Generative AI Uses and Risks for Knowledge Workers in a Science Organization

Key Takeaways
Hook When a U.S. national laboratory surveyed 66 knowledge workers about generative AI, they expected to hear about productivity gains. Instead, they uncovered a pattern of quiet risk-taking: employees using AI for sensitive work without clear guidance, concerns about publication integrity going unaddressed, and a growing anxiety about job security that was shaping how, and whether, workers adopted AI tools.
Why This Matters Now
Knowledge-intensive organizations (research labs, professional services, healthcare, financial services) face a unique AI adoption challenge. Unlike routine work where mistakes are caught quickly, knowledge work errors can compound silently, a flawed analysis influences a decision, a contaminated dataset skews research, or sensitive information leaks into a training corpus. These aren't hypothetical risks; they're emerging realities as workers adopt generative AI faster than organizations can establish governance.
The shift from standalone AI tools to "copilot" or "workflow agent" modalities, where AI is embedded directly into work processes, makes governance even more critical. When AI is integrated into everyday workflows, workers make dozens of micro-decisions about what to share with AI systems, which recommendations to trust, and when to intervene. Without clear guidance, individual judgment becomes organizational risk.
What's Actually New
This research documents how 66 employees at a U.S. national laboratory are actually using generative AI, what concerns they're raising, and where governance gaps exist. The study reveals emerging adoption of a "copilot" or "workflow agent" modality: rather than using AI for isolated tasks, workers are integrating it into core workflows, drafting sections of research reports, debugging code, summarizing literature, and generating data visualizations.
Alongside this adoption, three major concerns surfaced:
-
Sensitive data handling: Workers are unsure which data can safely be shared with AI systems, particularly when those systems are external (like ChatGPT or GitHub Copilot). Some employees are redacting information before using AI, while others are sharing full datasets without realizing the risk.
-
Publication safety: Researchers worry about whether AI-generated content compromises originality, introduces unattributed ideas, or violates publication ethics. There's confusion about when AI use must be disclosed and how to verify that AI hasn't plagiarized.
-
Job impacts: Employees fear that as AI handles more analytical work, their roles will be devalued or eliminated. This anxiety shapes adoption, some workers resist using AI to protect their perceived value, while others overuse it to appear more productive.
The lab identified significant governance gaps: no clear policies on data sensitivity, no guidelines for verifying AI-generated research content, and no transparent communication about how AI adoption would affect career progression or job security.
Employee Concerns About AI Adoption
Key insight: Job security anxiety (71% very concerned) is the highest concern but has the lowest guidance availability (8%), creating a dangerous gap where fear shapes adoption more than organizational strategy.
AI Usage Patterns in Research Work
Key insight: AI usage is concentrated in high-volume, low-variability tasks (literature review and code debugging account for 52% of usage), but governance concerns are highest for tasks involving sensitive data or external-facing work.
Safe AI Adoption Framework for Research Organizations
Framework explanation: This decision tree helps knowledge workers navigate the three major governance gaps (data sensitivity, tool approval, publication disclosure) before using AI, preventing risky micro-decisions made in isolation.
Implications for Leaders
-
Owner: Chief Information Security Officer, Action: Develop and publish a data classification framework that specifies which data types can be shared with external AI systems, which require on-premise or air-gapped AI, and which cannot be used with AI at all. Train employees on classification rules within 30 days. Metric: Percentage of employees who can correctly classify data based on the framework. Timeframe: 45 days.
-
Owner: Head of Research / Chief Scientific Officer, Action: Establish guidelines for AI use in research and publication, including disclosure requirements, verification protocols for AI-generated content, and examples of acceptable versus unacceptable use. Integrate these into publication workflows. Metric: Number of research outputs with documented AI use and verification. Timeframe: 60 days.
-
Owner: Chief Human Resources Officer, Action: Create transparent communication about how AI adoption will affect roles, career paths, and skill requirements. Offer skill development programs focused on AI collaboration (not AI replacement). Survey employees on job security concerns quarterly. Metric: Reduction in job security anxiety scores and increase in voluntary AI adoption. Timeframe: 60 days.
-
Owner: Department Heads, Action: Implement "safe experimentation" periods where teams can test AI tools in low-stakes projects with clear boundaries, then review what worked and what risks emerged. Document lessons learned and share across the organization. Metric: Number of documented AI experiments and identified risks. Timeframe: 45 days.
Implications for Builders / No-Code Teams
-
Build a Data Sensitivity Checker: Create a lightweight workflow (using tools like n8n or Zapier) that intercepts requests to external AI systems and checks for sensitive data patterns (PII, proprietary information, export-controlled data). Flag high-risk requests for review or automatically redact sensitive fields. Log all flagged requests to identify patterns and training needs.
-
Implement AI Disclosure Tracking: For research or publication workflows, build a form or checklist that captures when and how AI was used (e.g., "Used GPT-4 to summarize literature, verified all citations manually"). Store this metadata alongside the work product and surface it during review or publication. Make disclosure easy and non-punitive to encourage honest reporting.
-
Create Verification Workflows for High-Stakes AI Output: For AI-generated content that will be published or used in decisions, add a required human review step. Use a simple checklist: "Did you verify sources? Did you check for factual errors? Did you assess whether the output reflects organizational standards?" Track completion rates and time spent on verification to identify where AI is creating more work than it saves.
-
Build AI Usage Dashboards for Transparency: Create internal dashboards that show (anonymized) AI usage patterns across teams, what tools are being used, for what tasks, and how often. Include a feedback mechanism where employees can report concerns or ask questions. Use this data to identify high-risk use cases and inform governance policies.
-
Design Career Path Visibility Tools: Build a simple internal resource (Notion page, intranet, or Slack bot) that shows how AI is being integrated into different roles and what skills are becoming more valuable. Include examples of employees who've successfully adapted their work to incorporate AI, highlighting skill development rather than job elimination. Update quarterly based on real organizational changes.
Caveats & Risks
This research is based on 66 employees at a single U.S. national laboratory, which limits generalizability to other organization types, industries, or countries. National labs have unique constraints (classified data, publication standards, public scrutiny) that may not apply elsewhere. The study is observational and relies on self-reported usage and concerns, which may not capture all behaviors or risks.
Operationally, implementing governance for AI copilots and workflow agents is challenging because the use cases are distributed and context-dependent, what's safe in one workflow may be risky in another. Overly restrictive policies can drive usage underground (shadow AI), while overly permissive policies create unmanaged risk. There's also a tension between encouraging experimentation (which drives innovation) and preventing harm (which requires boundaries).
To mitigate these risks, start with lightweight, principle-based guidance rather than exhaustive rules. Focus on high-risk areas first (sensitive data, external-facing work, high-stakes decisions) and learn from early adopters before scaling governance. Invest in training and "safe experimentation" zones where employees can try AI tools with clear guardrails and fast feedback. Create feedback loops so employees can report issues without penalty, and adjust policies based on what you learn. Communicate transparently about job impacts, uncertainty drives more resistance than hard truths.
Caselets
Multinational Pharmaceutical Company: A 12,000-person pharmaceutical company faced similar concerns when deploying AI for drug discovery workflows. Researchers were using external AI tools to analyze proprietary compound data without realizing the risk. The company implemented a data classification system, deployed on-premise AI for sensitive work, and created a "safe experimentation lab" where teams could test external AI tools on anonymized data. They also published clear guidelines on AI use in research publications and established a cross-functional review board for high-stakes AI projects. Within six months, shadow AI usage dropped 60%, and researchers reported feeling more confident using AI within defined boundaries. The company avoided two potential data leaks flagged by their monitoring system.
Professional Services Firm (200 employees): A mid-size consulting firm noticed that junior consultants were using ChatGPT to draft client deliverables, raising concerns about confidentiality and quality. Rather than banning AI, the firm created a "client data classification" guide, deployed an approved AI tool with stronger privacy controls, and trained consultants on verification workflows. They also launched a "skills for AI collaboration" program that taught consultants how to use AI for research and drafting while maintaining critical thinking and client judgment. Employee anxiety about job security decreased as the firm demonstrated that AI was being used to handle grunt work, freeing up time for higher-value client interaction. Client satisfaction scores improved 12% over the next quarter.
References
This article is based on the following research paper:
Campbell, R., Seering, J., & Bernstein, M. S. (2025). Generative AI Uses and Risks for Knowledge Workers in a Science Organization. arXiv preprint arXiv:2501.16577v1.
Related Research
For deeper exploration of AI in knowledge work, see these related studies:
- Generative AI in Knowledge Work: Design Implications for Data Navigation and Decision-Making - Studies 20 knowledge workers to identify three essential design requirements for AI tools in research contexts.
- Shifting Work Patterns with Generative AI - Six-month field experiment with 7,137 workers revealing where AI provides leverage and where it doesn't.
- Future of Work with AI Agents: Auditing Automation and Augmentation Potential across the U.S. Workforce - Worker-centric framework examining which tasks employees want AI to automate versus augment across 844 tasks.
Related Articles

