Get the report: How to Achieve CIO-CEO Alignment in the Era of AI

close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
Experience Netskope
Get Hands-on With the Netskope Platform
Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
chevron Experience Netskope
A Leader in SSE. Now a Leader in Single-Vendor SASE.
Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
One unified platform built for your journey
chevron Get the report
Securing Generative AI for Dummies
Securing Generative AI for Dummies
Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
chevron Get the eBook
Modern data loss prevention (DLP) for Dummies eBook
Modern Data Loss Prevention (DLP) for Dummies
Get tips and tricks for transitioning to a cloud-delivered DLP.
chevron Get the eBook
Modern SD-WAN for SASE Dummies Book
Modern SD-WAN for SASE Dummies
Stop playing catch up with your networking architecture
chevron Get the eBook
Understanding where the risk lies
Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
chevron Watch the demo
The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
Netskope One Private Access is the only solution that allows you to retire your VPN for good.
chevron Get the eBook
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
chevron Read the case study
Netskope GovCloud
Netskope achieves FedRAMP High Authorization
Choose Netskope GovCloud to accelerate your agency’s transformation.
chevron Learn about Netskope GovCloud
Netskope Technical Support
Netskope Technical Support
Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
chevron Technical Support
Netskope video
Netskope Training
Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
chevron Explore Netskope Training
""
Achieve Business Value with Netskope One SSE
Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
chevron Get the study
Let's do great things together
""
Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
chevron Netskope Partners
Threat Labs Report

Threat Labs Report: Manufacturing 2025

The 2025 Netskope Threat Labs Manufacturing report details the increasing adoption of generative AI, trends in data policy violations, and malware distribution via cloud applications observed over the last year.

Share via Tags
Manufacturing Threat Labs Reports Threat Protection
Change the language
DeutschEnglishEspañolFrançaisPortuguês日本語

Jump to a section

In This Report GenAI usage
GenAI: Adoption and usage trends GenAI: App usage and data policy violation Most blocked genAI apps
Agentic AI adoption
Rise of enterprise genAI platforms Rising use of genAI APIs outside the browser
Malware downloads
Malware distribution via cloud apps
Cloud apps usage
Personal apps activity Personal app data violations Data policy violations in personal applications
Recommendations Netskope Threat Labs About this report
11 min read

In This Report link link

This report explores recent trends in the adoption and governance of generative AI applications, enterprise AI platforms, API usage, cloud app activity, and data policy violations across the manufacturing sector. It highlights how organizations are balancing rapid innovation with the need for stronger data protection, compliance, and risk management controls.

  • GenAI usage: Adoption of genAI in the manufacturing sector has remained consistently high. While personal genAI usage saw a decline, there was a notable rise in the adoption of organization-approved genAI solutions, indicating a shift toward platforms with stronger safeguards.
  • Agentic AI: As genAI adoption matures, organizations are increasingly transitioning from SaaS-based tools to more flexible and privacy-conscious genAI platforms, offering greater control and custom application development.
  • GenAI APIs: Integration of genAI APIs beyond the browser is expanding rapidly, with many organizations connecting to api.openai.com and other APIs for internal tools and AI agents.
  • Malware distribution: Attackers are increasingly exploiting trusted cloud platforms to deliver malware, with Microsoft OneDrive, GitHub, and Google Drive being commonly abused.
  • Cloud app usage: Personal cloud applications remain widely used in workplace environments, blurring the line between corporate and personal data management, with Google Drive, LinkedIn, and OneDrive among the most popular personal apps.
  • Personal app data controls: Organizations are deploying various tools to reduce the risk of data leaks through personal cloud and genAI applications, with Google Drive, personal ChatGPT, and Google Gemini being the most frequently controlled apps.
  • Data policy violations: Analysis shows that regulated data, intellectual property, and passwords/API keys account for most data policy violations in personal apps, underscoring the challenge of safeguarding sensitive information in unmanaged environments.

 

GenAI usage link link

GenAI: Adoption and usage trends

GenAI adoption in the manufacturing sector has remained consistently high over the past year, with usage fluctuating between 90% and 97%. Currently, 94% of organizations use genAI applications directly, 97% use apps that leverage user data for model training, and 96% use genAI-powered tools indirectly. This reflects a stable and mature adoption trend across the sector, aligning closely with global usage patterns.

