Netskope, a leader in Secure Access Service Edge (SASE), published new research showing that regulated data (data that organisations have a legal duty to protect) makes up more than a third of the sensitive data being shared with generative AI (genAI) applications—presenting a potential risk to businesses of costly data breaches.

The new Netskope Threat Labs research reveals three-quarters of businesses surveyed now completely block at least one genAI app, which reflects the desire by enterprise technology leaders to limit the risk of sensitive data exfiltration. However, with fewer than half of organisations applying data-centric controls to prevent sensitive information from being shared in input inquiries, most are behind in adopting the advanced data loss prevention (DLP) solutions needed to safely enable genAI.

Using global data sets, the researchers found that 96% of businesses are now using genAI—a number that has tripled over the past 12 months. On average, enterprises now use nearly 10 genAI apps, up from three last year, with the top 1% adopters now using an average of 80 apps, up significantly from 14. With the increased use, enterprises have experienced a surge in proprietary source code sharing within genAI apps, accounting for 46% of all documented data policy violations. These shifting dynamics complicate how enterprises control risk, prompting the need for a more robust DLP effort.

There are positive signs of proactive risk management in the nuance of security and data loss controls organisations are applying: for example, 65% of enterprises now implement real-time user coaching to help guide user interactions with genAI apps. According to the research, effective user coaching has played a crucial role in mitigating data risks, prompting 57% of users to alter their actions after receiving coaching alerts.

“Securing genAI needs further investment and greater attention as its use permeates through enterprises with no signs that it will slow down soon,” said James Robinson, Chief Information Security Officer, Netskope. “Enterprises must recognise that genAI outputs can inadvertently expose sensitive information, propagate misinformation or even introduce malicious content. It demands a robust risk management approach to safeguard data, reputation, and business continuity.”