As much as 69 percent employees in Poland use AI without the knowledge of the IT department, and 72 percent introduced company content into tools such as ChatGPT or Gemini without assessing potential threats, the report said.
The greatest threat to companies and institutions is the so-called Shadow AI, i.e. the use of artificial intelligence tools without the knowledge and supervision of the organization. Employees, often in good faith, use AI to speed up work, but lack of awareness of the threats leads to serious consequences.
The text continues below the video
An example would be pasting sensitive data, such as PESEL numbers or information about account balances to public AI modelswhich took place in one of the European banks. Otherwise Samsung engineers copied snippets of source code into free AI toolsunknowingly sharing strategic data.
Read also: The line between AI and humans is blurring. We're starting to talk like chatbots
Przemysław Wójcik, president of AMP, emphasizes that such incidents are not isolated cases, but everyday occurrences. — In industrial companies, employees entered PLC configurations along with passwords into generative models, which led to attacks on the infrastructure. Programming teams pasted API keys and logins, which in one company resulted in the takeover of repositories and paralysis of several projects – comments Wójcik.
Poland is at the forefront of cyberattacks
According to ESET data from the first half of 2025, Poland was one of the most frequently attacked countries in terms of ransomwarebeing responsible for 6 percent global incidents of this type. Experts indicate that the development of AI tools has occurred faster than the ability of companies to implement appropriate security measures.
Within a few years, over 30,000 were created. artificial intelligence tools, most of which run in the cloud, storing user data on servers outside the EU. Entering data such as medical records, source codes or test results there may lead to irreversible leaks.
Read also: “This country is in serious trouble.” Economist on the bursting bubble
Przemysław Wójcik notes that the public sector, including local governments, hospitals and clinics, is in a particularly difficult situation. – These institutions process the most sensitive data, and yet the vast majority of them do not have any procedures, control tools or awareness of threats – says Wójcik.
What threats does AI pose?
Using AI without appropriate security measures may lead not only to data leakage, but also to serious security incidents. Generative AI models are susceptible to manipulation, which poses the risk of injecting false data, generating incorrect reports or creating convincing phishing messages.
In recent years, cases have been reported in which AI generated technical reports with incorrect parameters of industrial equipmentwhich could lead to infrastructure failure.
Read also: Artificial intelligence created a Polish series. “An extraordinary world has been created”
In medical and public settings, the risks are even greater. Hospital workers often use AI to summarize medical records, and clerks often use AI to draft letters. Patient data, health information and HR data end up in systems over which there is no control. Meanwhile, GDPR and cybersecurity regulations require the public sector to maintain the highest standards of data protection.
How to protect your organization against AI threats?
– Artificial intelligence is not a threat in itself. The danger is its unconscious, uncontrolled use, emphasizes Przemysław Wójcik. He adds that the lack of a responsible approach to new technologies may cost more than anyone expects.
He provided seven rules for the safe use of AI:
- Don't enter sensitive data into AI tools
- Only use tools approved by your IT department
- Anonymize data before using it in AI
- Verify AI-generated answers
- Report cases of Shadow AI (using AI without the knowledge and supervision of the IT department)
- Protect passwords, keys and system configurations
- Remember that AI may generate false information.
