Employee Use of AI: “The Call is Coming From Inside the House!”

I bet Zach got everyone’s attention last week when he blogged about the possibility that executives might be vicariously liable for employee misuse of AI tools.  If that wasn’t enough to cause you to lose sleep over how employees use AI in the workplace, check out this new KPMG study.  Among other things, it says many employees use AI tools without a lot of regard for company policies:

Almost one in two employees who use AI admit to doing so in ways that contravene organizational policies and guidelines. For example, about half (48-49%) of employees report that they have uploaded sensitive company information, such as financial, sales, or customer information, or copyrighted material, into public AI tools.

Such behaviors are most common of employees who report their organization has banned generative AI (67%) or has a policy guiding generative AI use (56%), compared to those in organizations without such policies (33%) or those who are unsure if there is a policy (38%). This suggests outright bans may be ineffective, and that simply having policies does not guarantee compliance; clear guidance and education on responsible AI use is needed.

That’s bad, but it gets worse. The study also found that nearly half of employees reported using AI in ways that could be considered inappropriate and nearly two-thirds indicated that they have seen or heard other employees using AI tools in inappropriate ways.  A majority also reported using AI in non-transparent ways, like presenting AI generated work as their own, and relying on AI output without critically evaluating the information it provides.

There’s more scary stuff I could go into, but the study’s bottom line seems to be that when it comes to managing the downside risks of AI tools, companies should start by understanding that – like the old horror movie trope says – “the call is coming from inside the house.”