Copy-and-Paste Now Exceeds File Transferring as the Top Corporate Data Exfiltration Vector (scworld.com)
(Saturday November 15, 2025 @10:58PM (EditorDavid)
from the policy-problems dept.)
- Reference: 0180091663
- News link: https://it.slashdot.org/story/25/11/16/0355217/copy-and-paste-now-exceeds-file-transferring-as-the-top-corporate-data-exfiltration-vector
- Source link: https://www.scworld.com/news/copy-paste-now-exceeds-file-transfer-as-top-corporate-data-exfiltration-vector
Slashdot reader [1]spatwei writes:
> It is now more common for data to [2]leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its [3]Browser Security Report 2025 .
>
> This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.
>
> 'Traditional governance built for email, file-sharing, and sanctioned SaaS didn't anticipate that copy/paste into a browser prompt would become the dominant leak vector,' LayerX CEO Or Eshed wrote in a blog post summarizing the report.
"GenAI now accounts for 11% of enterprise application usage," notes [4]this article from SC World , "with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use..."
"With the rise of AI-driven browsers such as [5]OpenAI's Atlas and [6]Perplexity's Comet , governance of AI tools' access to corporate data becomes even more urgent, the LayerX report notes."
[1] https://slashdot.org/~spatwei
[2] https://www.scworld.com/news/copy-paste-now-exceeds-file-transfer-as-top-corporate-data-exfiltration-vector
[3] https://layerxsecurity.com/blog/why-the-browser-has-become-the-enterprises-most-overlooked-endpoint/
[4] https://www.scworld.com/news/copy-paste-now-exceeds-file-transfer-as-top-corporate-data-exfiltration-vector
[5] https://www.scworld.com/news/chatgpt-atlas-address-bar-a-new-avenue-for-prompt-injection-researchers-say
[6] https://www.scworld.com/news/ai-browser-risks-demonstrated-by-poc-sidebar-spoofing-attack
> It is now more common for data to [2]leave companies through copying and pasting than through file transfers and uploads, LayerX revealed in its [3]Browser Security Report 2025 .
>
> This shift is largely due to generative AI (genAI), with 77% of employees pasting data into AI prompts, and 32% of all copy-pastes from corporate accounts to non-corporate accounts occurring within genAI tools.
>
> 'Traditional governance built for email, file-sharing, and sanctioned SaaS didn't anticipate that copy/paste into a browser prompt would become the dominant leak vector,' LayerX CEO Or Eshed wrote in a blog post summarizing the report.
"GenAI now accounts for 11% of enterprise application usage," notes [4]this article from SC World , "with adoption rising faster than many data loss protection (DLP) controls can keep up. Overall, 45% of employees actively use AI tools, with 67% of these tools being accessed via personal accounts and ChatGPT making up 92% of all use..."
"With the rise of AI-driven browsers such as [5]OpenAI's Atlas and [6]Perplexity's Comet , governance of AI tools' access to corporate data becomes even more urgent, the LayerX report notes."
[1] https://slashdot.org/~spatwei
[2] https://www.scworld.com/news/copy-paste-now-exceeds-file-transfer-as-top-corporate-data-exfiltration-vector
[3] https://layerxsecurity.com/blog/why-the-browser-has-become-the-enterprises-most-overlooked-endpoint/
[4] https://www.scworld.com/news/copy-paste-now-exceeds-file-transfer-as-top-corporate-data-exfiltration-vector
[5] https://www.scworld.com/news/chatgpt-atlas-address-bar-a-new-avenue-for-prompt-injection-researchers-say
[6] https://www.scworld.com/news/ai-browser-risks-demonstrated-by-poc-sidebar-spoofing-attack
Really? WTF? (Score:2)
by cusco ( 717999 )
> GenAI now accounts for 11% of enterprise application usage
Maybe I'm old or out of touch (or both) but for the life of me I cannot think of a reason for that number to be more than maybe 1% outside of some lazy programmers.
Bad OpSec (Score:2)
... combined with a large dose of IT illiteracy.
Where do people think data pasted into a web page form goes? Never mind the AI part, being able to read simple queries will give outsiders some intelligence about the kinds of projects and technologies your organization is working with. A foreign intelligence organization posing as an on-line seller can buy the right set of ad words and really go fishing for some interesting information.