Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

A recent report of a solicitor facing regulatory investigation after uploading client documents into ChatGPT is not an isolated incident. It is a visible symptom of a broader structural issue unfolding across highly regulated industries. Legal professionals operate under strict duties of confidentiality, and yet the tools reshaping their workflows are being adopted faster than governance and operational controls can keep pace. The challenge is not whether AI should be used in legal practice.

AI adoption isn’t slowing down. It’s accelerating, quietly, unevenly, and often outside formal control. To separate assumption from reality, CultureAI commissioned an independent research study of 300 senior technology, security, and risk leaders across North America and Europe. Respondents included CISOs, CIOs, CTOs, Data Protection Officers, and senior IT and security leaders across finance, healthcare, technology, legal, and professional services.

AI is no longer a fringe productivity experiment inside organisations, it is embedded, habitual, and increasingly invisible. This snapshot from CultureAI’s January usage data highlights how AI is actually being used across everyday workflows, and where risk is forming as a result. Rather than focusing on hypothetical threats or model-level concerns, the findings below surface behavioural signals from real interactions: prompts, file uploads, and context accumulation.