Every few months, a new data leak makes the headlines—often from surprising places. But while most security teams are monitoring emails, file transfers, and cloud storage, a quieter threat is growing in the background:
AI prompt-based leaks inadvertently sharing sensitive information.
Employees are pasting customer data, internal documents, and confidential code into tools like ChatGPT and Bard—often unaware that these tools may retain or train on those inputs. And more often than not, the use of (and their activities in) these tools are hidden employers, posing shadow AI risks.
The kicker? Traditional DLP (Data Loss Prevention) tools aren’t built to detect this.
Why Prompt-Based Leaks Happen
To an employee, using AI feels like just another productivity hack. Stuck on a tough email? Draft it with ChatGPT. Cleaning up a dataset? Feed it into Gemini. Need a quick legal summary? Paste in the contract.
But that copy-paste behavior creates a subtle but serious risk: company data leaves your perimeter and enters someone else’s model.
The problem isn’t malicious intent—it’s missing guardrails.
Where Traditional DLP Falls Short
DLP systems were designed for a different world. They monitor:
- Email attachments and file transfers
- Uploads to cloud storage or collaboration platforms
- Access to known sensitive documents or keywords
But they weren’t built to handle:
- Dynamic browser-based inputs
- Text pasted into AI chat windows
- Ad hoc data shared with third-party APIs
DLP sees files. Prompts look like keystrokes.
As a result, prompt-based leaks fly under the radar—even in companies with mature security postures.
Real-World Examples
According to Metomic and Kaspersky data cited by IBM, 67% of employees share internal data with generative AI tools without authorization, contributing to average breach costs of $5.2 million—28% higher than traditional breaches. A recent Lasso Security study shows that 13% of generative AI prompts contain sensitive organizational data (e.g. credentials, proprietary code, PII), highlighting how common prompt leaks have become in enterprise settings. Finally, an article on Axios shared how Harmonic Security tracked over 1 million prompts in Q2 2025, finding that more than 4% of AI prompts and 20% of uploaded files contained sensitive corporate data, with code being the most frequent exposure.
It’s also fairly easy to imagine cases where:
- Engineers paste proprietary code into Copilot for debugging
- HR staff ask ChatGPT to rewrite performance review notes
- Marketers upload customer personas for campaign suggestions
In each case, it’s fast, efficient—and invisible to most monitoring systems.
Samsung’s data leak is probably the most renowned example of this type. In mid‑2023, Samsung employees inadvertently leaked confidential internal code and documents via ChatGPT, prompting a company-wide ban and policy overhaul. A move like this comes with its drawbacks though, as tools that may be a source of competitive advantage is no longer something that can be leveraged.
Why This Matters Now
Generative AI adoption is exploding. When nearly every department uses AI tools, the number of entry points for sensitive data multiplies. And since these tools are browser-based, they bypass endpoint protections and VPN rules entirely.
By the time a breach is discovered, it’s not just a security issue—it’s a compliance failure and a reputational event.
Adding to this is the fact that after such leakages occur, academics were able to demonstrate in a 2025 study by Alizadeh et. al. that simple prompt injection can extract personal data during agent workflows with a success rate around 15–50%. Average attack success rate (ASR) was ~20%, and no model fully prevented leakage.
What Modern AI DLP Should Look Like
To protect against prompt-based leaks, organizations need:
- Browser-level monitoring that detects risky inputs before they’re submitted
- Real-time policy reminders when employees interact with AI tools
- Anonymized audit logs to understand where guidance is working—and where it’s not
- Lightweight controls that guide behavior without blocking productivity
Prevention shouldn’t rely on trust alone. But it also shouldn’t kill velocity.
How Tripwire Helps
Tripwire watches where DLP can’t. It lives in the browser, running silently as employees use generative AI tools. When someone tries to paste sensitive data into a prompt, Tripwire nudges them with a policy reminder—before the data ever leaves the screen.
No screen recording. No heavy-handed blocking.
Just the right nudge at the right moment.
Traditional DLP was built for yesterday’s risks.
Prompt-based AI use demands a new layer of protection.
If your teams are using generative AI, it’s time to make sure they’re doing it safely. Want to see what that looks like in practice?
- Learn more about our solution through the post: Introducing Tripwire
- Apply for early access and get our exclusive whitepaper
- Or just follow along as we explore how to make AI use at work safer, smarter, and more human