Research determines apps from China are commonly used.
Nearly one in 12 employees used at least one GenAI tool of Chinese origin.
According to research by Harmonic Security, the behavioral analysis, conducted over 30 days across a sample of approximately 14,000 end users in the United States and United Kingdom finds that 7.95 percent used the apps.
Among the 1,059 users who engaged with Chinese GenAI tools, Harmonic Security detected 535 incidents of sensitive data exposure. The majority of exposure occurred via DeepSeek, which accounted for roughly 85 percent of the total, followed by Moonshot Kimi, Qwen, Baidu Chat and Manus.
In terms of what sensitive data was exposed, code and development artifacts represented the largest category, making up 32.8 percent of the total. This included proprietary code, access keys, and internal logic.
Alastair Paterson, CEO and co-founder Harmonic Security comments: “All data submitted to these platforms should be considered property of the Chinese Communist Party given a total lack of transparency around data retention, input reuse, and model training policies, exposing organisations to potentially serious legal and compliance liabilities.
“These apps are extremely powerful with many outperforming their US counterparts, depending on the task. This is why employees will continue to use them but they’re effectively blind spots for most enterprise security teams.”
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
