anonym.legal

By · Last updated 2026-02-17

返回博客人工智能安全

AI:头号数据泄露渠道

77%的员工将敏感数据粘贴到AI工具中。生成式AI现已占企业数据泄露的32%。了解如何保护您的组织。

February 17, 20268 分钟阅读
AI securityChatGPTdata leakageenterprise security

AI已成为最大数据泄露渠道

2025年10月,LayerX Security发布了一份报告,令全球CISO警觉。核心发现:77%的员工将敏感文件粘贴到生成式AI工具中,其中82%来自个人未受管理的账户。

最关键的数字:生成式AI现在驱动了企业32%的数据泄露。它已成为当今企业内未授权数据外流的最大单一渠道。

这不是未来的风险。它正在您的组织中实时发生。

问题背后的数据

发现数据来源
向AI粘贴数据的员工比例77%LayerX 2025
通过AI工具发生的数据泄露32%LayerX 2025
通过个人账户使用ChatGPT67%LayerX 2025
每名员工每日粘贴次数14次LayerX 2025
每日含敏感内容的粘贴次数3次以上LayerX 2025

员工每天通过个人账户进行14次粘贴操作,其中至少3次包含敏感记录。传统DLP工具围绕文件设计,完全无法检测粘贴行为。

为什么封禁AI无济于事

三星在员工泄露源代码后封禁了ChatGPT。但封禁没有持续下去。

AI工具让人们工作更快。研究显示,使用AI的开发者完成任务的速度快55%。当您封锁AI时,员工会做以下三件事之一:

  1. 继续使用——通过个人账户,67%的人已经在这样做
  2. 降低产出并对限制心存不满
  3. 转投允许使用AI的雇主

封禁只是转移了风险,并没有消除它。

90万用户的扩展程序泄露事件

2025年12月,OX Security发现了两个恶意Chrome扩展程序,合计拥有90万以上用户,专门窃取ChatGPT和DeepSeek的聊天记录。

其中一个扩展程序还获得了Google的"精选"徽章——这是用户信任的标志。

两者的工作方式相同:

  • 实时捕获聊天内容
  • 存储在受害者设备上
  • 每30分钟批量发送至远程服务器

另一项调查发现,下载量超过800万次的免费VPN扩展程序自2025年7月起一直在捕获AI聊天记录。

了解更多浏览器层面的威胁,请参阅我们的Chrome扩展程序安全指南

在提示词发送前阻止泄露

唯一可靠的防御:在数据到达AI之前对PII进行脱敏处理。事后补救为时已晚。

这正是anonym.legal的Chrome扩展程序和MCP服务器的作用。

Chrome扩展程序

  • 在您向ChatGPT、Claude或Gemini提交前拦截文本
  • 检测并替换PII:"张三" → [PERSON_1]
  • 在AI回复中还原姓名

MCP服务器(适用于开发者)

  • 支持Claude Desktop、Cursor和VS Code
  • 作为透明代理运行——工作流程保持不变
  • PII在提示词离开您的设备前即完成脱敏

受保护的内容

两款工具覆盖48种语言中的285种以上实体类型

  • 个人信息——姓名、电子邮件、电话号码、出生日期
  • 金融信息——信用卡号、银行账户、IBAN
  • 政府信息——社会安全号、护照号、驾驶证
  • 医疗信息——病历号、患者ID
  • 企业信息——员工ID、内部账号

即使发生像那90万用户遭遇的泄露事件,也没有任何内容可供恢复。聊天记录中只留有脱敏后的令牌。

不采取行动的代价

想想员工每天向AI工具粘贴的内容:

  • 发送审查的财务报告
  • 用于客服聊天的客户记录
  • 用于调试的源代码
  • 发送摘要的法律文件
  • 用于分析的健康记录

IBM 2024年数据泄露成本报告显示平均泄露成本为488万美元。IBM 2025年更新数据显示医疗行业泄露成本高达742万美元——仍是所有行业中最高的。

Chrome扩展程序免费使用。MCP服务器包含在每月€15起的专业版套餐中。

立即开始

AI时代已经来临。您的员工已经在使用AI。LayerX报告显示传统工具对AI渠道的泄露毫无感知。您需要专为此渠道设计的管控措施。

anonym.legal在PII到达任何AI模型之前完成脱敏。浏览器端操作保持本地化。整个过程中不会有聊天内容接触anonym.legal服务器。

参考资料

相关文章

人工智能安全

AI Coding Assistants Leak Production PII

Unit test fixtures with real customer records. Log files with production data for debugging. GitHub found 39 million secrets leaked in 2024.

人工智能安全

Internal Wiki PII: Confluence Customer Data

Support teams document processes with screenshots of customer accounts. Over 3 years, that's thousands of GDPR data minimization violations in your.

人工智能安全

Screenshot PII: Leaks in Internal Tools

Slack, Teams, Jira, and email regularly receive screenshots containing customer PII. This access-control violation bypasses every DLP tool.

准备好保护您的数据了吗?

开始使用 285 种实体类型在 48 种语言中匿名化 PII。

开始免费试用查看功能

About this page

We update this page when our platform or the law changes.

Read our founder note for how we work.

Each change shows up in the timestamp at the top.

Related reading

We follow these rules

  • GDPR (EU 2016/679).
  • ISO/IEC 27001:2022.
  • NIS2 (EU 2022/2555).
  • HIPAA safe harbor under 45 CFR § 164.514(b)(2).

Our promise

We do not sell your data.

We do not train models on your text.

We store your files in Germany.

You can delete your account at any time.

You own your work.

Where we run

Our servers live in Falkenstein, Germany.

We use Hetzner. They hold ISO 27001 certification.

All data stays in the EU.

Backups run every day.

Need help?

Email support@anonym.legal.

We reply within one business day.

How we test

We run a full check suite on every release.

Each surface gets its own sweep script and report.

Human reviewers spot-check the output each week.

We track recall and precision on a labelled set.

Bad runs block the deploy.

What we never do

  • We never sell your information to third parties.
  • We never train models on what you upload.
  • We never keep your work after you delete it.
  • We never share keys with any outside firm.
  • We never run ads inside the product.

Plans in plain words

We sell credits, not seats.

One credit covers one short job.

Long jobs use a few credits each.

You can top up at any time.

Unused credits roll over each month.

Read the plans page for current rates.

Who built this

A small team of engineers and lawyers built this.

We ship from Europe and work in the open.

Our founder note spells out why we started.

Where to start

How the parts fit

A browser add-on cleans text inside Chrome.

A Word plug-in handles drafts in Office.

A small desktop tool works on whole folders.

An agent protocol link feeds large models safely.

All four share one core engine and one rule set.

Words from our team

We started this work after a lunch about cookies.

One friend kept getting odd ads on her phone.

We asked why a court file leaked through a draft.

We sketched the first build on a napkin that week.

By month three we had a tiny demo for a friend.

She used it on her first case the next day.

Common questions we hear

Can the tool read scanned PDFs? Yes, with OCR.

Does it work on long files? Yes, in small chunks.

Can I roll my own rule set? Yes, save it as a preset.

Does it run offline? The desktop build runs offline.

Do you keep my files? No, the cloud build wipes after each run.

Will it learn from my work? No, we never train on inputs.

A short tour of the workflow

Upload a file or paste a snippet of prose.

Pick the entities you want gone from the draft.

Choose a method: replace, mask, hash, encrypt, or redact.

Press run and watch the side panel show each hit.

Skim the result and tweak any rule that misfired.

Save the cleaned file or send it to a teammate.