Launch Event: Smart AI Security. Full Data Control. Reserve your seat

close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
Securing Generative AI for Dummies
Securing Generative AI for Dummies
Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
chevron Get the eBook
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Watch the demo
2025-10-UZTNA-ebook
6 Reasons Universal ZTNA is a Smart Escape from VPN and NAC Chaos
Ditch the complexity of VPNs and NAC. Learn how Universal ZTNA secures every user and device with one consistent framework.
chevron Get the eBook
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Maximize your SASE ROI with Netskope Business Value Services
Start proving ROI. Netskope BVS is a complimentary consulting service that quantifies the financial and strategic impact of your SASE transformation.
chevron Request a consultation
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners
Threat Labs Report

Threat Labs Report: Canada 2026

This report analyzes the primary cybersecurity risk trends impacting organizations within Canada. It addresses the increasing adoption of generative AI (genAI) tools and their associated data security challenges. Furthermore, it highlights the growing number of data policy violations, where sensitive information is increasingly being leaked through unauthorized cloud services, personal applications, and genAI platforms.

Share via Tags
Threat Labs Reports Threat Protection
Change the language
DeutschEnglishEspañolFrançaisPortuguês日本語

Jump to a section

In This Report GenAI usage
GenAI: Adoption and usage trends GenAI: App usage and data policy violation Most blocked genAI apps
Agentic AI adoption
Rising use of genAI APIs outside the browser
Malware downloads
Malware distribution via cloud apps
Cloud apps usage
Personal apps activity Data policy violations in personal applications Personal app data violations
Recommendations Netskope Threat Labs About this report
10 min read

In This Report link link

This report explores recent trends in the adoption and governance of genAI applications, enterprise AI platforms, API usage, cloud app activity, and data policy violations across Canada. It highlights how organizations are managing rapid innovation while maintaining strong data protection, compliance, and risk management practices.

Mitigating shadow AI risk: As genAI adoption continues to grow, Canadian organizations are actively reducing shadow AI risks by steering employees toward organization-managed genAI tools. Over the past year, personal genAI usage declined from 62% to 36%, while organization-managed adoption increased from 41% to 71%, reflecting a clear shift toward structured, enterprise-aligned deployment, with both figures ahead of global averages.

Top genAI applications: ChatGPT remains the most widely used genAI application at 69%, followed closely by Google Gemini at 62%, while newer tools such as Google NotebookLM and Grok are emerging rapidly. Microsoft Copilot tools also continue to gain traction. These trends illustrate a diversifying genAI ecosystem, with Canadian organizations experimenting beyond early market leaders.

Data exposure and policy violations: Sensitive data continues to be exposed through both genAI and personal cloud applications. For genAI apps, regulated data accounts for 67% of incidents, followed by passwords and API keys at 18%, intellectual property at 13%, and source code at 2%. For personal apps, regulated data represents 65% of incidents, intellectual property 23%, and passwords/API keys 10%, showing persistent risks in unmanaged environments.

Malware and cloud app risks: Attackers continue to exploit trusted cloud platforms, with GitHub, Microsoft OneDrive, and Google Drive among the most commonly abused in Canada. Meanwhile, widespread use of personal cloud and online applications, such as Google Drive, LinkedIn, and Google Calendar, blurs the lines between corporate and personal data management, highlighting the need for proactive security controls.

Protective measures: Canadian organizations are deploying a range of tools to reduce data leakage, including DLP policies, upload restrictions to personal apps, and real-time employee guidance. Popularly controlled applications include Google Drive (34%), ChatGPT (25%), and OneDrive (24%), reflecting ongoing efforts to mitigate risks from unmanaged platforms.

 

GenAI usage link link

GenAI: Adoption and usage trends

GenAI adoption in Canada has continued to rise over the past year, with genAI usage now observed in 92% of organizations, up from 82% a year ago. This growth reflects increasing maturity and confidence in genAI technologies across Canadian organizations, as adoption levels move closer to global norms.

Organization using genAI apps in Canada

Organizations in Canada have made notable progress in reducing shadow AI risks associated with genAI adoption by actively steering users away from personal genAI accounts and toward company-managed tools. Over the past year, the use of personal genAI applications has declined significantly, falling from 62% to 36%, while adoption of organization-managed genAI solutions has increased from 41% to 71%, besting the global averages in both cases. This shift reflects an apparent change in user behavior as Canadian organizations strengthen governance around genAI usage and prioritize managed environments that offer improved data protection, oversight, and compliance. The trend points to a growing preference for structured, enterprise-aligned genAI deployments that support innovation while reducing security and compliance risks.

GenAI usage personal vs. organization account breakdown in Canada

In Canada, the top genAI applications closely reflect broader global usage patterns, with ChatGPT remaining the most widely adopted genAI app, used by 69% of organizations. Google Gemini follows closely at 62%, highlighting intense competition among leading genAI platforms as adoption continues to expand. Microsoft Copilot tools have also gained significant traction, with 42% of organizations using them, driven by their integration into productivity and collaboration workflows. The remaining top applications include a mix of specialized and embedded AI tools that support a wide range of business and operational use cases across Canadian organizations.

