The reverse is equally true: 45.6% of employees’ personal AI activity flows through enterprise tools their company is paying for
LONDON & SAN FRANCISCO–(BUSINESS WIRE)–New research from Harmonic Security, based on analysis of 1,935,247 classified AI-session minutes, finds that the division between “work AI” and “personal AI” does not reflect how employees actually behave. Workers bring identical tasks to whichever AI tool is open, regardless of whether it is employer-provided or personal, free or paid.
64.5% of all activity on personal and free-tier AI accounts is business use, not personal use. At the same time, 45.6% of all personal AI activity occurs on enterprise-licensed plans the employer is already paying for. The research draws on nearly 2 million AI conversations across six AI tools: ChatGPT, Claude, Google Gemini, Microsoft Copilot, Perplexity, and DeepSeek.
The visibility gap is not evenly distributed across company departments. Legal and Governance are the heaviest users of AI with 19.5% of all AI hours, and 81% of that use within enterprise plans. The risk is concentrated and largely visible. The opposite is true for commercial and operational teams: Go to Market is the second heaviest user of AI (17.5% of AI minutes) and runs just 39% of its AI activity on enterprise plans; Operations, just 18%. Sales and marketing teams are generating proposals and competitive research on accounts employers cannot see.
In total 74.6% of all AI use at work has a clear business purpose and across all six tools, the distribution of task types is near-identical regardless of tool: 47% of AI time goes to efficiency and automation, 20% to decision support, 20% to risk and compliance, 7% to revenue and growth, and 6% to innovation. The findings indicate that employees are not selecting tools based on task type and are instead using whichever tool is already open.
Session depth indicates Claude is a clear winner for more analytical tasks since sessions average 10 minutes 12 seconds per task, 73% longer than ChatGPT at 5 minutes 53 seconds. For security teams, studying usage minutes can be more useful than total queries since a 10-minute contract review involves substantially more pasted context and data exposure than a two-minute query, yet both register as a single AI event in a standard usage dashboard.
“Every organization is pouring money into AI right now, and almost none of them know what their people are actually doing with it. This is the first cross-platform analysis of AI use cases at scale, across personal and enterprise accounts together. It is the first genuine look at how AI is actually being used at work.”
Alastair Paterson, CEO and Co-founder, Harmonic Security
Data portability is another key security question of free tool use. Since when an employee leaves an organization, the business context embedded in their personal AI history leaves with them. Such business data could include contracts strategies and deals which are stored in accounts the organization never owned and cannot recover.
By understanding AI use cases and outcomes, enterprises can better understand their AI investments and make better decisions accordingly.
Methodology
Harmonic Security analyzed 1,935,247 classified AI-session minutes over a trailing seven-week period ending April 2026. Each AI conversation was classified as personal, business, or ambiguous using a large-language-model classifier trained on enterprise AI usage patterns. The analysis covers six AI tools: ChatGPT (Free, Plus, Enterprise, Guest), Claude (Free, Pro, Enterprise), Gemini (Free, Pro, Business), Microsoft Copilot (Free, Pro, and M365), DeepSeek, and Perplexity. Plan tier classifications were derived from account metadata provided by each AI platform’s enterprise reporting API.
About Harmonic Security
Harmonic delivers AI Governance and Control (AIGC), the intelligent control layer that secures and enables the AI-first workforce. By understanding user intent and data context in real time, Harmonic gives security leaders what they need to help their organizations move fast without losing control. For more information, visit harmonic.security.
Contacts
Press contact: [email protected]
