close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
""
The AI Security Playbook
This playbook explores six core security challenges organizations face when adopting AI, along with proven, real-world strategies to address them.
chevron Get the eBook
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
""
Netskope One AI Security
Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
chevron Learn about Netskope One AI Security
""
Netskope One AI Security
Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
chevron Learn about Netskope One AI Security
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Get the brochure
2025-10-UZTNA-ebook
6 Reasons Universal ZTNA is a Smart Escape from VPN and NAC Chaos
Ditch the complexity of VPNs and NAC. Learn how Universal ZTNA secures every user and device with one consistent framework.
chevron Get the eBook
""
BDO Brings Together Networking and Security to Protect a Cloud-First, AI-Friendly Infrastructure
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
The Lens
""
Read about the latest news and opinions from the team at Netskope. The Lens combines our blogs, our podcasts and case studies, with new content added every week.
chevron Subscribe to The Lens
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
""
AI in the Fast Lane
Netskope’s AI in the Fast Lane roadshow brings together security professionals to discuss how organizations are using AI today, and how a comprehensive security strategy can create a smarter, safer, and future-proof model.
chevron Find an event near you
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Maximize your SASE ROI with Netskope Business Value Services
Start proving ROI. Netskope BVS is a complimentary consulting service that quantifies the financial and strategic impact of your SASE transformation.
chevron Request a consultation
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners
Threat Labs Report

Threat Labs Report: Brazil 2026

This report analyzes the primary cybersecurity risk trends impacting Brazilian organizations. It addresses the increasing adoption of generative AI (genAI) tools and their associated data security challenges. Furthermore, it highlights the growing number of data policy violations, where sensitive information is increasingly being leaked through unauthorized cloud services, personal applications, and genAI platforms. 

Tags
Reports & Guides Threat Labs Reports Threat Protection
Change the language
English

Jump to a section

Key findings GenAI usage
GenAI: Adoption and usage trends GenAI: App usage and data policy violation Most blocked genAI apps User adoption of genAI
Malware downloads
Malware distribution via cloud apps
Cloud apps usage
Personal apps activity Data policy violations in personal applications Personal app data violations
Recommendations Netskope Threat Labs About this report
7 min read

Key findings link link

This report explores generative AI adoption, data security risks, malware distribution trends, and personal cloud usage across organizations in Brazil. As genAI reaches full adoption and becomes embedded in everyday workflows, the central theme is clear: protecting regulated and sensitive data remains the top priority.

Regulated data remains the primary risk driver: Data policy violations across both genAI and personal applications are largely driven by regulated data, reinforcing the ongoing challenge of protecting compliance-sensitive and business-critical information in increasingly AI-enabled environments.

AI adoption is universal, but governance is still evolving: GenAI adoption has reached 100% of organizations in Brazil, with user adoption also rising significantly from 50% to 71%, and there is a clear shift from personal to managed tools. At the same time, continued overlap between personal and enterprise usage highlights that shadow AI risks and usability gaps persist.

AI is deeply embedded across workflows: GenAI is no longer limited to direct usage. Most organizations rely on AI-powered features embedded within everyday tools. This layered adoption increases the complexity of managing data exposure and enforcing consistent security controls.

Threats and risks are blending into trusted platforms: Attackers are leveraging widely trusted cloud services to distribute malware, while heavy use of personal applications continues to blur the line between corporate and personal environments, creating additional pathways for data exposure.

 

GenAI usage link link

GenAI: Adoption and usage trends

GenAI adoption across organizations in Brazil has reached full saturation over the past year, with 100% of organizations now using genAI applications. This saturation reflects increasing maturity and confidence in genAI technologies, as organizations in Brazil continue to integrate AI more deeply into their operations and align closely with broader global adoption patterns. 

At the same time, user adoption has grown significantly, with the share of users actively using genAI apps increasing from 50% to 71%, highlighting not just widespread availability but deeper, more consistent usage across the workforce.

 

GenAI adoption across organizations in Brazil has continued to follow a strong upward trend over the past year, signaling sustained momentum in how genAI is integrated into operational, analytical, and customer-facing workflows. This steady growth reflects increasing maturity and confidence in genAI technologies, as organizations align more closely with broader adoption patterns.

At the same time, organizations in Brazil have taken meaningful steps to reduce shadow AI risks by shifting users away from personal genAI accounts and toward organization-managed tools. Over the past year, the percentage of people using personal genAI applications has dropped significantly from 81% to 52%, while the percentage using organization-managed genAI solutions has increased from 29% to 70%. At the same time, there is a growing overlap of users switching between personal and enterprise accounts, rising from 10% to 22%, suggesting that organizations still need to match the convenience, accessibility, and features users expect.

Overall, this shift reflects stronger governance, improved oversight, and a clear move toward managed environments that enhance data protection, compliance, and risk control while continuing to support innovation.

 

In Brazil, the top genAI applications show a slightly different pattern compared to broader global trends. ChatGPT remains the most widely adopted genAI app, used by 88% of organizations. Notably, Anthropic Claude has moved into second place at 75%, surpassing Google Gemini at 74%, marking a departure from the typical global ranking. This shift highlights growing interest in alternative AI providers and a more diversified adoption landscape. The remaining leading applications include a mix of specialized and workflow-integrated AI tools that support a wide range of operational and customer-facing use cases.

The chart below illustrates how usage of the top genAI applications in Brazil has evolved over the past year, highlighting notable shifts in platform preference. During this period, ChatGPT has remained consistently strong, holding steady at above 80% adoption.

