Threat Labs Report: Financial Services 2026

GenAI adoption in the financial services sector has continued to follow the strong upward trend observed over the past year, signaling sustained momentum in how organizations integrate genAI into operational, analytical, and customer-facing workflows. This steady growth reflects increasing maturity and confidence in genAI technologies, as the sector aligns more closely with broader adoption patterns.

At the same time, financial services organizations have taken meaningful steps to reduce shadow AI risks by shifting users away from personal genAI accounts and toward organization-managed tools. Over the past year, the percentage of people using personal genAI applications has dropped significantly from 76% to 36%, while the percentage using organization-managed genAI solutions has increased from 33% to 79%. At the same time, there is a growing overlap of users switching between personal and enterprise accounts, rising from 9% to 15%, suggesting that organizations still need to better match the convenience, accessibility, and features users expect.

Overall, this shift reflects stronger governance, improved oversight, and a clear move toward managed environments that enhance data protection, compliance, and risk control while continuing to support innovation. You can explore more AI adoption data for  financial services and other sectors in the Netskope AI Index.

In the financial services sector, the top genAI applications show a slightly different pattern compared to broader trends. ChatGPT remains the most widely adopted genAI app, used by 76% of organizations, followed by Google Gemini at 68%. This distribution highlights the continued dominance of leading genAI platforms, while also reflecting growing interest in alternative solutions. The remaining leading applications include a mix of specialized and workflow-integrated AI tools designed to support financial analysis, operations, and customer-facing use cases.

The chart below illustrates how usage of the top genAI applications in the financial services sector has evolved over the past year, highlighting notable shifts in platform preference. During this period, ChatGPT usage experienced a gradual decline, while Google Gemini gained momentum, reflecting organizations’ growing interest in alternative and complementary AI platforms.

At the same time, newer entrants are emerging quickly. Google NotebookLM has seen rapid uptake, reaching 39% adoption. In comparison, AssemblyAI has grown sharply from just 1% in June 2025 to 37%, signaling strong demand for specialized AI capabilities, such as transcription and voice data processing. Overall, these trends reflect a diversifying genAI ecosystem in the financial services sector, as organizations expand beyond early leaders and adopt a broader mix of integrated and specialized solutions.

As genAI adoption continues to expand across the financial services sector, concerns around data exposure are becoming increasingly critical. Organizations are using genAI for tasks such as summarizing documents, generating reports, and supporting operational workflows, activities that often involve sensitive financial and customer data and expand the potential attack surface. As genAI becomes more embedded in business processes, data protection remains a top priority, particularly in the presence of ongoing shadow AI risks.

Analysis of data policy violations in the financial services sector shows that regulated data remains the largest category, accounting for 59% of incidents. Intellectual property represents 20% of violations, followed by source code at 11% and passwords and API keys at 9%. This distribution highlights the continued importance of protecting compliance-sensitive and proprietary information, reinforcing the need for strong DLP controls and well-governed genAI deployments.

Organizations across the financial services sector are taking a cautious and highly risk-aware approach to genAI adoption, with many choosing to block specific applications due to security, privacy, and regulatory compliance concerns. While policies vary by organization, certain tools are restricted more frequently than others, reflecting where perceived risk is highest. In highly regulated environments like financial services, blocking entire categories of genAI applications can provide more consistent protection than managing individual tools.

ZeroGPT is the most frequently blocked genAI application at 46%, followed closely by DeepSeek at 44% and PolitePost at 43%. These patterns indicate that financial services organizations are not only reacting to risks posed by specific applications, but are also reinforcing broader governance strategies to ensure genAI usage aligns with strict privacy, security, and compliance requirements.

GenAI adoption is accelerating across the financial services sector, with organizations increasingly embedding AI capabilities into both core operations and customer-facing workflows. Adoption spans multiple layers: 70% of users are using genAI applications directly, while a much larger share (97%) are leveraging tools that incorporate genAI-powered features indirectly. In addition, 94% of users are using genAI applications that rely on user data for training.

This widespread and multi-layered adoption highlights how deeply genAI is becoming integrated into the financial services ecosystem, often extending beyond explicit use into embedded functionality within everyday tools. It also underscores the growing importance of governance and data protection, as sensitive financial information may be exposed not only through direct usage, but also through AI capabilities operating behind the scenes.