Chart showing organizations using genAI apps in the manufacturing sector

At the same time, the use of personal genAI accounts remained relatively stable at around 83% through December 2024, before gradually declining to 51% by September 2025. In contrast, adoption of organization-approved genAI solutions rose notably over the same period, increasing from 15% to 42%. This shift highlights a growing preference within the manufacturing sector for company-approved platforms that offer stronger safeguards for sensitive data and tighter governance over genAI usage. As this transition continues, organizations should focus on adopting secure, enterprise-grade genAI solutions that foster innovation while maintaining compliance and minimizing risk.

Chart showing genAI usage personal vs. organization account breakdown in the manufacturing sector

In the manufacturing sector, the top 10 most widely used genAI applications largely mirror global adoption patterns. ChatGPT leads with 87% of organizations using it, followed by Google Gemini at 74%, showing strong adoption across the sector. Microsoft 365 Copilot is used by 58% of organizations, while Microsoft Copilot follows closely at 56%, reflecting growing demand for genAI solutions embedded within productivity and workflow platforms. The remaining top applications include a diverse mix of domain-specific and embedded AI tools designed to address specialized operational and industrial needs.

Chart showing the most popular genAI apps based on the percentage of organizations using those apps in the manufacturing sector

The chart below illustrates how the popularity of the top 10 genAI applications has evolved over the past year, underscoring the continued transformation of the genAI landscape within the manufacturing sector. ChatGPT remains the most widely used application, maintaining a steady average usage of around 85% throughout the year. Google Gemini has shown notable growth, increasing from 51% to 75%, signaling rising adoption and interest. Microsoft 365 Copilot has also continued its upward trajectory, now reaching 58%, driven by its integration into core productivity and enterprise tools. Grok has emerged as a strong new entrant, rising from near-zero adoption in March to 32% by September, reflecting growing experimentation with alternative genAI platforms in the sector.

Chart showing most popular apps by percentage of organizations in the manufacturing sector

GenAI: App usage and data policy violation

As genAI adoption continues to expand across the manufacturing sector, concerns around data exposure are becoming increasingly critical. Organizations are using genAI tools for a range of functions, including summarizing technical documents, generating reports, and optimizing software development workflows. However, these use cases inherently involve sharing potentially sensitive data with genAI applications, expanding the attack surface for data security threats.

Data protection has therefore become a key priority, especially as genAI tools become deeply embedded in daily operations and shadow IT remains a persistent challenge.

Recent analyses of data policy violations show that the most frequently exposed category of sensitive information in the manufacturing sector is regulated data, accounting for 29% of all incidents. Source code follows closely at 28%, often shared inadvertently when developers use genAI to write, review, or summarize code. Passwords and API keys represent 26% of exposures, reflecting ongoing risks tied to insecure prompt usage and lack of data governance. Overall, these exposure patterns align closely with global trends, underscoring the need for stronger DLP controls and secure deployment of enterprise-grade genAI tools.

Chart showing the type of data policy violations for genAI apps in the manufacturing sector

Most blocked genAI apps

Organizations across the manufacturing sector are adopting a cautious stance toward genAI tools, with many choosing to block specific applications over security, privacy, and compliance concerns. While policies differ across companies, certain tools are restricted far more frequently than others—reflecting where organizations perceive the highest risk. For those managing similar environments, it may be worth considering whether blocking entire categories of apps offers stronger protection than managing each one individually.

Within the sector, DeepSeek ranks as the most frequently blocked genAI application, with 48% of organizations restricting access due to concerns about transparency and the risks associated with rapidly emerging genAI platforms. ZeroGPT is at 43%, largely because of its data handling practices, including storage of submitted content and reported redirections of information to third-party sites.

These blocking patterns indicate that organizations in the manufacturing sector are not only responding to risks posed by individual applications, but also strengthening their overall governance strategies for managing genAI within established security and compliance frameworks.

Chart showing most blocked genAI apps by percentage of organizations enacting a blanket ban on the app in the manufacturing sector

 

Agentic AI adoption link link

Rise of enterprise genAI platforms

As genAI adoption continues to mature across the manufacturing sector, organizations are increasingly shifting focus from SaaS-based tools to more flexible and privacy-conscious genAI platforms. While SaaS genAI apps gained early traction for their ease of use, platform-based solutions now offer greater control, allowing organizations to host models privately, deploy them within their own infrastructure, and develop custom applications or autonomous agents tailored to operational needs.

Currently, 29% of organizations in the manufacturing sector use at least one of the three major genAI platforms, 8% use at least two, and 1.2% leverage all three. A key factor driving this shift is the growing accessibility of genAI services through major cloud providers. OpenAI’s services via Azure lead adoption, with 37% of organizations using the platform. Amazon Bedrock follows at 31%, while Google Vertex AI stands at 7.8%. These adoption rates remain slightly below global averages, suggesting continued potential for growth as the sector deepens its integration of secure, enterprise-grade genAI infrastructure.

