New Research Finds Workforce AI Policy Compliance Is an Enforcement Problem, Not an Awareness One

FORT WORTH, Texas--(BUSINESS WIRE)--Neon Cyber, the AI-native browser security platform purpose-built to govern how today's workforce uses generative AI and SaaS, today published Quantifying Shadow AI Risk in the Browser, a research report based on a survey of more than 200 U.S. knowledge workers.

The central finding rejects the most common path forward in enterprise AI governance: that an AI policy alone can reduce enterprise risk. Neon found that 63% of survey respondents reported having a clear AI policy that they understood. However, of that 63%, nearly 50% knowingly violated it by using unapproved AI tools anyway — because most organizations have no visibility into what their workforce is doing in the browser, and no controls that operate where the risk is actually created.

"The organizations asking 'how do we get employees to follow the policy?' are solving the wrong problem," said Cody Pierce, CEO and Co-Founder of Neon Cyber. "This research shows the policy is understood. What's missing is any mechanism to enforce it at the moment an employee opens an AI tool and decides what to share with it — in the browser, at the prompt, before the data moves."

The report also quantifies the scale of sensitive data exposure already occurring through browser-based AI use, with survey respondents knowingly uploading or pasting financial information, customer data, source code, logins, and API keys into AI tools. Critically, this behavior is driven by workers who consider AI essential to their jobs: 63% rated it either absolutely essential or very necessary.

“It’s not surprising to us how many workers rely on AI now. The research shows that blocking access outright is not a viable answer,” stated Mark St. John, COO and Co-Founder of Neon Cyber. “This isn’t surprising given the proliferation of shadow IT. Shadow AI is just a new wave of that. The organizations that are actually closing the enforcement gap are doing it with controls that operate where work actually happens, without slowing down the employees who depend on these tools.”

Quantifying Shadow AI Risk in the Browser is available now at neoncyber.com.

About Neon Cyber

Neon Cyber is the AI-native browser security platform purpose-built to secure how today's workforce uses generative AI and SaaS: in the browser, where modern work happens. Neon delivers real-time visibility for the browser — every credential used, prompt input, link click and file upload — and enforces intelligent guardrails without disrupting productivity. Deployed in minutes, Neon gives security leaders the confidence to say "yes" to AI — without leaking customer or company data. Learn more at www.neoncyber.com.