuances with innovative structures and solutions. Finally, Abbas highlighted the substantial investor interest in the issuance, reflecting strong market confidence in both CI Capital and Aman's portfolio performance. CI Capital acted as financial adviser, issuance manager, and arranger in the issuance, while Zaki Hashem & Partners acted as the legal advisor, and United for Auditing, Tax, Advisory & Financial Services (UHY) acted as the issuance's financial auditor. About CI Capital Holding for Financial Investments CI Capital Holding for Financial Investments (Ticker: CICH EY, is a diversified financial services group and Egypt's leading provider of leasing, microfinance, mortgage finance, consumer finance, and investment banking products and services. Through its headquarters in Cairo, and presence in New York and Dubai, CI Capital Holding for Financial Investments offers a wide range of financial solutions, to a diversified client base that includes global and regional institutions and family offices, large corporates, SMEs, and high-net-worth and individual investors. CI Capital Holding for Financial Investments leverages its full-fledged investment banking platform to provide market-leading capital raising and M&A advisory, asset management, securities brokerage, custody, and research. Through its subsidiary, Corplease, CI Capital offers comprehensive leasing solutions, including finance and operating leases, and sale and leaseback, serving a wide range of corporate clients and SMEs. Additionally, CI Capital Holding for Financial Investments offers microfinance lending through Egypt's first licensed MFI, Reefy. The Group has over 4,000 employees, led by a team of professionals who are among the most experienced in the industry, with complementary backgrounds and skill sets, and a deep understanding of local market dynamics. Banque Misr, one of Egypt and Africa's most renowned financial banks, is the majority shareholder of CI Capital Holding. For more information, please contact CI's Investor Relations Department Email:

Zawya

2 days ago

• Zawya

Central African Republic: Breakthrough as ex-combatants of rebel group are convicted for war crimes and crimes against humanity but trial tarnished by absence of four defendants

Reacting to the news that the Special Criminal Court has convicted six former combatants of the Popular Front for the Rebirth of the Central African Republic (Front populaire pour la renaissance de la Centrafrique) for crimes against humanity and war crimes, Alice Banens, Legal Adviser at Amnesty International, said: 'The decision handed down by the Special Criminal Court (SCC) in the Ndélé 2 case represents a breakthrough in the fight against impunity for serious crimes committed in the Central African Republic. Light has been shed on the atrocities committed in Ndélé in March 2020. 'However, four of the six people found guilty and given heavy sentences were convicted in absentia. Amnesty International considers that the defendant's right to be present at their trial, to prepare their defence with their lawyer, and to address the Court directly are pillars of the right of defence, without which there can be no fair trial. 'Several suspects who are accused of serious crimes and subject to arrest warrants from the SCC are still at large. This situation continues to deprive victims of their right to truth, justice and effective reparation. The execution of arrest warrants is essential if the fight against impunity is not to be selective.' Background In the Ndélé 2 case, six defendants were found guilty of crimes against humanity, including murder, attempted murder, inhuman acts and persecution, and war crimes, and sentenced to between 18 and 25 years' imprisonment. In March 2020, the town of Ndélé, in the north-east of the country, was attacked by members of the Popular Front for the Rebirth of the Central African Republic, an armed group from the former Séléka coalition. The violence left dozens dead and displaced hundreds of people. The Special Criminal Court is a hybrid court set up in the Central African Republic in 2018. It is composed of Central African and non-Central African judges and personnel. It was created to investigate, prosecute and judge the most serious crimes committed since 2003. The Ndélé 2 case is the third to be heard by the SCC since the effective start of its judicial work, following the Paoua and Ndélé 1 cases. In 2020 and 2021, Amnesty International published two reports analyzing the challenges facing the SCC. The organization called for increased support for the Court and greater transparency. Distributed by APO Group on behalf of Amnesty International.