Skip to content
Kavara
The practical guide

How to stop employees pasting sensitive data into ChatGPT

The short answer: you can't stop it with a ban, and your existing DLP can't see it. What works is a layered approach — a clear policy, real visibility into actual AI usage, in-the-moment coaching, and browser-level tokenization that removes sensitive values before a prompt ever leaves the device.

77%
of employees who use GenAI paste data into it
82%
of that paste activity happens on personal, unmanaged accounts
32%
of corporate-to-personal data exfiltration now flows through GenAI — the #1 channel
~40%
of files uploaded to GenAI tools contain PII or payment-card data

Source: LayerX Enterprise AI & SaaS Data Security Report 2025 · coverage in The Register and SC Media.

Why bans fail

The paste you block on the corporate account happens on the personal one.

When Samsung engineers pasted confidential source code into ChatGPT in 2023, the company's response was a ban. The industry followed. Two years of data later, the result is clear: usage didn't stop — it moved. 82% of GenAI paste activity now happens through personal, unmanaged accounts, where corporate policy, corporate SSO, and corporate DLP have no reach at all.

Ban AI tools outright

Pushes usage to personal accounts and devices — you lose visibility and keep the risk.

Policy + training alone

Necessary foundation, but nothing acts at the moment of the paste.

Network / API-based DLP

Built for files and sanctioned SaaS — can't see inside a TLS-encrypted prompt to a consumer AI tool.

Browser-level detection + tokenization

Acts where the paste happens, before data leaves the device — covers personal accounts on managed browsers.

What works

Five layers, in the order to deploy them.

Each layer catches what the previous one misses. Most organizations get the biggest risk reduction from layers two and four — visibility and tokenization — because they work without asking employees to change how they work.

1

Write a policy people can actually follow

One page, not twelve. Name the approved tools, name the data categories that never go in a prompt (customer PII, credentials, source code, regulated data), and say what employees should do instead. A policy nobody reads is an audit artifact, not a control.

2

Get visibility before you enforce anything

You can't govern what you can't see. Measure which AI tools your org actually uses, on which accounts, with what categories of data. Two weeks of passive monitoring usually reshapes the entire policy conversation — the tools in real use are rarely the ones IT expected.

3

Coach at the moment of the paste

The highest-leverage intervention is a quiet warning at the instant someone pastes something sensitive — not a training module three months earlier. In-the-moment nudges change behavior because they arrive exactly when the decision is being made.

4

Tokenize instead of blocking

When sensitive data is detected, swap it for a placeholder token before the prompt leaves the browser and restore the real value in the response locally. The employee still gets their answer; the AI provider never receives the raw data. Protection without the productivity fight.

5

Reserve hard blocks for the few things that warrant them

Some categories justify a hard stop — regulated data in a healthcare org, material non-public information at a public company. Keep the block list short and specific. Blanket blocking recreates the ban problem: people route around it on personal devices and accounts.

Common questions

What security teams ask about ChatGPT data leaks.

Should we just block ChatGPT on the corporate network?

Blocking rarely works in practice. LayerX's 2025 research found 82% of GenAI paste activity already happens through personal, unmanaged accounts — often on the same device, one tab over. A network block pushes usage further into that blind spot; it doesn't remove the behavior, only your visibility into it.

Isn't a written AI policy enough?

A policy is necessary but not sufficient. Employees paste into AI tools mid-task, under deadline, without re-reading the policy. Controls that act at the moment of the paste — a warning, or automatic tokenization — catch what a document on the intranet can't.

Why doesn't our existing DLP catch ChatGPT pastes?

Most DLP inspects files moving through email, cloud storage, or sanctioned SaaS APIs. A ChatGPT paste is a fragment of text inside a TLS-encrypted browser request to a consumer service — no file, no sanctioned tenant, nothing for network or API-based inspection to hook into. Detection has to happen in the browser, before the request is sent.

What data ends up in AI tools most often?

Per LayerX's 2025 report, roughly 40% of files uploaded to GenAI tools contain PII or payment-card data, and 22% of pasted text includes sensitive regulatory information. Customer records, credentials, and source code are the recurring categories — usually pasted to get legitimate work done faster.

Layer four, ready to try

See tokenization catch a paste, live, on your own team.

Kavara runs the browser-level layer of this playbook — detection and tokenization before the prompt leaves the page, with the visibility to run layers two and three from one dashboard.