Netskope is recognized as a Leader again in the Gartner® Magic Quadrant™ for SASE Platforms. Get the Report

close
magnifying glass
Get Started
magnifying glass
chevron
Support Language
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
chevron Get the white paper
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
          chevron Experience Netskope
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope is recognized as a Leader Furthest in Vision for both SSE and SASE Platforms
            2X a Leader in the Gartner® Magic Quadrant for SASE Platforms
            One unified platform built for your journey
            chevron Get the report
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
              chevron Get the eBook
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                chevron Get the eBook
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                  chevron Get the eBook
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                    chevron Watch the demo
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                        chevron Get the eBook
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          chevron Read the case study
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                            chevron Learn about Netskope GovCloud
                                Netskope Technical Support
                                Netskope Technical Support
                                Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                chevron Technical Support
                                  Netskope video
                                  Netskope Training
                                  Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.
                                  chevron Explore Netskope Training
                                    ""
                                    Achieve Business Value with Netskope One SSE
                                    Netskope One Security Service Edge (SSE) enables enterprises to achieve considerable business value by consolidating business critical security services within the Netskope One platform
                                    chevron Get the study
                                      Let's do great things together
                                      ""
                                      Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                      chevron Netskope Partners
                                        Threat Labs Report

                                        Threat Labs Report: Retail 2025

                                        This report analyzes the primary cybersecurity risk trends impacting organizations within the Retail sector. It addresses the increasing adoption of generative AI (genAI) tools and their associated data security challenges. Furthermore, it highlights the growing number of data policy violations, where sensitive information is increasingly being leaked through unauthorized cloud services, personal applications, and genAI platforms.

                                        Share via Tags
                                        Retail & Hospitality Threat Labs Reports Threat Protection
                                        Change the language
                                        DeutschEnglishEspañolFrançaisPortuguês日本語

                                        Jump to a section

                                        In This Report GenAI in retail
                                        GenAI: Adoption and growth trends GenAI in retail: Application usage and data exposure risks
                                        Agentic AI adoption
                                        Rise of enterprise genAI platforms Growing use of genAI APIs beyond the browser
                                        Malware downloads
                                        Malware distribution via cloud applications
                                        Cloud application usage
                                        Personal app activity
                                        Data policy violations
                                        Data policy violations in cloud applications
                                        Recommendations Netskope Threat Labs About This Report
                                        11 min read

                                        In This Report link link

                                        This report examines recent trends in the adoption and use of generative AI applications, agentic AI platforms, cloud app usage, data policy violations, and malware distribution within the Retail sector. It highlights the growing security and compliance challenges organizations face as AI becomes increasingly embedded in daily workflows and cloud applications continue to expand.

                                        GenAI usage: Adoption of genAI in retail is accelerating, with 95% of organizations now using genAI applications. ChatGPT, Google Gemini, and Microsoft Copilot lead adoption, while personal genAI accounts have declined as businesses transition to organization-approved platforms.

                                        Agentic AI and custom platforms: Retail organizations are increasingly leveraging privacy-conscious, flexible genAI platforms such as Azure OpenAI, Amazon Bedrock, and Google Vertex AI. These platforms enable private model hosting, custom applications, and AI agents, providing organizations with greater control over their data. However, shadow AI remains a significant source of risk. The integration of genAI via APIs beyond the browser is growing rapidly, with 63% of organizations using api.openai.com and 44% using api.assemblyai.com.

                                        Cloud applications usage: Personal cloud applications, including Facebook, LinkedIn, OneDrive, and Google Drive, remain widely used in workplaces, creating additional points of potential data exposure.

                                        Data policy violations: Sensitive information continues to be uploaded to unapproved locations. Regulated data and source code account for the majority of violations, both in enterprise and personal apps, emphasizing the need for employee awareness and stricter controls over cloud and AI platforms.

                                        Malware delivery: Attackers exploit trusted cloud services such as Microsoft OneDrive, GitHub, and Google Drive to distribute malware, taking advantage of user trust and high adoption rates. Organizations face ongoing challenges in detecting and preventing these attacks before files are shared internally.

                                        This report highlights the need for retail organizations to enhance visibility, enforce stricter policies, and proactively mitigate risk across genAI applications, cloud apps, and API usage to protect sensitive data while enabling innovation.

