Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Friday, 3 July, 2026
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

One in 33 Employees Is Driving Nearly a Fifth of All Workplace AI Activity and Most Companies Are Only Just Waking Up to It

by Guru Writer
May 18, 2026
in Featured
ai-image-writing
Share on FacebookShare on Twitter

New behavioural data from Redflags has revealed a striking concentration of AI tool usage within UK organisations: just 3% of employees account for 18% of all AI-related activity on work devices, averaging 235 AI events each, compared with 35 for a typical colleague.

The findings come from the Redflags Behavioural Impact Report 2026, which draws on real, on-device telemetry rather than self-reported surveys, a distinction that matters. The report analyses over 29 million behavioural nudges delivered across 44 organisations throughout 2025, covering financial services, engineering and manufacturing, government, and other sectors.

Overall, employee visits to AI websites surged 43% year-on-year in 2025. But the headline number tells only part of the story. The 91% increase in the number of companies actively monitoring AI usage in the same period suggests that security teams are beginning to grasp the scale of the problem, even as governance struggles to keep pace.

Shadow AI and the data egress problem

The report identifies several AI-related behaviours that are keeping security teams up at night: employees uploading files to AI sites, using AI tools without corporate account logins, and accessing unapproved applications. These create data egress points that are difficult to detect without continuous behavioural visibility.

OpenAI accounts for 93% of all AI site visits observed in the data, with Gemini at 5% and Copilot, Perplexity, Claude and DeepSeek each registering under 1%. The dominance of a single tool doesn’t necessarily reduce risk; it depends entirely on whether that tool is being used under a corporate account with appropriate data governance in place.

Tim Ward, CEO of Redflags, said: “The speed at which AI usage is growing inside organisations is remarkable, but what’s equally striking is how many companies are only now starting to understand what’s actually happening on their employees’ devices. Governance is racing to catch up with behaviour, and the gap between the two is where risk lives.”

Ward added, “The human brain is wired to seek novelty. New AI tools trigger dopamine responses associated with excitement and reward. This makes them inherently compelling to employees, regardless of whether they’re approved by the business. Understanding that this is a human behaviour challenge, not just a technology policy one, is critical to building an effective response.”

Phishing: the perennial threat isn’t going anywhere

Alongside the AI findings, the report delivers a timely reminder that foundational threats remain stubbornly persistent. Clicking on links in external emails from unknown senders was the most commonly tracked risky behaviour, flagged by 93% of the organisations in the study.

However, the data also demonstrates that behavioural interventions work. Redflags’ nudge-based approach, delivering just-in-time prompts on employees’ devices at the precise moment of risk, produced an average 35% reduction in dangerous link clicks across the dataset, with peak reductions of 83% in the best-performing organisations.

The mechanism is grounded in cognitive science. Link-clicking from unknown senders is typically a fast, instinctive System 1 decision. Nudges interrupt that automatic response and prompt a more considered System 2 evaluation, whether that’s hovering over a link to verify a URL, or pausing to scrutinise the sender. Over six months, the report recorded a 28% increase in the hover-to-click ratio, indicating that employees are building more cautious habits over time.

The credential loss data reinforces this. A 22% average reduction in passwords being entered on sites reached via unknown-sender email links suggests the nudge effect compounds across the full phishing chain, not just at the point of click.

What this means for security teams

For CISOs and security awareness leads, the report offers a useful benchmark and a methodological argument. The Redflags data is unusual in that it is measured before and after intervention, on actual devices, in real working conditions, not modelled, simulated, or self-reported. That makes it one of the few datasets available that can demonstrate genuine behaviour change rather than claimed behaviour change.

The 3% finding in particular has practical implications. Identifying and monitoring the small cohort of power users who account for a disproportionate share of AI activity, whether enthusiastic early adopters or individuals bypassing policy, may be a more targeted and efficient use of security resources than blanket controls that affect all employees equally.

ShareTweet
Previous Post

Q&A: Why Vulnerability Scans Are Giving Businesses a False Sense of Security

Next Post

Cyber attackers bypass traditional defences as ‘user-driven’ attacks surge, Bridewell warns

Recent News

AI Appreciation Day: Celebrating Progress, Embracing Responsibility

The industries being reimagined by AI

July 2, 2026
geopolitical cyber report

Iran-linked MuddyWater espionage campaign targets organisations across four continents

July 1, 2026
Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

Check Point Brings Cloud Firewall to AWS European Sovereign Cloud

July 1, 2026
Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

Q&A: Solving Synthetic Media Challenges Before All Trust is Lost

July 1, 2026

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol

  • About Us
Manage Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
  • Manage options
  • Manage services
  • Manage {vendor_count} vendors
  • Read more about these purposes
View preferences
  • {title}
  • {title}
  • {title}
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2026
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2024 IT Security Guru - Website Managed by Dessol