3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys

In a startling revelation, a new report indicates that three out of four enterprise users are uploading data to generative AI (genAI) applications, including sensitive information such as passwords and keys.

This alarming trend highlights the growing risks associated with the widespread adoption of AI technologies in the workplace.

The 2025 Generative AI Cloud and Threat Report, released by Netskope Threat Labs, unveils a staggering 30-fold increase in data sent to genAI apps by enterprise users over the past year.

This surge includes transmitting highly sensitive information, such as source code, regulated data, and intellectual property, significantly elevating the risk of costly breaches, compliance violations, and intellectual property theft.

One of the most concerning findings is the prevalence of “shadow AI,” which has become the predominant shadow IT challenge for organizations.

3 in 4 Enterprise Users Upload Data to GenAI

The report reveals that 72% of enterprise users are accessing genAI apps through personal accounts for work-related purposes.

This widespread use of personal accounts in professional settings creates a significant security blind spot for organizations.

James Robinson, CISO at Netskope, emphasizes the gravity of the situation: “Despite earnest efforts by organizations to implement company-managed genAI tools, our research shows that shadow IT has turned into shadow AI, with nearly three-quarters of users still accessing genAI apps through personal accounts.”

This trend underscores the urgent need for advanced data security capabilities to regain governance, visibility, and control over genAI usage within organizations.

The report also highlights the rapid integration of genAI across various applications. Netskope had visibility into 317 genAI apps, including popular platforms like ChatGPT, Google Gemini, and GitHub Copilot.

A broader analysis found that 75% of enterprise users are accessing applications with genAI features, creating a larger issue for security teams to address: the unintentional insider threat.

While many organizations are attempting to mitigate risks by implementing “block first and ask questions later” policies, security leaders are urged to pursue safe enablement strategies as employees seek efficiency and productivity benefits from these tools.

Ray Canzanese, Director of Netskope Threat Labs, notes, “Our latest data shows genAI is no longer a niche technology; it’s everywhere”.

The report also reveals a significant shift in genAI infrastructure, with the number of organizations running genAI locally increasing from less than 1% to 54% over the past year.

While this move reduces the risks of unwanted data exposure to third-party cloud apps, it introduces new data security risks related to supply chains, data leakage, and improper data output handling.

To address these challenges, Netskope recommends that enterprises review, adapt, and tailor their risk frameworks specifically to AI or genAI.

Key steps include assessing the genAI landscape within the organization, bolstering genAI app controls, and inventorying local controls for organizations running genAI infrastructure locally.

As the AI landscape continues to evolve, organizations must remain vigilant and proactive in their approach to data security.

The integration of AI-fueled security measures will be crucial in keeping pace with the rapidly changing threat landscape and ensuring the safe and responsible use of genAI technologies in the enterprise environment.

Investigate Real-World Malicious Links & Phishing Attacks With Threat Intelligence Lookup - Try for Free

The post 3 in 4 Enterprise Users Upload Data to GenAI Including Passwords and Keys appeared first on Cyber Security News.