Blog
/
User behavior risks
Visibility
Governance
CISO
Productivity
April 11, 2025

CISO Guide to Securing Employee Use of GenAI

Best Practices for Securing Public GenAI Apps and LLM Apps in the Enterprise

Public GenAI apps, like ChatGPTs and Copilots, are now widely used at work. It's not without its risks. The providers have created a maze of data protection promises, which mean that a wrong AI, subscription, login, setting or geo may mean that the end user prompt becomes the AI maker's to use. At the same time, NROC Security has seen that every 100 prompts contain 32 instances of PII.

Fundamentally, Gen AI apps represent a new breed of software where use cases are invented on the fly, user inputs are unpredictable, any data can be used, and there is no promise of the accuracy of the outputs. This creates several issues for traditional security architectures: lack of visibility, inability to to control user-driven data exposure, unable to monitor potentially inaccurate outputs, as well as gaps with identity and access management. The end users need guidance, not friction. The security team needs effective controls, and the compliance team needs evidence of policy compliance.

This guide, based on over 130 practitioner interviews, defines the issues and suggests best practices how CISO teams need to go beyond the traditional playbook. The guide concludes how well executed AI security can build trust in AI usage and provide insights for shaping the AI agenda. Security can be an accelerator for organizational learning and innovation.

Written by
Antti Reijonen
Co-Founder and CEO
Share This

Get insights on boosting GenAI app adoption safely

Subscribe to NROC security blog

More blog posts

Governance
Productivity
User behavior risks

How AI Champions drive personal productivity and ROI from GenAI

Practical ways to build end user confidence, skills, security, and governance so employees can realize productivity gains from GenAI tools like ChatGPT.

Governance
Productivity

6 key GenAI trends shaping employee productivity in 2026

Employee productivity is entering a new phase as GenAI tools move from experimentation to everyday work. We founded NROC Security on the belief that enterprise employees want to use tools like ChatGPT, to get more done, while organizations remain rightly concerned about security and data exposure. By the end of 2025, most organizations had stopped saying “no” to GenAI, and instead started introducing policies and staff guidance for acceptable use, even as the technical enforcement lagged behind.

Governance
Prompt risks
Visibility
Webinars
Productivity

On-demand webinar: Governing GenAI for employee productivity

Governing GenAI for employee productivity with The Cibernetica Group and NROC Security

Governance
Prompt risks
Visibility
Webinars
Productivity

On-demand webinar: How The Hornblower Group secures GenAI to unleash personal productivity and innovation

See how The Hornblower Group drives responsible GenAI use while unlocking employee productivity

Safely allow more GenAI at work and drive continuous learning and change

Discover how
NROC logo
© 2025 NROC Security, Inc. All rights reserved.
Solution
Overview
Resources
Blog
Company
About usContact usNewsroom
Legal
Terms of UsePrivacy

This website uses cookies to ensure you get the best experience on our website. Learn more

Accept All Cookies Reject All