The most significant change has been the rapid acceleration of Anthropic Claude starting in August 2025, seeing it climb into second place. In contrast, Google Gemini and Microsoft Copilot have remained relatively stable over the same period, showing more gradual and consistent usage patterns.

Overall, these trends point to a diversifying genAI ecosystem in Brazil, with organizations maintaining strong reliance on established leaders while increasingly adopting alternative platforms.

GenAI: App usage and data policy violation

As genAI adoption continues to expand across organizations in Brazil, concerns around data exposure are becoming increasingly critical. Organizations are using genAI for tasks such as summarizing documents, generating reports, and supporting operational workflows, activities that often involve sensitive financial and customer data and expand the potential attack surface. As genAI becomes more embedded in business processes, data protection remains a top priority, particularly in the presence of ongoing shadow AI risks.

Analysis of data policy violations in Brazil shows that regulated data remains the largest category, accounting for 64% of incidents. Source code represents 21% of violations, followed by passwords and API keys at 9% and intellectual property at 7%. This distribution highlights the continued importance of protecting compliance-sensitive and proprietary information, reinforcing the need for strong DLP controls and well-governed genAI deployments.

Most blocked genAI apps

Organizations in Brazil are taking a cautious and risk-aware approach to genAI adoption, with many choosing to block specific applications due to security, privacy, and compliance concerns. While policies vary by organization, certain tools are restricted more frequently than others, reflecting where perceived risk is highest. In regulated environments, blocking entire categories of genAI applications can provide more consistent protection than managing individual tools.

DeepSeek is the most frequently blocked genAI application at 37%, followed by Tactiq at 36% and Sider AI at 33%. These tools are often associated with browser extensions, meeting transcription, or productivity overlays, which can increase the risk of sensitive data exposure due to limited visibility and control over how data is processed. These patterns indicate that organizations in Brazil are not only reacting to risks posed by specific applications, but are also reinforcing broader governance strategies to ensure genAI usage aligns with security and compliance requirements.

User adoption of genAI

GenAI adoption is accelerating across organizations in Brazil, with AI capabilities increasingly embedded into both core operations and customer-facing workflows. Adoption spans multiple layers: 71% of users are using genAI applications directly, while a much larger share (96%) are leveraging tools that incorporate genAI-powered features indirectly. In addition, 93% of users are using genAI applications that rely on user data for training.

This widespread and multi-layered adoption highlights how deeply genAI is becoming integrated into everyday workflows, often extending beyond explicit use into embedded functionality within common tools. It also underscores the growing importance of governance and data protection, as sensitive information may be exposed not only through direct use but also through AI capabilities operating behind the scenes.

Malware downloads link link

Malware distribution via cloud apps

Attackers frequently exploit trusted cloud platforms to distribute malware, taking advantage of the fact that users are more likely to open files hosted on familiar services. While these platforms work to remove malicious content, even short delays before detection can allow attacks to succeed and enable infected files to spread internally.

Among Brazilian organizations, both GitHub and Microsoft OneDrive are the most abused platforms for malware distribution, each impacting 10% of organizations, followed by Google Drive at 6%. This pattern reinforces a broader shift in attacker tactics, where adversaries increasingly rely on widely trusted cloud services to host and deliver malicious content, making malicious activity harder to distinguish from legitimate traffic.

Cloud apps usage link link

Personal apps activity

Across Brazil, the widespread use of personal cloud and online applications in workplace environments continues to blur the boundaries between corporate and personal data management. LinkedIn is the most commonly used personal app at 95%, followed by Google Drive at 89%, while Spotify, ChatGPT, and OneDrive are used by 83% of organizations. While much of this activity supports legitimate use cases such as collaboration, professional networking, and productivity, it also introduces significant data security risks when sensitive information is involved. From personal genAI accounts to streaming, file-sharing, and communication platforms, these applications remain key points of potential data exposure, particularly when used outside approved workflows or during employee transitions.

Data policy violations in personal applications

Across Brazil, many organizations actively use DLP controls to monitor and manage the movement of sensitive data into personal applications, aiming to reduce accidental exposure or misuse. Regulated data accounts for 66% of policy violations, followed by source code at 23%, intellectual property at 7%, and passwords and API keys at 4%.

This distribution highlights the strong concentration of compliance-sensitive and proprietary information in Brazilian environments, where regulated data continues to be the primary driver of risk exposure. Strengthening DLP coverage, improving employee awareness, and enforcing clear data-handling policies remain essential for minimizing both insider and external threats.

Personal app data violations

Organizations in Brazil use a variety of controls to reduce the risk of data leaks through personal cloud and genAI applications. Measures include blocking uploads to personal apps and providing real-time guidance to employees to prevent sensitive information from reaching unmanaged services. Google Drive is the most frequently controlled application at 46%, followed by ChatGPT at 31% and Microsoft OneDrive at 28%.

These efforts reflect a strong focus on keeping regulated and proprietary data secure, reinforcing tighter governance over cloud and genAI usage.

Recommendations link link

With the growing use of genAI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across Brazil to take a fresh look at their overall security posture:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
  • Block access to apps that do not serve any legitimate business purpose or pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
  • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

 

Netskope Threat Labs link link

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, Black Hat, and RSA.

 

About this report link link

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on aggregate usage data collected by the Netskope One platform relating to a subset of Netskope customers in Brazil.

The statistics in this report are based on the period from March 1, 2025, through March 31, 2026. Stats reflect attacker tactics, user behavior, and organization policy.