AI site visits up 43% as workers outpace oversight

Redflags reported a 43.2% year-on-year rise in employee visits to AI websites in 2025, based on data from 44 organisations.

The figures indicate a sharp increase in workplace use of AI tools at a time when many employers are still putting oversight in place. The number of companies actively monitoring employee AI usage rose by 91% between 2024 and 2025.

The research drew on more than 29 million on-device behavioural nudges collected in 2025 across sectors including financial services, engineering and manufacturing, and government. According to Redflags, the dataset tracked actual employee behaviour over time rather than relying on surveys or self-reporting.

The 3% issue

One of the clearest findings was the concentration of AI activity among a small group of staff. Just 3% of employees accounted for 18% of all AI activity, averaging 235 AI events each, compared with 35 for the average employee.

The pattern suggests a limited number of workers are using AI tools far more often than their colleagues, raising questions for security teams about where to focus monitoring and internal controls. Organisations commonly track employees uploading files to AI sites, using AI tools without logging in through corporate accounts, and accessing unapproved applications.

Those actions can create routes for sensitive data to leave an organisation and may be difficult to identify without direct visibility into user behaviour on devices. The data also showed AI use peaking at 9am on weekdays, indicating that these tools are becoming part of the daily work routine.

OpenAI accounted for 93% of all recorded AI site visits in the sample, according to the report. Gemini made up 5%, while Copilot, Perplexity, Claude and DeepSeek each accounted for less than 1%.

Tim Ward, chief executive of Redflags, said the pace of adoption had outstripped internal governance at many organisations.

"The speed at which AI usage is growing inside organisations is remarkable, but what's equally striking is how many companies are only now starting to understand what's actually happening on their employees' devices. Governance is racing to catch up with behaviour, and the gap between the two is where risk lives."

Security overlap

AI-related concerns are emerging alongside more established security risks rather than replacing them. In the same dataset, 93% of the organisations analysed recorded clicks on links in external emails from unknown senders.

Redflags said its intervention model led to a 35% average reduction in dangerous link clicks, while the best-performing organisations recorded a peak reduction of 83%. It also reported a 28% increase in the hover-to-click ratio over six months, which it described as a sign that employees were pausing to inspect links before acting.

The data showed a 22% average reduction in passwords being entered after users clicked links from unknown senders. That suggests behaviour-based prompts may change employee responses to phishing attempts over time.

Ward said employers should treat AI use as a behavioural issue as well as a policy and technology matter.

"The human brain is wired to seek novelty. New AI tools trigger dopamine responses associated with excitement and reward. This makes them inherently compelling to employees, regardless of whether they're approved by the business. Understanding that this is a human behaviour challenge, not just a technology policy one, is critical to building an effective response."

The report covered 29,324,301 behavioural nudges and recorded an 82% voluntary engagement rate. Its aim was to measure baseline behaviour before interventions and then track changes over time.