2X a Leader in the Gartner® Magic Quadrant for SASE Platforms. Get the report

close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
Securing Generative AI for Dummies
Securing Generative AI for Dummies
Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
chevron Get the eBook
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Watch the demo
2025-10-UZTNA-ebook
6 Reasons Universal ZTNA is a Smart Escape from VPN and NAC Chaos
Ditch the complexity of VPNs and NAC. Learn how Universal ZTNA secures every user and device with one consistent framework.
chevron Get the eBook
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Achieve Business Value with Netskope One SSE
Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
chevron Get the study
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners
Report

Threat Labs Report: Japan 2026

This report analyzes the primary cybersecurity risk trends impacting organizations within the Japan region. It addresses the increasing adoption of generative AI (genAI) tools and their associated data security challenges. Furthermore, it highlights the growing number of data policy violations, where sensitive information is increasingly being leaked through unauthorized cloud services, personal applications, and genAI platforms.

Share via Tags
Threat Labs Reports Threat Protection
Change the language
DeutschEnglishEspañolFrançaisPortuguês日本語

Jump to a section

In this report GenAI usage
GenAI: Adoption and usage trends GenAI: App usage and data policy violation Most blocked genAI apps
Agentic AI adoption
Rising use of genAI APIs outside the browser
Malware downloads
Malware distribution via cloud apps
Cloud apps usage
Personal apps activity Data policy violations in personal applications Personal app data violations
Recommendations
Netskope Threat Labs About this report
10 min read

link link

The 2026 Netskope Threat Labs Japan report details the increasing adoption of generative AI, trends in data policy violations, and malware distribution via cloud applications observed over the last year.

In this report link link

This report explores recent trends in the adoption and governance of generative AI applications, enterprise AI platforms, API usage, cloud app activity, and data policy violations across Japan. It highlights how organizations are balancing rapid innovation with the need for stronger data protection, compliance, and risk management controls.

Mitigating shadow AI risk: While genAI adoption continues to rise, organizations in Japan are working aggressively to curtail shadow AI risks by guiding their employees to organization-managed genAI apps, rising to 79% (up from 15% one year ago) of AI users now using managed genAI apps instead of personal ones, which fell sharply from 85% to 11% over the same time period. In both instances, Japan is well ahead of global averages.

A new top genAI application: Google Gemini has overtaken ChatGPT as the most popular genAI app in Japan. This is the first region in the world where Netskope Threat Labs has reported this, with more expected in 2026.

Data exposure risks: Users continue to expose sensitive data to third parties in violation of organization policies, with intellectual property accounting for 50% of data policy violations involving personal cloud apps and regulated data accounting for 48% of data policy violations involving genAI apps.

GenAI usage link link

GenAI: Adoption and usage trends

GenAI adoption in Japan has steadily increased over the past year, with genAI usage now observed in 80% of organizations, up from 69% a year ago. This upward trend reflects growing maturity and confidence in genAI technologies across Japanese organizations, which are gradually closing the adoption gap with global counterparts.

Organizations using genAI apps in Japan

Organizations in Japan have aggressively mitigated the shadow AI risk associated with genAI adoption by aggressively driving their user base away from using personal instances, and toward company-managed tools. The following chart illustrates the radical change in behaviour that occurred over the past year as the use of personal genAI accounts dropped sharply, falling from 85% to just 11%, while the adoption of organization-managed genAI solutions surged from 15% to 79% over the same period. In both of these areas, Japan is doing much better than the other regions, where 62% of employees use organization-managed AI apps and 47% still use personal genAI apps. This dramatic change points to a strong move toward company-managed platforms that provide better data protection, governance, and compliance controls. As this transition accelerates, organizations in Japan are increasingly prioritizing enterprise-grade genAI solutions that enable innovation while reducing risk.

GenAI usage personal vs organization account breakdown in Japan

In Japan, the top genAI applications differ from global usage patterns. While ChatGPT is still the most popular genAI app globally. Google Gemini has become the most popular genAI app in Japan, where 60% of organizations are using it compared to 53% using ChatGPT. In fact, this is the first time that we are reporting the dethroning of ChatGPT as the most popular genAI app in any region. As usage of genAI apps managed by organizations continues to increase across the globe, we expect more regions to follow suit in 2026. Microsoft 365 Copilot is used by 31% of organizations, with Microsoft Copilot close behind at 30%. The remaining top applications include a mix of specialized and embedded AI tools tailored to local business and operational needs.

Most popular genAI apps based on the percentage of ogranizations using those apps in Japan

The chart below shows how usage of the top genAI applications in Japan has evolved over the past year, highlighting rapid shifts in the genAI landscape. Google Gemini surpassed ChatGPT in June 2025, marking a notable change in leadership among genAI tools that we expect to see occurring in other regions in 2026. ChatGPT usage declined over the year, while Gemini continued to gain momentum. Microsoft 365 Copilot also showed steady growth, driven by its integration into core productivity and enterprise workflows. In addition, Google NotebookLM emerged as a new entrant, with adoption beginning in April 2025 and reaching 16% by the end of the year, reflecting growing interest in specialized, knowledge-focused genAI tools.