                                        GenAI in retail link link

                                        GenAI: Adoption and growth trends

                                        The proliferation of genAI within the retail sector is experiencing rapid acceleration, with 95% of organizations presently leveraging these applications, representing a notable increase from 73% in the previous year. Significantly, 97% of retail organizations utilize tools that integrate genAI-powered features, and an equivalent number rely on genAI applications that employ user data for training purposes. Overall, 95% of retail organizations have adopted genAI apps directly, slightly outpacing global adoption, where 90% have embraced genAI solutions.

                                        Bar chart showing the Percentage of orgs in the retail sector

                                        At the same time, the use of personal genAI accounts remained steady at around 74% from July 2024 to January 2025, before dropping sharply to 36% by June 2025, where usage now appears to have stabilized. In contrast, adoption of organization-approved genAI solutions has risen from 21% to 52% over the same period. This shift reflects a growing preference for company-sanctioned platforms that provide stronger safeguards for sensitive data and greater control over usage. As this transition continues, retail organizations should prioritize secure, enterprise-grade genAI solutions that enable innovation while supporting compliance and reducing risk.

                                        Chart showing GenAI usage personal vs. organization account breakdown in the retail sector

                                        In the retail sector, the top 10 most widely used genAI applications closely mirror global usage patterns. Leading the pack is ChatGPT, used by 81% of organizations, making it the most popular genAI app in the industry. Google Gemini has also gained strong traction, with 60% of organizations integrating it into their workflows, positioning it as a prominent alternative to ChatGPT. Microsoft Copilot is used by 56% of organizations, while Microsoft 365 Copilot follows closely at 51%, highlighting growing demand for genAI tools embedded directly within productivity platforms. The rest of the top 10 includes a diverse mix of domain-specific applications and embedded AI tools tailored to business needs and retail-specific use cases.

                                        Chart showing the most popular genAI apps based on the percentage of orgs using those apps in the retail sector

                                        The chart below illustrates how the popularity of these top 10 genAI applications has evolved over the past year, underscoring the rapid pace of change in the retail genAI landscape. ChatGPT remains the most widely used app among retail organizations, though its usage has shown a slight decline since January, marking the first dip we have observed in its popularity. In contrast, Google Gemini has demonstrated steady, incremental growth throughout the year, reflecting rising interest and adoption globally. Microsoft 365 Copilot has seen the sharpest increase in usage in recent months, fueled by its integration into productivity platforms already widely deployed in the sector. Notably, Grok has entered the top 10 for the first time, signaling the emergence of new players in the retail genAI ecosystem.

                                        Chart showing the most popular apps by percentage of organizations in the retail sector

                                        GenAI in retail: Application usage and data exposure risks

                                        As genAI adoption accelerates across the retail sector, the risks tied to data exposure are becoming a central concern. Retail organizations are increasingly embedding genAI into their operations, but this integration often involves sending sensitive data to external applications, expanding the surface for security threats. Data security is now a growing concern as genAI becomes part of daily workflows and shadow AI continues to emerge as a challenge. The risks associated with DLP are particularly relevant as employees turn to these tools for business-critical activities.

                                        Analysis of recent data policy violations reveals that the most common type of sensitive information exposed to genAI apps in the retail sector is source code, accounting for 47% of all violations. Regulated data follows at 39%, often shared as employees use genAI to process sensitive business or customer information. While other sensitive data, such as intellectual property, passwords, and API keys, is also being exposed through genAI apps, the frequency of these exposures in retail closely aligns with global patterns.

                                        Chart showing the Type of policy violations for GenAI apps in the retail sector

                                        Retail organizations are taking a careful approach to genAI tools, with many blocking apps because of security, privacy, or compliance concerns. While each company’s policy is different, some apps are blocked more often than others, showing where the most significant risks are seen. If these tools are used in your environment, it may be worth reviewing them and deciding whether blocking whole categories of apps is safer than managing each one separately.

                                        In the retail sector, ZeroGPT tops the list of most blocked genAI apps, with 47% of organizations restricting access. The main reason is how it handles user data: it not only stores submitted content, but has also been reported to redirect user data to third-party websites. DeepSeek follows at 44%, reflecting ongoing caution around data transparency and the risks associated with rapidly emerging genAI platforms.

                                        These trends indicate that retailers are not only responding to specific application risks, but also strengthening their overall approach to managing genAI usage within established risk and compliance frameworks.

                                        Chart showing the most blocked AI apps by percentage of organizations enacting a blanket ban on the app in the retail sector

                                         

                                        Agentic AI adoption link link

                                        Rise of enterprise genAI platforms

                                        As genAI adoption matures in the retail sector, organizations are increasingly shifting their attention from SaaS-based tools to more flexible and privacy-conscious genAI platforms. Unlike SaaS genAI apps, which gained traction because of their plug-and-play simplicity, these platforms provide greater control, allowing businesses to host models privately and deploy them within their own infrastructure. They also enable users to build custom applications and AI agents.

