More than just a tool, artificial intelligence is becoming a trusted companion in both personal and professional lives. AI-powered browsers and extensions promise faster search results, tailored recommendations, and enhanced productivity. But a new large-scale study shows that convenience may come at a hidden cost, and the implications extend beyond consumer technology and into the corporate world.
The Silent Data Grab in Public AI Browsers
Researchers at the University College London and UC Davis tested 10 of the most popular public AI browser assistants —including ChatGPT, Copilot, and Merlin AI — to see how they handled user data. What they discovered was troubling:
- Unprecedented access to private spaces. These tools collected sensitive information from private portals, including banking details, IP addresses, medical records, academic information, and even Social Security numbers.
- Little transparency or control. Even privacy-conscious users couldn’t fully see what data was being recorded, transmitted, or profiled.
- Potential legal noncompliance. The researchers warned of likely breaches of U.S. health privacy laws like HIPAA and FERPA, and Europe’s GDPR.
- Profiling without consent. Some assistants inferred users’ age, income, and interests — personalizing responses based on assumptions rather than explicit input.
As Anna Maria Mandalari, the study’s senior author, put it: “There’s no way of knowing what’s happening with your browsing data once it has been gathered.”
From Public AI to Enterprise AI
If public AI browsers can collect and analyze sensitive information without users’ knowledge, what happens inside a company when AI is given access to corporate data?
Enterprise AI systems, whether they’re virtual assistants or agentic decision-making tools, rely heavily on human-created, unstructured data: emails, chats, reports, documents, voice recordings, and more. Just like browser assistants scanning private portals, enterprise AI does not automatically distinguish between confidential and non-confidential content.
The parallels between public AI and enterprise applications are evident:
- Employees assume privacy. Just as consumers expect private browsing to stay private, employees expect internal communications to remain internal.
- AI ingests everything it has access to. Without guidance, AI models can absorb sensitive information such as financial results, intellectual property, and customer PII.
- Risks surface later. That data can leak into AI responses, reports, or recommendations, creating compliance exposures, reputational harm, and loss of trust.
Unstructured Data: AI’s Blind Spot
Over 80-90% of enterprise data exists in unstructured formats, and most of it is unmanaged and unknown. Unstructured data is where the richest human context lives, and where the highest risk resides. These are the digital “private portals” of an organization: the messages and files employees don’t expect to be scrutinized.
When enterprise AI trains on or queries this data without oversight, sensitive and private content can unintentionally appear in AI outputs. Confidential patterns or relationships can be inferred by the system, and regulatory obligations can be breached unknowingly.
What consumers are experiencing with AI browsers is a warning for enterprises deploying AI internally.
Data Governance Guardrails
The good news is that enterprises can act now to prevent these issues. Unstructured data governance provides the visibility and control needed to use AI responsibly and securely. By classifying and curating information before it reaches an AI system, organizations can:
- Ensure sensitive, private, or regulated data is excluded from training or query results.
- Maintain compliance with privacy and industry regulations.
- Build trust by showing employees, customers, and partners that AI is being used transparently.
- Enable AI to use valuable human context without crossing ethical or legal lines.
- Increase output accuracy due to high-quality, relevant inputs.
Unlike consumers who rely on third-party AI browser vendors, enterprises have the power to decide what data AI can access. A unified approach to unstructured data governance creates the guardrails needed to keep enterprise AI in line.
Act Now to Control Enterprise AI
The browser assistant study reveals more than just a consumer privacy issue. It’s a microcosm of what can happen when AI operates without boundaries. For enterprises, the lesson is simple but urgent: audit, classify, and govern your unstructured data before giving AI the keys to it.
If you wouldn’t let a public AI browser read your private medical records, why let an internal AI comb through sensitive corporate emails without oversight?
Don’t let your enterprise AI become a black box. Download our brochure to learn how ZL Tech helps enterprises govern unstructured data and unlock AI’s potential.
