close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
""
The AI Security Playbook
This playbook explores six core security challenges organizations face when adopting AI, along with proven, real-world strategies to address them.
chevron Get the eBook
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
""
Netskope One AI Security
Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
chevron Learn about Netskope One AI Security
""
Netskope One AI Security
Organizations need secure AI to move their business forward, but controls and guardrails must not require sacrifices in speed or user experience. Netskope can help you say yes to the AI advantage.
chevron Learn about Netskope One AI Security
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Get the brochure
2025-10-UZTNA-ebook
6 Reasons Universal ZTNA is a Smart Escape from VPN and NAC Chaos
Ditch the complexity of VPNs and NAC. Learn how Universal ZTNA secures every user and device with one consistent framework.
chevron Get the eBook
""
BDO Brings Together Networking and Security to Protect a Cloud-First, AI-Friendly Infrastructure
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
The Lens
""
Read about the latest news and opinions from the team at Netskope. The Lens combines our blogs, our podcasts and case studies, with new content added every week.
chevron Subscribe to The Lens
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
""
AI in the Fast Lane
Netskope’s AI in the Fast Lane roadshow brings together security professionals to discuss how organizations are using AI today, and how a comprehensive security strategy can create a smarter, safer, and future-proof model.
chevron Find an event near you
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Maximize your SASE ROI with Netskope Business Value Services
Start proving ROI. Netskope BVS is a complimentary consulting service that quantifies the financial and strategic impact of your SASE transformation.
chevron Request a consultation
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners
Threat Labs Report

Threat Labs Report: Europe 2026

This report analyzes the primary cybersecurity risk trends impacting European organizations. It addresses the increasing adoption of generative AI (AI) tools and their associated data security challenges. Furthermore, it highlights the growing number of data policy violations, where sensitive information is increasingly being leaked through unauthorized cloud services, personal applications, and AI platforms.

Tags
Threat Labs Reports Threat Protection
Change the language
DeutschEnglishEspañolFrançaisPortuguês日本語

Jump to a section

Key findings AI usage
AI: Adoption and usage trends
AI: App usage and data policy violation
Most blocked AI apps User adoption of AI
Malware downloads
Malware distribution via cloud apps
Cloud apps usage
Personal apps activity Data policy violations in personal applications
Personal app data violations
Recommendations Netskope Threat Labs About this report
8 min read

Key findings link link

This report explores AI adoption, data security risks, malware distribution trends, and personal cloud usage across organizations in Europe. As AI becomes nearly ubiquitous and deeply embedded in everyday workflows, the central theme is clear: protecting regulated and sensitive data remains the top priority.

Regulated data remains the primary risk driver: Data policy violations across both AI and personal cloud applications predominantly relate to regulated data (59%), followed by source code (15%), intellectual property (13%), and passwords and API keys (12%). This trend reinforces the continued challenge of protecting compliance-sensitive and business-critical information in increasingly AI-embedded environments.

AI adoption is near universal, but governance is still evolving: AI usage now spans about 99% of organizations in Europe, with individual user adoption increasing significantly from 35% to 65%. At the same time, organizations are actively shifting users from personal tools (79% to 43%) toward managed solutions (28% to 72%). However,  the number of users who switch between personal and enterprise accounts has grown from 7% to 15%, showing that shadow AI risks and usability gaps persist.

AI is deeply embedded across workflows: AI is no longer limited to direct interaction, with most users relying on AI-powered features embedded within commonly used tools and apps, such as meeting transcription, writing assistants, coding copilots, and AI-powered search features. This layered adoption increases the complexity of managing data exposure and maintaining consistent security controls across environments.

Threats and risks are blending into trusted platforms: Attackers are increasingly using widely trusted cloud services such as GitHub and Microsoft OneDrive to distribute malware, while heavy use of personal applications continues to blur the boundary between corporate and personal environments, creating additional pathways for data exposure.

