34.8% of corporate data going into AI tools is now classified as sensitive. Two years ago it was 10.7%. And a third of that ChatGPT usage is happening through personal accounts, completely outside corporate security controls.
Those are global numbers from Cyberhaven’s analysis of 7 million workers. In Australian regulated industries, the data flowing into those prompts isn’t generic “sensitive information.” It’s specific, identifiable, and attached to specific regulatory obligations the moment it leaves the building.
The reality on the floor
Picture the reality in any mid-market financial services firm right now. A super fund member services officer pastes a member’s Tax File Number into ChatGPT to help draft a response letter. A claims assessor at an insurer drops a customer’s Medicare number and date of birth into Claude to summarise a complex file. A credit analyst at a regional bank copies a BSB and account number into an AI tool to reformat a report for a manager.
None of them are being malicious. All of them are being productive. And none of them know that the moment that data hit a US-hosted API endpoint, they triggered cross-border disclosure obligations under APP 8 of the Privacy Act.
Each data type carries its own obligation
This is where the generic framing of “sensitive data” falls apart. In an Australian regulated context, each of those PII types triggers a specific, named obligation:
- A Tax File Number is governed by APP 8 the instant it crosses the border, and under APRA CPS 234 it becomes a third-party information asset the moment it lands in an external AI provider’s systems — an asset you’re expected to be actively overseeing, not just listing in a register.
- A Medicare number carries all of that, plus the heightened sensitivity that comes with health-related information under the Privacy Act.
- A BSB and account number is the kind of financial identifier that turns a casual prompt into a reportable cross-border disclosure of a customer’s banking details.
The point isn’t that any one of these is catastrophic on its own. It’s that the obligation attaches automatically, silently, and per-request — and the business has no record that it happened.
The problem isn’t AI. It’s the dark.
The instinct in most organisations is to ban the tools. That doesn’t work, and it misses the actual problem. The problem isn’t that staff are using AI to be more productive. The problem is that nobody knows it’s happening.
There’s no detection. No logging. No way to answer the question an APRA reviewer will eventually ask: what data went to which provider, when, and under what control? A policy document that says “don’t paste customer data into ChatGPT” is not evidence. It’s a hope. And when the data is already flowing through personal accounts on personal devices, it’s a hope you can’t even enforce.
You cannot manage a risk you cannot see. And right now, for most regulated businesses, shadow AI is completely invisible.
What visibility actually looks like
This is the gap 40 South Guard is built to close. Guard sits between the business and whatever AI model it uses, and inspects every call in real time — including the document text that clients like AnythingLLM quietly inject into the prompt.
Detection isn’t pattern-matching on a regex and hoping. Australian PII is validated with the same checksums the issuing authorities use:
- Tax File Number — weighted sum modulo 11.
- Medicare number — Luhn check on the first eight digits with a positional check digit.
- ABN — weighted sum modulo 89.
- BSB — structural and range validation.
- Credit card — Luhn algorithm.
Every detection is recorded in a cryptographically signed attestation that maps the finding to the relevant control — APP 8, CPS 234 S15 — and is written to a tamper-evident audit trail retained for seven years. When the regulator asks what happened, you have an answer that was generated at the moment of the call, not reconstructed afterwards from logs you could have edited.
Your staff are going to keep using AI, because it makes them faster and the work has to get done. The choice in front of regulated businesses isn’t whether that happens. It’s whether you can see it when it does.
You can’t control what you can’t see.
If you want to know what’s actually flowing out of your organisation, get in touch.