GenAI data policy violations more than doubled in 2025

Policy violations linked to GenAI applications more than doubled year-on-year, with the average organization now recording 223 GenAI-related data policy violations per month. Among the top 25 percent of organizations, this figure rises to 2,100 incidents per month.

A new report from Netskope Threat Labs also highlights the continued prevalence of shadow AI, despite growing investment in company-approved AI tools.

While reliance on personal GenAI accounts has declined, 47 percent of GenAI users still access tools via personal, unmanaged accounts, either exclusively or alongside company-approved tools. In addition, nine out of 10 organisations now actively block at least one GenAI application, with the average organization blocking ten tools, reflecting a tightening enforcement posture as AI usage expands.

The overall number of GenAI app users grew 200 percent over the past year, and the volume of prompts leapt by 500 percent. The average number of prompts sent to GenAI tools has increased from an average of 3,000 to 18,000 per organization per month. User uploads of regulated data (such as personal, financial, or healthcare data) represent the highest category of policy violations at 54 percent.

Longstanding cloud and identity threats remain persistent too. Personal cloud applications are now involved in 60 percent of insider threat incidents, with regulated data, source code, intellectual property and credentials all exposed at concerning levels. Phishing also remains widespread, despite modest improvements in user awareness. Although user susceptibility declined by 27 percent year-on-year, 87 out of every 10,000 users still click on a phishing link each month.

“Enterprise security teams exist in a constant state of change and new risks as organizations evolve and adversaries innovate,” says Ray Canzanese, director of Netskope Threat Labs. “However, genAI adoption has shifted the goal posts. It represents a risk profile that has taken many teams by surprise in its scope and complexity, so much so that it feels like they are struggling to keep pace and losing sight of some security basics. Security teams need to expand their security posture to be ‘AI-Aware’, evolving policy and expanding the scope of existing tools like DLP, to foster a balance between innovation and security at all levels.”

The full Cloud and Threat Report: 2026 is available from the Netskope site.

Image credit: BiancoBlue/depositphotos.com