Stop employees pasting secrets into ChatGPT
8 min read · A playbook · Updated May 12, 2026
Almost every security team has the same problem in 2026: somebody in finance pasted a customer roster into ChatGPT to draft an email. Somebody in engineering pasted a chunk of a private repo into Claude to refactor it. Somebody in sales pasted a deal sheet into Copilot to summarise it. Productivity is up, leaks are up, and the blunt-instrument response - block all AI tools - works for about two weeks before the workarounds win.
This is the playbook we've seen work. It assumes you want employees to keep using AI, just safely.
1. Stop thinking about "block"
Blocking ChatGPT at the firewall is a 2023 answer to a 2026 problem. What you actually get when you block:
- People route around the block on their phone or a personal laptop, and your visibility goes from low to zero.
- People sign up with personal email instead of work email - same data leaving the same way, now without a paper trail.
- The team that wanted help with a task does the task slower, and the company eats the productivity loss.
The right primitive is redact, log, and inform, not block. Let people use the tools. Make sure the sensitive bits never reach the AI provider.
2. Map your real exposure first
Before deploying anything, find out which AI tools your team is actually using. Common surfaces in our experience:
- Browser ChatGPT - by far the most common entry point.
- The ChatGPT, Claude, and Gemini desktop apps - bypass network proxies that only watch the browser.
- Cursor, GitHub Copilot Chat, Continue - IDE assistants that ship entire files as context.
- Claude Code, Aider, and other terminal CLIs.
- The forgotten one: an internal "AI helper" tool that uses Anthropic or OpenAI keys under the hood. Treat it the same way.
3. Pick the right control point
There are three viable architectures for governing AI prompts:
- Browser extension. Easy to install, easy to uninstall, blind to desktop and CLI usage.
- Cloud gateway / SSE. Sees everything you forward through it; doesn't see anything when the laptop is off-network and the VPN client is off.
- Endpoint agent that intercepts AI traffic on the device. Works everywhere the laptop goes; works the same on browser, desktop apps, and CLIs.
For mid-market teams the endpoint-agent path is usually the right answer. It's the only one that survives a coffee-shop wifi connection and a Claude Code session in the same afternoon.
4. Communicate before you deploy
The biggest predictor of a sticky AI governance rollout is how it's framed to employees. The two extremes both fail:
- Surprise. Deploy silently, then explain after somebody complains. Builds a reputation that security teams are the bad guys.
- Overwarning. Long policy doc + mandatory training + scary email. People treat AI as taboo and stop using it openly.
The version that lands: a short, friendly note explaining that nothing about their workflow changes, that the company is OK with them using AI, and that the only difference is that sensitive data gets redacted before it reaches the AI provider. Show a before-and-after example.
5. Phase the rollout
- Pilot (week 1–2): install on a friendly team that uses AI heavily (engineering, support, or marketing). Watch the dashboard; tune false positives.
- Targeted (week 3–4): roll out to teams that touch the riskiest data - finance, legal, customer success.
- Org-wide (week 5+): deploy via MDM. Default policies handle 90% of risk; the last 10% comes from custom policies you write based on what the dashboard surfaces.
6. Measure what matters
The metrics that actually mean something on month two:
- Detection volume by category - which kinds of data are leaving the laptop most often? PII? Credentials? Internal docs? This tells you which policies need tightening.
- Top 10 risky prompts of the week - review with the team they came from, not as punishment, as input to a training conversation.
- Coverage - what percentage of seats has the agent active right now? Below 95% means MDM enforcement isn't tight enough.
What you should not measure: per-employee leak counts. That metric incentivises hiding usage, not preventing leaks.
Ready to deploy? NexusNest takes about 30 minutes to install on a laptop and covers ChatGPT, Claude, Copilot, Gemini, and Cursor out of the box. See how it works →
Sources & further reading
- Cyberhaven - research on AI-tool data exposure (cited: ~39.7% of AI interactions involve sensitive data; employees input sensitive data into AI tools every ~3 days)
- OpenAI - Enterprise Privacy (training opt-outs, retention defaults)
- Anthropic - commercial terms and usage policies
- OWASP - Top 10 for LLM Applications
- NexusNest - internal customer rollout playbook, 2026