 

AI usage link link

AI: Adoption and usage trends

AI adoption across organizations in Europe has reached near full saturation over the past year, with 99% of organizations now using AI applications. This widespread adoption reflects increasing maturity and confidence in AI technologies, as organizations across Europe continue integrating AI more deeply into their operations and align closely with broader global adoption patterns.

At the same time, user adoption has grown significantly, with the share of users actively using AI applications increasing from 35% to 65%. This trend highlights not only the broad availability of AI tools, but also their deeper and more consistent use across the workforce.

 

Organizations in Europe have taken significant steps to reduce shadow AI risks by shifting users away from personal AI accounts and toward organization-managed tools. Over the past year, the percentage of people using personal AI applications has dropped from 79% to 43%, while the percentage using organization-managed AI solutions has increased even more sharply from 28% to 72%. However, the number of users switching between personal and enterprise accounts has grown from 7% to 15%, suggesting that organizations still need to match the convenience, accessibility, and features users expect, and deploy more instance controls.

Overall, this shift reflects stronger governance, improved oversight, and a clear move toward managed environments that enhance data protection, compliance, and risk control while continuing to support innovation.

 

In Europe, the top AI applications show a slightly different pattern compared to broader global trends. ChatGPT remains the most widely adopted AI app, used by 88% of organizations. Notably, Anthropic Claude has strengthened its position in second place at 79%, well ahead of Google Gemini at 69%, marking a clear departure from the more typical global ranking, which currently places ChatGPT in the lead, followed by Google Gemini and then Anthropic Claude. 

This shift highlights growing interest in alternative AI providers and a more diversified adoption landscape across Europe, for example, Mistral Le Chat is now used by 8% of organizations. The remaining leading applications include a mix of specialized and workflow-integrated AI tools that support a wide range of operational and customer-facing use cases.

The chart below illustrates how usage of the top AI applications in Europe has evolved over the past year, highlighting notable shifts in platform preference. During this period, ChatGPT has remained consistently strong.

The most significant shift began in September 2025, when Anthropic Claude saw a rapid increase in adoption, quickly climbing into the second spot among the most widely used AI applications. In contrast, Google Gemini and Microsoft Copilot have remained relatively stable over the same period, showing more gradual and consistent usage patterns.

Overall, these trends point to a diversifying AI ecosystem in Europe, with organizations continuing to rely heavily on established leaders while increasingly embracing alternative AI platforms.


AI: App usage and data policy violation

As AI adoption continues to expand across organizations in Europe, concerns around data exposure are being voiced with growing volume. Organizations are using AI for tasks such as summarizing documents, generating reports, and supporting operational workflows: activities that often involve sensitive business and customer data and expand the potential attack surface. As AI becomes more embedded in business processes, data protection remains a top priority, particularly in the presence of ongoing shadow AI risks.

Analysis of data policy violations in Europe shows that regulated data remains the largest category, accounting for 59% of incidents. Source code represents 15% of violations, followed by intellectual property at 13% and passwords and API keys at 12%. This distribution highlights the continued importance of protecting compliance-sensitive and proprietary information, reinforcing the need for strong DLP controls and well-governed AI deployments.


Most blocked AI apps

Organizations in Europe are taking a cautious and risk-aware approach to AI adoption, with many choosing to block specific applications due to security, privacy, and compliance concerns. While policies vary by organization, certain tools are restricted more frequently than others, reflecting where perceived risk is highest. In regulated environments, blocking entire categories of AI applications can provide more consistent protection than managing individual tools.

Particular Audience is the most frequently blocked AI application at 44%, followed by ZeroGPT at 37% and DeepSeek at 36%. These applications often raise concerns around data handling transparency, personalization features, or limited visibility into how user data is processed and retained. These patterns indicate that organizations in Europe are not only reacting to risks posed by specific applications, but are also reinforcing broader governance strategies to ensure AI usage aligns with security and compliance requirements.

User adoption of AI

AI adoption continues to expand across organizations in Europe, with AI capabilities increasingly embedded into both operational and customer-facing workflows. Adoption now spans multiple layers: 64% of users are using AI applications directly, while an even larger share (95%) are using applications that incorporate AI-powered features indirectly. In addition, 89% of users are interacting with AI applications that rely on user data for training.

