Layered security key against GenAI risks, Netskope says

Binaya Dahal

Journalist

9 April 2026

Financial institutions must adopt a “layered approach” to safeguard sensitive customer data as the widespread adoption of generative artificial intelligence tools opens new vulnerabilities, Netskope Threat Labs’ Director Ray Canzanese says.

The leader of the cybersecurity firm’s research unit said organisations should inspect all web and cloud traffic, block non-essential applications, and deploy data loss prevention tools to address the growing number of attack pathways created by AI technologies.

“Technologies including remote browser isolation are also becoming increasingly important for managing access to higher-risk websites,” Canzanese said.

The warning comes as the use of genAI has become common across the financial services sector, with 70% of users are actively using genAI tools and 97% are interacting with applications that incorporate genAI-powered features. At the same time, 94% are using systems that rely on user data for training.

The report found that regulated data posed the greatest compliance challenge, accounting for 59% of policy violations linked to AI usage, alongside exposed intellectual property, source code, and credentials such as passwords and keys.

It noted companies have been able to curb so-called “shadow AI” use by moving toward managed tools, sharply reducing employees’ reliance on personal generative AI applications. Over the past year, the adoption of enterprise-controlled AI systems has climbed from 33% to 79%.

However, the number of users switching between personal and corporate AI accounts has also increased, raising concerns about sensitive data moving between secure and unmanaged environments.

Beyond AI, personal cloud and online applications also present major workplace data risks, with regulated data remaining a key concern even in these personal environments, driving 65% of policy violations. LinkedIn (92%), Google Drive (84%), and ChatGPT (77%) are among the most widely used personal apps.

Attackers are also exploiting trusted cloud platforms to distribute malware, making detection more difficult by blending malicious activity with legitimate traffic. The report showed GitHub is now the most abused platform for malware, impacting 11% of organisations, followed by Microsoft OneDrive at 8.3%.

Canzanese added, while shift to managed AI tools are a positive step, they do not eliminate risk, particularly where personal and enterprise usage overlap. “To reduce risk, organisations need a layered approach,” he said.