Chart showing cloud AI framework by percentage of organizations in the manufacturing sector

Rising use of genAI APIs outside the browser

Even when genAI agents and applications are deployed on-premises, the underlying models are often hosted in the cloud via SaaS or enterprise genAI platforms. These agents and apps usually connect through dedicated API endpoints rather than browser-based interfaces. For instance, interactions with OpenAI in a browser occur via chatgpt.com, while programmatic access for internal tools, workflows, or AI agents typically routes through api.openai.com.

Currently, 67% of organizations in the manufacturing sector connect to api.openai.com, highlighting OpenAI’s dominant role in non-browser genAI usage across native applications and agent-based deployments. Other widely used genAI APIs include api.assemblyai.com (59%) and api.anthropic.com (24%), reflecting a global trend toward integrating cloud-based genAI services into core enterprise systems and operational workflows.

Chart showing the top 10 SaaS AI API domains by percentage of organizations in the manufacturing sector

 

Malware downloads link link

Malware distribution via cloud apps

more likely to interact with files hosted on familiar services. In the manufacturing sector, approximately 22 out of every 10,000 users encounter malicious content each month, and infected files can be inadvertently propagated within organizations through these widely used cloud apps. Microsoft OneDrive is now the most commonly exploited platform, with 18% of organizations reporting malware downloads from the service each month. GitHub follows at 14%, leveraging its popularity among developers and its role as a repository for open-source tools, some of which are misused by attackers. Google Drive ranks third at 11%, reflecting its broad enterprise adoption. While these platforms actively remove malicious content, the brief window before detection can be sufficient for attacks to succeed.

Chart showing the top apps for malware downloads in the manufacturing sector

 

Cloud apps usage link link

Personal apps activity

Across the manufacturing sector, the widespread use of personal cloud applications in workplace environments continues to blur the lines between corporate and personal data management. Google Drive is the most commonly used personal app, present in 98% of monitored environments, followed by LinkedIn at 95% and OneDrive at 94%. While much of this usage is driven by legitimate activities, such as networking, enhancing productivity, or facilitating collaboration, it still introduces significant data security risks, particularly when sensitive information is involved. From personal genAI accounts to commonly used collaboration platforms, these applications remain potential points of data exposure, especially when used for unofficial sharing or by employees exiting the organization.

Chart showing the top apps for upstream activities to personal apps in the manufacturing sector

Personal app data violations

Organizations in the manufacturing sector deploy a variety of tools to reduce the risk of data leaks through personal cloud and genAI applications. These measures range from blocking all uploads to personal apps, to providing real-time user guidance that helps employees make informed decisions, and using DLP solutions to prevent sensitive data from being uploaded to unmanaged services. Google Drive is the most frequently controlled app, with 35% of organizations implementing protections, followed by personal ChatGPT at 29% and Google Gemini at 23%. These figures highlight ongoing efforts by organizations to limit unauthorized data movement and mitigate risks associated with the use of personal accounts on unmanaged platforms.

Chart showing the top apps for upstream blocks to personal apps in the manufacturing sector

Data policy violations in personal applications

Across the manufacturing sector, many organizations are actively using DLP controls to monitor and manage the movement of sensitive data into personal applications, aiming to reduce the risk of accidental exposure or misuse. Recent incident analyses show that regulated data, including personal, financial, and healthcare information, accounts for 41% of policy violations. Intellectual property follows at 32%, highlighting the risk of proprietary information being exposed outside approved environments. Passwords and API keys make up 19% of violations, while source code represents only 8%. This is in contrast to the global trend, where source code represents roughly 50% of incidents.

These findings underscore the ongoing challenge of protecting commercially sensitive information in unmanaged or personal applications. Strengthening DLP coverage, improving employee awareness, and enforcing clear data-handling policies remain critical measures for organizations in the manufacturing sector to ensure compliance and minimize both insider and external data exposure risks.

Chart showing the data policy violations for personal apps in the manufacturing sector

 

Recommendations link link

With the growing use of genAI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across the manufacturing sector to take a fresh look at their overall security posture:

  • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
  • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
  • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
  • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

 

Netskope Threat Labs link link

Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DEF CON, Black Hat, and RSA.

 

About this report link link

Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

The statistics in this report are based on the period from September 1, 2024, through September 30, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

 

Related Resources

Results