Most popular genAI apps based on the percentage of organizations using those apps in Canada

The chart below illustrates how usage of the top genAI applications in Canada has evolved over the past year, highlighting rapid shifts in the genAI landscape. Over this period, ChatGPT usage declined, while Google Gemini adoption increased steadily, signaling a redistribution of genAI usage across platforms. Microsoft 365 Copilot continued to show consistent growth, driven by its integration into core productivity and enterprise workflows. At the same time, newer entrants gained traction quickly: Google NotebookLM emerged rapidly, reaching 33% adoption, while Grok also saw fast uptake, used by 26% of organizations. These trends point to a diversifying genAI ecosystem in Canada, as organizations expand beyond early market leaders and experiment with a broader set of tools.

Most popular apps by percentage

GenAI: App usage and data policy violation

As genAI adoption continues to grow across Canada, concerns around data exposure are becoming increasingly important. Organizations are using genAI tools for tasks such as summarizing documents, generating reports, and supporting development workflows, all of which can involve sharing sensitive information and expanding the potential attack surface. As genAI becomes more embedded in daily operations, data protection has become a top priority, particularly as shadow AI remains a challenge.

Recent analysis of data policy violations in Canada shows that regulated data is the most frequently exposed category, accounting for 67% of incidents, followed by passwords and API keys at 18%, intellectual property at 13%, and source code at 2%. These trends highlight an elevated risk around compliance-sensitive and proprietary information, reinforcing the need for robust DLP controls and secure, well-governed genAI deployments.

Type of data policy violations in Canada

Most blocked genAI apps

Organizations across Canada are taking a cautious approach to genAI adoption, with many choosing to block specific applications due to security, privacy, and compliance concerns. While policies vary by organization, specific tools are restricted far more frequently than others, reflecting where perceived risk is highest. In some cases, blocking entire categories of genAI apps may offer more consistent protection than managing individual tools.

DeepSeek is the most frequently blocked genAI application at 54%, followed by ZeroGPT at 43%. These patterns suggest that Canadian organizations are not only responding to risks posed by individual applications, but are also strengthening broader governance strategies to manage genAI usage within established security and compliance frameworks.

Most blocked genAI apps by percentage of organizations enacting a blanket ban on the app in Canada

 

Agentic AI adoption link link

Rising use of genAI APIs outside the browser

Even when genAI agents and applications are deployed on-premises in Canada, the underlying models are often hosted in the cloud through SaaS or enterprise genAI platforms. These agents and applications typically connect via dedicated API endpoints rather than browser-based interfaces. For example, browser interactions with OpenAI occur through chatgpt.com, while internal tools, workflows, and AI agents commonly access models programmatically through api.openai.com.

Despite competition from other platforms, api.openai.com remains the most widely used genAI SaaS API in Canada, with 78% of organizations connecting to it, followed by api.webassembly.com at 66% and api.anthropic.com at 32%, highlighting the continued importance of API-based genAI integrations in enterprise systems and agent-driven workflows.

The Top 10 SaaS AI API domains by percentage of organizations in Canada

 

Malware downloads link link

Malware distribution via cloud apps

Attackers frequently exploit trusted cloud platforms to distribute malware, taking advantage of the fact that users are more likely to open files hosted on familiar services. While these platforms work to remove malicious content, even brief delays before detection can allow attacks to succeed and for infected files to spread internally.

In Canada, GitHub is the most commonly abused platform for malware distribution at 8.5% of organizations, followed by Microsoft OneDrive at 5% and Google Drive at 3.1%. These trends underscore how attackers adapt to regional cloud usage patterns, continuing to leverage widely trusted services to deliver malicious payloads.

Top apps for malware downloads in Canada

 

Cloud apps usage link link

Personal apps activity

Across Canada, the widespread use of personal cloud and online applications in workplace environments continues to blur the boundaries between corporate and personal data management. Google Drive and LinkedIn are the most commonly used personal apps, each at 94%, followed closely by Google Calendar at 93%. While much of this activity supports legitimate use cases such as collaboration, scheduling, and productivity, it also introduces significant data security risks when sensitive information is involved. From personal genAI accounts to social and collaboration platforms, these applications remain key points of potential data exposure, particularly when used outside approved workflows or during employee transitions.

Top apps for upstream activities to personal apps in Canada

Data policy violations in personal applications

Across Canada, many organizations actively use DLP controls to monitor and manage the movement of sensitive data into personal applications, aiming to reduce accidental exposure or misuse. Recent analyses show that regulated data accounts for 65% of policy violations, followed by intellectual property at 23%, passwords and API keys at 10%, and source code at 2%. While these trends align closely with global patterns, the lower exposure of source code in Canada underscores regional differences in risk profiles. Strengthening DLP coverage, improving employee awareness, and enforcing clear data-handling policies remain essential for minimizing both insider and external threats.

Data policy violations for personal apps in Canada

Personal app data violations

Organizations in Canada use a variety of tools to reduce the risk of data leaks through personal cloud and genAI applications. Measures include blocking uploads to personal apps and providing real-time guidance to employees to prevent sensitive information from reaching unmanaged services. Google Drive is the most frequently controlled application at 34%, followed by ChatGPT at 25% and OneDrive at 24%. These efforts reflect ongoing attempts to limit unauthorized data movement and mitigate risks associated with personal accounts on unmanaged platforms.

Top apps for upstream blocks to personal apps

 

Recommendations link link

With the growing use of genAI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across Canada to take a fresh look at their overall security posture:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
  • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
  • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

 

Netskope Threat Labs link link

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, Black Hat, and RSA.

 

About this report link link

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers in Canada with prior authorization.

The statistics in this report are based on the period from December 1, 2024, through December 31, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

Related resources

Results