Staff are handing company secrets to AI because ‘bosses have failed to set the rules’

Zendata Cybersecurity chief Isabelle Meyer says workers are using chatbots before many employers have explained where company data can safely go

Employees are exposing companies to cyber risk by using AI tools faster than their employers can set rules for them, one of Europe’s senior cyber executives has warned.

Isabelle Meyer, co-founder and chief executive of Zendata Cybersecurity, said staff are often trying to work more efficiently when they enter sensitive company information into chatbots, but many have little idea where that data is stored, how it may be used, or whether it is leaving the organisation’s control.

The unmanaged use of artificial intelligence, often known as “shadow AI”, has become one of the fastest-growing cyber risks facing companies as they race to bring generative AI into everyday work.

Speaking on Business Matters, Meyer said companies were exposing themselves to risk by adopting new technology before putting proper governance, training and security checks in place.

“Shadow AI is the biggest threat at the moment,” she said.

“What are you giving in the prompt? What are you ingesting? That is where we have the biggest threat at the moment, and most organisations don’t even know where their data is stored.”

“Everybody wants to use AI agents – insurance, law firms, banking, they all want to do it. But is your environment ready to incorporate it? Once it’s there, is it safe? And then you still need to pen test it.”

“It was like with the cloud. Everybody wanted to go on the cloud. Everybody rushed, and they all got on the cloud. Yes, it is more secure than on-prem, but it’s not hacker-free. You still need to protect it. And now it’s the same thing with AI.”

Meyer said workers may be feeding confidential information into external platforms without any intention of putting their employers at risk.

“Some companies will put in their entire financial information onto an AI platform. It’s not intentional. The employee thinks he’s doing the right thing, but maybe it’s also not understanding the impact of it.”

The warning comes as companies increasingly build AI into day-to-day operations while facing a more volatile cyber environment, in which attacks are becoming cheaper, easier to launch and harder to predict.

According to McKinsey’s 2025 global AI survey, 78 per cent of organisations now use AI in at least one business function, up from 55 per cent a year earlier, while 71 per cent regularly use generative AI.

Microsoft’s AI Economy Institute has also estimated that roughly one-in-six people worldwide now use generative AI tools, underlining how quickly the technology has moved into normal working life.

Meyer began her career in litigation in London before becoming a managing partner in Geneva and co-founding Zendata Cybersecurity, which focuses on cyber resilience, incident response, risk assessment and the safe adoption of emerging technologies.

The company works with organisations across sectors to identify vulnerabilities, strengthen defences and help businesses understand how tools such as AI can be used securely rather than becoming another route for data exposure.

Meyer said the wider cyber threat has changed because attackers no longer need advanced technical skills to cause serious damage. 

Ransomware tools can now be bought quickly and cheaply through the dark web, while automated scans leave organisations of every size exposed.

Smaller companies are especially vulnerable because many assume they are too insignificant to be targeted, she warned.

Many larger businesses, meanwhile, are still treating cyber security as a compliance exercise rather than a live assessment of risk.

“It’s not really about who you are and how big you are,” Meyer told Juliette Foster. “You need to put in your environment at least the strict minimum.”

She also warned that geopolitics was reshaping the threat environment, with wars, diplomatic flashpoints and major international events creating opportunities for hostile cyber activity.

“The Russian-Ukraine war, complication in the Middle East, the G7 summit, the Olympics – these are all playgrounds for the threat actors, the hackers,” she said. “Cyber-attack is extremely efficient and extremely cheap compared to sending people on the ground.”

AI is also changing cyber defence, helping security teams process threat intelligence, reduce noise and support forensic investigations.

But Meyer said companies could not rely on tools alone. Cyber security also required governance, education and real-time adaptive defence.

“Cybersecurity is about risk,” she said. “It’s not about tools. It’s about risk.”

Looking ahead, Meyer said businesses would need to prepare for quantum-resistant systems and vulnerabilities in satellite and space infrastructure.

“Whatever we are building now needs to be quantum resistant in the future,” she said. “If you’re looking at the next step in cybersecurity, we had physical security, we had cybersecurity, and now we have to think about cybersecurity in space.”

Watch Isabelle Meyer, co-founder and CEO of Zendata Cybersecurity, in conversation with Juliette Foster on Business Matters, on The European’s YouTube channel.

VIEW MORE: Four forces reshaping cyber risk in 2026. The cyber threat landscape is becoming faster, more complex and harder to contain. Here, Steve Durbin of the Information Security Forum sets out the four forces reshaping cyber risk in 2026 and explains why resilience has become a core leadership discipline. 

Do you have news to share or expertise to contribute? The European welcomes insights from business leaders and sector specialists. Get in touch with our editorial team to find out more.