Enterprise AI Provisioned. So Why Is the Work in Personal Accounts?
Enterprise AI deployments are supposed to create a clear separation between corporate data and personal activity. The data shows the opposite happening: employees use their personal, free AI accounts for work, and their employer-provided enterprise accounts for things that have nothing to do with their jobs. More surprising yet, the mix of tasks is near-identical no matter what tool is used and whether it is free or paid.
Harmonic Security analyzed 1.9 million classified AI-session minutes, tagging each conversation as personal, business, or ambiguous. The findings reorder how security teams should think about coverage, risk, and what governance actually controls.
Free accounts run on business work
Across every major AI provider with a free tier, the same pattern holds: 64.5% of activity on personal accounts is business use, not personal. Employees are reaching for their own ChatGPT Free subscriptions to write work emails, summarize meeting notes, and debug code. They are not using them to plan holidays. Critically, when that employee leaves the business, they take with them specific memories and business context that the company cannot recover.
Copilot Free leads the group at 80.2% business activity, which makes sense given it theoretically requires a Microsoft account that may already carry a corporate identity. Claude Free runs at 67.2% and ChatGPT Free at 60.6%. Gemini Free is the lowest at 40.5%.
These employees are not acting irrationally. Free accounts are often already logged in, already have chat history, and already have browser extensions configured. The path of least resistance for a quick work question is whatever AI is already open.
Enterprise accounts host nearly half of all personal AI activity
Overall, across all accounts, 13.3% of time spent on AI is personal use and 74.6% is business. That ratio matters: AI adoption is primarily a work productivity story, with a meaningful but minority personal-use layer sitting on top.
Where that personal activity lives is the more revealing finding. The intuition most security teams carry is that enterprise accounts are for work and personal accounts are for personal tasks. The data shows the opposite distribution.
The three-way split of where personal minutes actually live: 45.6% on enterprise-licensed plans (ChatGPT Enterprise, Claude Enterprise, and Gemini for Workspace), 29.9% on paid consumer plans such as ChatGPT Plus, Claude Pro, and Gemini Pro, and 15.5% on free and guest accounts. Governance that focuses on monitoring free accounts is watching the minority of where personal AI activity actually happens.
The mix of business work is broadly similar across tools
A related question is whether the application an employee opens predicts what kind of work they do. Mostly no. The rough shape of business activity follows the same hierarchy across every tool, with efficiency dominating and innovation at the bottom. The magnitudes vary in ways worth flagging.
Across all six AI tools in the dataset, the broad shape of business work is consistent. Efficiency and automation dominates at around 47% of time, followed by risk and compliance and decision support at 20% each, then revenue and growth at 7% and innovation and creation at 6%. There are tool-specific nuances (Claude does notably more decision support than ChatGPT, 31% vs 17%, and Microsoft Copilot leans hardest on efficiency at 57%), but the overall hierarchy holds across every platform.
The implication for security teams is significant. Every tool is doing real business work, and the work concentrates in efficiency, risk, and decision support, categories that carry meaningful data exposure regardless of which AI an employee opens. Switching tools shifts the mix at the margins but does not eliminate exposure. Security controls that focus on which tool an employee uses will not meaningfully change what data they share with it. Coverage has to follow the user, not the application.
Legal leads AI adoption. Go to Market leads the blind spot.
Cutting the data by functional areas reveals where AI has embedded most deeply in the enterprise.
Legal and Governance is the highest-volume department at 19.5% of all AI hours, ahead of Go to Market (17.7%), Design and Development (13.3%), and Strategy (11.9%). For a function often characterized as slow to adopt new technology, that concentration is striking. Legal work involves contracts, litigation strategy, regulatory analysis, and IP review. These are among the most sensitive categories of content an employee could put into an AI prompt.
The enterprise-versus-free split tells the more operationally important story. On enterprise plans, Legal accounts for 32.3% of activity. On free accounts, it is barely present. Go to Market flips the pattern entirely: it accounts for 28.6% of free-account AI hours, the single largest category, while representing only 10.1% of enterprise plan usage.
Legal teams have largely adopted enterprise AI. Sales and marketing teams are largely running on personal accounts their employers cannot see. The governance coverage follows the opposite of the risk.
The tool-department affinities are sharper than the overall numbers suggest. ChatGPT accounts for 67% of Legal AI activity, by far the largest function-tool concentration in the dataset. It also leads Go to Market (60%) and People and Talent (56%).
Claude's profile is different: it handles 41% of Strategy work and 40% of Finance, reflecting its stronger position in tasks requiring sustained analytical reasoning. The session depth data confirms this, with Claude Enterprise sessions averaging 10.4 minutes per task, the deepest for any high-volume plan in the dataset. A few lower-volume plans run slightly longer per session (Perplexity Enterprise at 11.8 minutes, for example), but Claude Enterprise's combination of depth and scale is unmatched.
DeepSeek's footprint is small in absolute terms (under 1% of the dataset's total AI hours), but what usage it does see concentrates in Go to Market work, with 43% of its hours classified as GTM activity. That fits the pattern of sales and GTM teams reaching for DeepSeek for competitive research and proposal generation. Microsoft Copilot's strongest showing is Infrastructure and Security at 32%, consistent with IT teams using it for technical queries and runbook work.