Most popular apps by percentage of organizations in Japan

GenAI: App usage and data policy violation

As genAI adoption continues to grow across Japan, concerns around data exposure are becoming increasingly important. Organizations are using genAI tools for tasks such as summarizing documents, generating reports, and supporting development workflows, all of which can involve sharing sensitive information and expanding the potential attack surface. As genAI becomes more embedded in daily operations, data protection has become a top priority, particularly as shadow AI remains a challenge.

Recent analysis of data policy violations in Japan shows that regulated data is the most frequently exposed category, accounting for 48% of incidents, followed by intellectual property at 38%. Source code represents 9% of exposures, while passwords and API keys account for 5%. On average, organizations in Japan experience more than 500 genAI-related data policy violations per month, underscoring the scale of the challenge. This shift highlights a higher risk around compliance-sensitive and proprietary information, reinforcing the need for robust DLP controls and secure, well-governed genAI deployments.

Type of data policy violations in Japan

Most blocked genAI apps

Organizations across Japan are taking a cautious approach to genAI adoption, with many choosing to block specific applications due to security, privacy, and compliance concerns. While policies vary by organization, certain tools are restricted far more often than others, highlighting where perceived risk is highest. In some cases, blocking entire categories of genAI apps may offer more consistent protection than managing individual tools.

DeepSeek is the most frequently blocked genAI application at 30%, followed by Tactiq at 27% and Grok at 25%. These blocking patterns suggest that organizations in Japan are not only responding to risks associated with individual applications, but also strengthening broader governance strategies to manage genAI usage within established security and compliance frameworks.

Most blocked AI apps by percentage of organizations enacting a blanket ban on the app in Japan

Agentic AI adoption link link

Rising use of genAI APIs outside the browser

Even when genAI agents and applications are deployed on-premises in Japan, the underlying models are often hosted in the cloud through SaaS or enterprise genAI platforms. These agents and applications typically connect via dedicated API endpoints rather than browser-based interfaces. For example, browser interactions with OpenAI occur through chatgpt.com, while internal tools, workflows, and AI agents commonly access models programmatically through api.openai.com.

Despite Google Gemini surpassing ChatGPT in application usage, api.openai.com remains the most widely used genAI SaaS API in Japan, with 61% of all organizations connecting to it. This is followed by api.anthropic.com at 33% and api.deepinfra.com at 14%, underscoring the continued importance of API-based genAI integrations in enterprise systems and agent-driven workflows.

The Top 10 SaaS API domains by percentage of organizations in Japan

Malware downloads link link

Malware distribution via cloud apps

Attackers frequently abuse trusted cloud platforms in Japan to distribute malware, taking advantage of the fact that users are more likely to open files hosted on familiar services. While these platforms work to remove malicious content, even short delays before detection can be enough for attacks to succeed and for infected files to spread internally.

In Japan, Box has emerged as one of the most commonly abused cloud platforms for malware distribution, impacting 10% of organizations, followed by GitHub at 7.6% and Microsoft OneDrive at 7.1%. These trends highlight how attackers adapt to regional cloud usage patterns and continue to leverage widely trusted services to deliver malicious payloads.

Top apps for malware downloads in Japan

Cloud apps usage link link

Personal apps activity

Across Japan, the widespread use of personal cloud and online applications in workplace environments continues to blur the boundaries between corporate and personal data management. Google Drive is the most commonly used personal app at 79%, followed closely by ChatGPT at 77% and Twitter/X at 76%. While much of this activity supports legitimate use cases such as collaboration, research, and productivity, it also introduces meaningful data security risks when sensitive information is involved. From personal genAI accounts to social and collaboration platforms, these applications remain key points of potential data exposure, particularly when used outside approved workflows or during employee transitions.

Top apps for upstream activities to personal apps in Japan

Data policy violations in personal applications

Across Japan, many organizations actively use DLP controls to monitor and manage the movement of sensitive data into personal applications, aiming to reduce accidental exposure or misuse. Recent incident analyses show that intellectual property accounts for 50% of policy violations, followed by regulated data at 37%, passwords and API keys at 10%, and source code at 2%. On average, organizations experience around 17 data policy violation incidents per month involving personal applications, reinforcing the scale and persistence of the risk. These figures continue the same trend observed last year, highlighting the persistent challenge of protecting commercially sensitive information in unmanaged or personal apps. Strengthening DLP coverage, improving employee awareness, and enforcing clear data-handling policies remain essential for minimizing both insider and external risks.

Data policy violations for personal apps in Japan

Personal app data violations

Organizations in Japan use a variety of tools to reduce the risk of data leaks through personal cloud and genAI applications. Measures include blocking uploads to personal apps, providing real-time guidance to employees to prevent sensitive information from reaching unmanaged services. Google Drive is the application that most frequently triggers such blocks, followed by Google Gmail at 19% and OneDrive at 18%. These efforts reflect ongoing attempts to limit unauthorized data movement and mitigate risks from personal accounts on unmanaged platforms.

Top apps for upstream blocks to personal apps in Japan

Recommendations link link

With the growing use of genAI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across the Japan region to take a fresh look at their overall security posture:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
  • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
  • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

Netskope Threat Labs

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, Black Hat, and RSA.

About this report

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers in Japan with prior authorization.

The statistics in this report are based on the period from October 1, 2024, through October 31, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

Related Resources

Results