Threat Labs Report: Japan 2026

GenAI adoption in Japan has steadily increased over the past year, with genAI usage now observed in 80% of organizations, up from 69% a year ago. This upward trend reflects growing maturity and confidence in genAI technologies across Japanese organizations, which are gradually closing the adoption gap with global counterparts.

Organizations in Japan have aggressively mitigated the shadow AI risk associated with genAI adoption by aggressively driving their user base away from using personal instances, and toward company-managed tools. The following chart illustrates the radical change in behaviour that occurred over the past year as the use of personal genAI accounts dropped sharply, falling from 85% to just 11%, while the adoption of organization-managed genAI solutions surged from 15% to 79% over the same period. In both of these areas, Japan is doing much better than the other regions, where 62% of employees use organization-managed AI apps and 47% still use personal genAI apps. This dramatic change points to a strong move toward company-managed platforms that provide better data protection, governance, and compliance controls. As this transition accelerates, organizations in Japan are increasingly prioritizing enterprise-grade genAI solutions that enable innovation while reducing risk.

In Japan, the top genAI applications differ from global usage patterns. While ChatGPT is still the most popular genAI app globally. Google Gemini has become the most popular genAI app in Japan, where 60% of organizations are using it compared to 53% using ChatGPT. In fact, this is the first time that we are reporting the dethroning of ChatGPT as the most popular genAI app in any region. As usage of genAI apps managed by organizations continues to increase across the globe, we expect more regions to follow suit in 2026. Microsoft 365 Copilot is used by 31% of organizations, with Microsoft Copilot close behind at 30%. The remaining top applications include a mix of specialized and embedded AI tools tailored to local business and operational needs.

The chart below shows how usage of the top genAI applications in Japan has evolved over the past year, highlighting rapid shifts in the genAI landscape. Google Gemini surpassed ChatGPT in June 2025, marking a notable change in leadership among genAI tools that we expect to see occurring in other regions in 2026. ChatGPT usage declined over the year, while Gemini continued to gain momentum. Microsoft 365 Copilot also showed steady growth, driven by its integration into core productivity and enterprise workflows. In addition, Google NotebookLM emerged as a new entrant, with adoption beginning in April 2025 and reaching 16% by the end of the year, reflecting growing interest in specialized, knowledge-focused genAI tools.

As genAI adoption continues to grow across Japan, concerns around data exposure are becoming increasingly important. Organizations are using genAI tools for tasks such as summarizing documents, generating reports, and supporting development workflows, all of which can involve sharing sensitive information and expanding the potential attack surface. As genAI becomes more embedded in daily operations, data protection has become a top priority, particularly as shadow AI remains a challenge.

Recent analysis of data policy violations in Japan shows that regulated data is the most frequently exposed category, accounting for 48% of incidents, followed by intellectual property at 38%. Source code represents 9% of exposures, while passwords and API keys account for 5%. On average, organizations in Japan experience more than 500 genAI-related data policy violations per month, underscoring the scale of the challenge. This shift highlights a higher risk around compliance-sensitive and proprietary information, reinforcing the need for robust DLP controls and secure, well-governed genAI deployments.

Organizations across Japan are taking a cautious approach to genAI adoption, with many choosing to block specific applications due to security, privacy, and compliance concerns. While policies vary by organization, certain tools are restricted far more often than others, highlighting where perceived risk is highest. In some cases, blocking entire categories of genAI apps may offer more consistent protection than managing individual tools.

DeepSeek is the most frequently blocked genAI application at 30%, followed by Tactiq at 27% and Grok at 25%. These blocking patterns suggest that organizations in Japan are not only responding to risks associated with individual applications, but also strengthening broader governance strategies to manage genAI usage within established security and compliance frameworks.