Gartner predicts that by the end of 2026, more than half of all AI-related data breaches will trace back to employees using generative AI the wrong way. Not adversaries. Not zero-days. Just people pasting things into ChatGPT they shouldn’t.
Most companies responded to this risk the same way: by writing an AI Acceptable Use Policy in a hurry sometime in 2023, circulating it once, and never touching it again.
If that’s your organization, your AUP is already broken. The threat surface has changed. The tools have changed. The legal landscape has changed (see: Heppner). Your policy almost certainly hasn’t.
Here’s the 9-point audit I’d run on your AUP this week.
1. Does it name specific tools — or just “AI”?
A policy that says “employees should not enter sensitive information into AI tools” is meaningless. Employees don’t think of Grammarly, Otter.ai, GitHub Copilot, or the AI summary feature in Zoom as “AI tools.” They think of ChatGPT.
Fix: List the categories of AI exposure your policy covers — public LLM chatbots, AI-enabled productivity features, AI coding assistants, AI meeting recorders, AI browser extensions. Name the specific platforms approved and prohibited.
2. Does it differentiate between consumer and enterprise versions?
ChatGPT and ChatGPT Enterprise are the same product in name only. One trains on your data by default. The other has a contractual no-training clause and SOC 2 controls. If your policy treats them the same, employees will treat them the same — and they’ll pick the free one.
Fix: Define which AI deployments are approved (enterprise tier with DPA in place), which are conditional (consumer tier for non-sensitive tasks only), and which are prohibited entirely.
3. Does it define what “sensitive data” actually means in an AI context?
“Don’t paste sensitive data into AI” is the most common line in every AUP I’ve ever read. It’s also the most useless. Most employees genuinely don’t know that a client name plus a deal size plus a date is reidentifiable, or that a code snippet with an internal API key is a credential leak.
Fix: Tie your AI AUP to your existing data classification scheme. Spell out, with examples, what categories cannot enter a public AI tool: PII, PHI, MNPI, attorney work product, source code containing secrets, customer records, internal financials.
4. Does it address output as much as input?
Half the AI risk is what comes back. Hallucinated case citations have already gotten lawyers sanctioned. Hallucinated medical advice has reached patients. Hallucinated financial figures have ended up in board decks.
Fix: Your policy needs an output verification clause. Any AI-generated content used in a client deliverable, regulatory filing, or external communication must be reviewed by a qualified human. No exceptions.
5. Is there role-based authority — or is everyone treated the same?
A marketing manager using AI to draft email copy has a fundamentally different risk profile than an HR director using AI to screen resumes or a developer using AI to write code that touches production. Most AUPs treat them identically.
Fix: Tier AI permissions by role and use case. Document which job functions are approved for which AI use cases. Sales can use AI for prospect research; HR cannot use AI to make adverse employment decisions without human review and bias testing.
6. Does it have a vendor approval process?
Shadow AI is mostly a procurement failure. Employees adopt new AI tools faster than IT can evaluate them, and by the time legal finds out, half the team is already using it.
Fix: Define a lightweight intake process for new AI tools. At minimum, every new tool requires: data flow review, terms of service review (especially the data use and retention sections), security questionnaire, and a designated owner. Make it fast — if approval takes three months, employees will route around it.
7. Does it cover incident reporting?
If an employee realizes they pasted client data into ChatGPT yesterday, what are they supposed to do? In most organizations, the answer is “panic and hope no one notices.” That’s not a policy. That’s a coverup waiting to happen.
Fix: Create a no-blame reporting channel for AI incidents. Define what triggers a report (sensitive data exposure, hallucination that reached a client, prompt injection event). Connect it to your existing incident response playbook.
8. Does it reflect the current legal landscape?
The Heppner ruling established that conversations with public AI tools are not protected by attorney-client privilege. The EU AI Act is now in enforcement. State-level AI laws — Colorado, California, New York — are creating obligations around hiring, transparency, and consumer disclosure. If your policy was written before any of this, it’s outdated.
Fix: Add a regulatory landscape section that’s reviewed quarterly. Tie specific clauses to specific obligations. When the law changes, the policy changes.
9. Is it actually enforced — or just published?
This is the one most organizations fail. The policy lives on a SharePoint site. Nobody reads it. Nobody is trained on it. Nobody is monitoring against it. When something goes wrong, the policy becomes evidence that you knew the risk and did nothing operational about it — which is worse than not having a policy at all.
Fix: Annual training tied to attestation. Random sampling or technical monitoring of AI tool usage. Documented enforcement actions when violations occur. A policy without teeth is a liability, not a control.
The Honest Reality
Most AUPs fail not because they’re badly written but because they’re written as if policy alone is the control. It isn’t. Policy without monitoring is a hope. Policy without enforcement is a wish.
The organizations getting this right are layering technical controls on top of their AUP — DLP that understands AI, browser-level inspection of what employees are actually typing into chatbots, audit logs that show what left the building. The policy tells people what to do. The technology makes sure it actually happens.
That gap — between written policy and operational reality — is what AegisPrompt was built to close. If you’ve worked through this checklist and realized your policy is doing more aspirational lifting than operational lifting, we should talk.