Code Red: Analyzing China-Based App Use

Financial information accounted for 14.4% of sensitive data exposed through employee use of Chinese GenAI tools at work.

1 in 12 employees, or 7.95%, used at least one Chinese GenAI tool at work.

Among the 1,059 users who engaged with Chinese GenAI tools, there were 535 incidents of sensitive data exposure.

The majority of sensitive data exposure (roughly 85%) due to the use of Chinese GenAI tools occurred via DeepSeek, followed by Moonshot Kimi, Qwen, Baidu Chat and Manus.

Code and development artifacts made up 32.8% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Personally identifiable information (PII) comprised 17.8% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Customer data represented 12.0% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Mergers & acquisitions data accounted for 18.2% of sensitive data exposed through employee use of Chinese GenAI tools at work.

Organisations that implement light-touch guardrails and nudges, rather than blanket blocking of Chinese GenAI tools, have seen up to a 72% reduction in sensitive data exposure, while increasing AI adoption by as much as 300%.

Legal documents made up 4.9% of sensitive data exposed through employee use of Chinese GenAI tools at work.