Throughout 2025, the threat researchers at Netskope Threat Labs have been monitoring AI, cloud, phishing, and malware threats organisations and their employees have been exposed to, and are releasing their analysis in their sixth annual threat report.
The volume of data policy violations occurring in the context of generative AI (genAI) usage has more than doubled year-over-year, with organisations detecting an average of 223 monthly attempts from employees to include sensitive data such as regulated data, intellectual property, source code, and passwords and keys in genAI prompts or uploads. The sustained growth in genAI adoption and number of AI tools available are likely a factor.
The proportion of workers using genAI tools on a monthly basis (15%) tripled, and the amount of prompts sent to genAI tools grew sixfolds, from 3,000 to 18,000 prompts on average per month, reaching 70,000+ prompts in the top 25% of organisations. The number of genAI tools tracked by Netskope Threat Labs also increased fivefold, to more than 1,600.
Compounding this issue is the persistence of shadow AI, with a high rate of employees still using personal genAI accounts at work (47% of AI users), over which security teams often have little to no visibility and ability to detect and prevent data leaks. Employees also use personal cloud applications at work extensively, where almost one in three (31%) upload data every month, and 60% of insider threat incidents involve the use personal cloud applications.
In response, organisations are deploying data protection guardrails for AI and cloud environments, but adoption is still lagging the threat level. Only half of organisations have deployed data loss prevention (DLP) tools to prevent sensitive data from leaking via genAI apps. In other words, half of organisations lack real-time controls that can allow genAI use while preventing employees from leaking data in prompts or uploads. In addition, almost one in four (23%) does not have real-time controls able to detect or block data leaks via personal cloud applications.
Ray Canzanese, Director of Netskope Threat Labs said: “Cloud and AI adoption are transforming organisation’s systems and employee behaviours at pace, bringing new risks and threats that have taken many security teams by surprise in their scope and complexity. It feels like many security teams are still playing catch-up, and sometimes losing sight of some security basics. It is urgent that they upgrade their policies and guardrails, and expand the scope of existing tools like DLP, to foster a balance between innovation and security at all levels.”
Workers’ exposure to phishing and malware remains a persistent issue. While susceptibility declined by 27% year-over-year, still 87 in every 10,000 employees clicked on a phishing link each month in 2025. As organisations continue to move critical systems to the cloud, attackers are prioritising cloud credentials’ theft when designing phishing campaigns. They rely on sophisticated tactics such as counterfeit login pages, malicious open authorisation (OAuth) applications to bypass passwords and multi-factor authentication, and brand impersonation. Microsoft is now the most spoofed brand, accounting for 52% of clicks on phishing campaigns targeting cloud services, with Hotmail (11%) and DocuSign (10%) following. Beyond cloud services, phishing campaigns targeting banking (23%) and government (21%) credentials were the top two categories triggering the most clicks by employees in the workplace.
Canzanese said: “With phishing, we have to consider that one compromised employee can lead to the compromise of the whole organisation, and thus the volume of clicks we are observing, while declining, is still quite concerning. Modern phishing campaigns are nothing like the simple email deceptions we used to see, and now employ highly technical tactics that will only continue to grow in sophistication to trick employees and organisations.”
The same trend is occurring with malware, as adversaries continue to display skills in abusing channels, workflows and environments workers inherently trust. Once again, cloud services are a major target, with attackers abusing popular cloud services to spread infected files before providers can remove them, knowing that users are less cautious and sceptical when interacting with familiar platforms. GitHub (12%), Microsoft OneDrive (10%), and Google Drive (5.8%) are the top three applications organisations are detecting employee exposure to malware from.
Canzanese concluded: “The current threat landscape is increasingly multi-faceted, and security teams have their work cut out for them if they want to keep pace. In this context, seeking bespoke security solutions for each new risk and threat has become counter-productive, and in 2026, security teams should explore broader security frameworks and the potential benefits of consolidated and unified security and data protection to simplify their security stack and its management, and effectively achieve more with less.”