Design and Development runs the deepest sessions at 9.6 minutes per task, followed by Strategy at 8.6 minutes and Finance at 7.6 minutes. These functions use AI for complex, iterative work: code review and generation, strategic synthesis, financial modelling. Legal, despite its high volume, sits at 6.4 minutes per task. This moderate depth but massive total hours means the overall exposure is the highest in the dataset. Customer Experience and Operations run shallow at under 5 minutes, consistent with quick-lookup and template-generation use rather than sustained problem-solving.
Session depth separates embedded workflows from throwaway queries
Since use-case mix is near-identical across platforms, session depth becomes the more useful behavioral signal: how much time an employee spends per AI task. The variation here is significant.
Claude sessions average 10 minutes 12 seconds per task, 73% longer than ChatGPT sessions at 5 minutes 53 seconds. At the shallow end, ChatGPT guest sessions average about two minutes, consistent with throwaway queries on a borrowed or shared account rather than embedded workflow use.
This distinction matters for security policy in a concrete way. A 12-minute Claude session working through a contract analysis is structurally different from a 2-minute ChatGPT Guest query for a synonym. Deeper sessions involve more context-setting, more back-and-forth, and more material that an employee might paste in without thinking about where it ends up.
What this means for teams governing AI in 2026
Monitor free-tier accounts or accept the coverage gap
64% of activity on personal AI accounts is business use. Material amounts of corporate data flow through tools the security team cannot see directly. Teams that govern only corporate-issued AI accounts are governing a minority of where work actually happens. The coverage gap is on the device, in the browser, and in employee habits.
Stop using plan tier as a proxy for risk
Plan tier doesn't reliably predict whether the work happening on it is sensitive. Roughly two-thirds of activity on free-tier accounts is business work, while nearly half of personal AI use happens on enterprise accounts. A free-tier session might be a contract review; an enterprise session might be a personal email draft. Controls keyed to plan tier will misclassify both directions. Risk has to be assessed from the content of the conversation, not the product tier funding it.
Build monitoring logic around session depth, not event counts
A 12-minute Claude session on a contract review is structurally different from a 2-minute ChatGPT Guest synonym lookup. Both register as a single AI event in a usage dashboard. Only one carries material data exposure risk. Session depth is measurable, correlates with the amount of content shared, and is a more reliable trigger for investigation than plan type or prompt volume.
Stop measuring AI effectiveness with token and usage counts
Vendor dashboards report seats, tokens consumed, and monthly active users. These numbers measure adoption, not value. The use-case breakdown in this dataset is what connects AI activity to outcomes: efficiency and automation tasks at 47% represent workflow acceleration; decision support at 20% represents judgment augmentation; risk and compliance at 20% represents a use case with direct audit implications. Understanding whether those activities are producing measurable results requires measuring the outcomes, not the inputs.
The broad consistency of use-case mix across tools also matters here. Switching from one AI to another shifts the mix at the margins but does not eliminate exposure to any of the high-risk categories. What changes more sharply is session depth, and that is the variable most correlated with both the quality of the output and the sensitivity of what was shared to generate it.
Methodology and frequently asked questions
Harmonic Security analyzed 1,935,247 classified AI-session minutes across a panel of enterprise organizations over a trailing seven-week period ending April 2026. Each AI conversation was classified as personal, business, or ambiguous using a large-language-model classifier trained on enterprise AI usage patterns. The analysis covers six AI tools: ChatGPT (Free, Plus, Enterprise, Guest), Claude (Free, Pro, Enterprise), Gemini (Free, Business, Enterprise), Microsoft Copilot (Free, Pro, and M365), DeepSeek, and Perplexity. Plan tier classifications were derived from account metadata provided by each AI platform's enterprise reporting API. Customer identifiers have been anonymized.
How much of all AI activity is personal use, and where does it happen?
13.3% of all classified AI minutes are personal use, with 74.6% business and 12.1% ambiguous. Of those personal minutes, 45.6% occur on enterprise-licensed plans, 29.9% on paid consumer plans such as ChatGPT Plus and Claude Pro, and 15.5% on free or guest accounts. Personal use concentrates in the higher-capability plans, not the free ones.
Why is Legal and Governance the top department by AI hours?
Legal work maps directly onto the tasks where AI provides the most obvious value: contract review, regulatory research, policy drafting, and compliance analysis. These are text-heavy, reference-intensive tasks that historically required significant billable time. The volume partly reflects genuine productivity gains, but it also means the highest-sensitivity content in an organization is flowing into AI tools at a higher rate than most security teams have modelled for.
Why does Gemini Free show more personal use than other free-tier apps?
Gemini Free is the sole exception to the general pattern (40.5% business vs 60-80% for other free tiers). The most likely explanation is Google's Chrome AI Mode, which surfaces Gemini natively in the browser during everyday browsing, capturing ambient personal activity that does not reflect intentional AI tool use.
How does Harmonic capture AI activity in consumer accounts?
The dataset reflects activity observed through Harmonic's browser-level monitoring, which can see AI conversations regardless of whether the account is corporate or personal, provided the employee is using a managed device or has the Harmonic agent installed. The minutes metric counts time spent in active AI conversation sessions, not idle time or page-open time.
What is the difference between Business and Enterprise plan tiers?
'Enterprise plans' refers to organization-level subscriptions (ChatGPT Enterprise, Claude Enterprise, Gemini Enterprise, Microsoft Copilot M365) where the account is provisioned and paid for by the employer. 'Business plans' such as ChatGPT Team and Gemini Business are also workplace-purchased tiers but typically with lighter administrative controls. Both are included in the corporate-plan grouping. Free, Plus, and Pro plans are treated as personal-tier.