Best AI for Job Applications 2026: Cover Letters and Resumes Compared
Which AI is the best for job applications in 2026? A data-driven comparison of Claude Opus 4.8, GPT-5.5 and Gemini by writing quality, language and price, with notes on privacy and authenticity.

Best AI for Math 2026: Which AI Calculates and Proves Best?
Which AI is the best for math in 2026? A data-driven comparison by reasoning performance, price and speed, with honest notes on calculation errors and traceable solution paths.

Best AI for Presentations 2026: The Top Models Compared
Which AI is the best for presentations in 2026? A data-driven comparison of Claude Opus 4.8, GPT-5.5, and Gemini by content quality, speed, and ecosystem, with a practical workflow for slides and speaker notes.
Join 200+ Businesses Automating with PUNKU.AI
Stop drowning in repetitive tasks. Let AI handle the boring stuff while you focus on what matters.
Get StartedGet started instantly • Set up in minutes • Cancel anytime
Frequently Asked Questions
Start simple with three categories: (1) Public/non-sensitive (safe for any AI tool), (2) Internal-only (requires approved on-premise or privacy-controlled AI), (3) Sensitive/restricted (no AI use or air-gapped AI only). Provide clear examples for each category relevant to your organization (e.g., "published research papers = public, proprietary compound data = sensitive"). Train employees on classification in 30-minute sessions with real scenarios. Make the framework accessible, embed it in tools as decision prompts, not just a policy document. Track misclassification incidents and update examples based on what confuses people.