This widespread and multi-layered adoption highlights how deeply AI is becoming integrated into everyday workflows, often extending beyond explicit usage into embedded functionality within commonly used tools. It also reinforces the growing need for strong governance and data protection, as sensitive information may be exposed not only through direct interaction with AI applications but also through AI capabilities operating behind the scenes.

Malware downloads link link

Malware distribution via cloud apps

Attackers frequently exploit trusted cloud platforms to distribute malware, taking advantage of the fact that users are more likely to open files hosted on familiar services. While these platforms work to remove malicious content, even short delays before detection can allow attacks to succeed and enable infected files to spread internally.

Across organizations in Europe, GitHub and Microsoft OneDrive are the most abused platforms for malware distribution, each impacting 10% of organizations. This trend reflects a broader shift in attacker tactics, where adversaries increasingly rely on trusted cloud infrastructure rather than suspicious domains to host and deliver malicious content. As a result, malicious activity is becoming harder to distinguish from legitimate cloud-hosted traffic, increasing detection challenges for security teams across the region.

Cloud apps usage link link

Personal apps activity

Across Europe, the widespread use of personal cloud and online applications in workplace environments continues to blur the boundaries between corporate and personal data management. LinkedIn is the most commonly used personal app at 89%, followed by Google Drive at 84% and ChatGPT at 82%. While much of this activity supports legitimate use cases such as collaboration, professional networking, and productivity, it also introduces significant data security risks when sensitive information is involved. From personal AI accounts to file-sharing and communication platforms, these applications remain key points of potential data exposure, particularly when used outside approved workflows or during employee transitions.

Data policy violations in personal applications

Across Europe, many organizations actively use DLP controls to monitor and manage the movement of sensitive data into personal applications, aiming to reduce accidental exposure or misuse. Regulated data accounts for 63% of policy violations, followed by intellectual property at 17%, passwords and API keys at 11%, and source code at 9%.

This distribution highlights the continued concentration of compliance-sensitive and proprietary information in European environments, where regulated data remains the primary driver of risk exposure. Strengthening DLP coverage, improving employee awareness, and enforcing clear data-handling policies remain essential for minimizing both insider and external threats.


Personal app data violations

Organizations across Europe use a variety of controls to reduce the risk of data leaks through personal cloud and AI applications. Measures include blocking uploads to personal apps and providing real-time guidance to employees to prevent sensitive information from reaching unmanaged services. Google Drive is the most frequently controlled application at 32%, followed by ChatGPT at 27%, and Google Gmail at 22%.

These efforts reflect a strong focus on keeping regulated and proprietary data secure, reinforcing tighter governance over cloud and AI usage.

Recommendations link link

With the growing use of AI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across Europe region to take a fresh look at their overall security posture:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
  • Block access to apps that do not serve any legitimate business purpose or pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
  • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, AI apps, or other unauthorized locations.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.
  • Use Netskope One AI Gateway to gain visibility and control over AI application and API interactions, helping secure data flows between users, applications, and LLMs.
  • Deploy Netskope One AI Guardrails to enforce consistent protections against sensitive data exposure, unsafe prompts, and policy violations across managed and unmanaged genAI environments.
  • Use Netskope One GenAI App Security to discover sanctioned and shadow AI applications, apply real-time controls, and enforce governance policies across personal and enterprise AI usage.
  • Leverage Netskope One AI Analytics to monitor AI adoption trends, user activities, and DLP incidents, enabling organizations to better understand and reduce AI-related risk exposure.
  • Consider Netskope One AI Red Teaming to proactively identify vulnerabilities and misconfigurations in private AI deployments before they can be exploited in production environments.

 

Netskope Threat Labs link link

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, Black Hat, and RSA.

 

About this report link link

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on aggregate usage data collected by the Netskope One platform relating to a subset of Netskope customers in Europe.

The statistics in this report are based on the period from March 1, 2025, through March 31, 2026. Stats reflect attacker tactics, user behavior, and organization policy.

Results