                                        Currently, 32% of retail organizations are using at least one of the three major genAI platforms, while 8% are using at least two, and 2.7% are using all three. A key driver behind this shift is the accessibility of genAI services through major cloud providers. OpenAI’s services via Azure and Amazon Bedrock are tied for the lead, each adopted by 16% of organizations. Google Vertex AI follows at 10%. While adoption rates in retail are slightly behind global averages, the steady rise indicates significant room for further growth.

                                        Chart showing the AI Framework Adoption by percentage of organizations in the retail sector

                                        As familiarity with these platforms increases, more users are experimenting with tailoring AI to specific workflows. The ease of deploying these platforms means employees often choose whichever framework feels most familiar or best suits their project, sometimes bypassing formal approval processes. Since these platforms can directly connect to enterprise data sources, organizations must remain especially vigilant. Misconfigurations or uncontrolled access could put sensitive information at risk.

                                        To balance innovation with security, it’s critical for organizations to monitor usage patterns closely. Netskope can help retailers gain visibility into who is using genAI platforms, how they are being used, and where data flows may expose risks. Identifying and reviewing these behaviors is an essential first step toward enforcing responsible AI use within the enterprise.

                                        Growing use of genAI APIs beyond the browser

                                        Even when AI agents and applications run on-premises, the models they depend on are often hosted in the cloud, including SaaS or genAI platform environments. These agents and apps typically connect to API endpoints that differ from those used in web browsers. For instance, interactions with OpenAI in a browser go through chatgpt.com, while APIs such as api.openai.com are used for automated, programmatic access, whether by custom tools, internal workflows, or AI agents.

                                        Currently, 63% of organizations are connecting to api.openai.com, OpenAI’s lead in non-browser (native app or agent) genAI usage. api.assemblyai.com is used by 44% of organizations, while api.copy.ai is used by 16%, reflecting a growing trend of integrating SaaS-based AI services directly into backend processes and enterprise tools.

                                        Chart showing the top 10 SaaS AI API domains by percentage of organizations in the retail sector

                                         

                                        Malware downloads link link

                                        Malware distribution via cloud applications

                                        Attackers often exploit trusted cloud platforms to distribute malware, knowing that users are more likely to open files hosted on familiar services. In the retail sector, a significant number of users encounter malicious content each month, and victims can inadvertently spread infected files within the organization using these popular cloud apps.

                                        Microsoft OneDrive is the most affected, with 11% of organizations encountering malware downloads from the platform each month. GitHub follows closely at 9.7%, leveraging its popularity among developers and its role in hosting open-source tools, some of which are misused by attackers. Google Drive accounts for 6.9% of malware encounters, reflecting its broad enterprise adoption.

                                        While these cloud services actively remove harmful content, the brief window before detection can be enough for an attack to succeed, emphasizing the need for vigilant monitoring and security controls.

                                        Chart showing the top apps for malware downloads in the retail sector

                                         

                                        Cloud application usage link link

                                        Personal app activity

                                        In the retail sector, the widespread use of personal cloud apps within workplaces continues to blur the lines between corporate and personal data handling. Facebook and LinkedIn are the most commonly used personal apps, present in 96% and 94% of monitored environments, respectively, followed closely by Microsoft OneDrive at 93% and Google Drive at 91%.

                                        While much of this usage is well-intentioned, such as backing up files or using familiar tools to stay productive, it still introduces risks, particularly when sensitive data is involved. Whether through personal genAI accounts or social media platforms, these apps create potential points of data exposure, especially when used by departing employees or for unofficial sharing.

                                        Chart showing the top apps for the upstream activities to personal apps in the retail sector

                                         

                                        Data policy violations link link

                                        Data policy violations in cloud applications

                                        In the retail sector, the most common type of data policy breach occurs when employees upload sensitive information to websites or cloud services that their organization has not approved. Regulated data accounts for 57% of all policy violations, while source code makes up 30% and passwords and authentication keys account for 11%.

                                        These trends underscore the critical need for stronger data protection measures and improved employee awareness around the risks of sharing sensitive information on unapproved platforms.

                                        Chart showing the type of data policy violations in the retail sector

                                        When examining personal apps in the retail sector, the overall pattern of data policy violations remains similar, with regulated data still accounting for the most considerable portion at 76%. Source code represents 18% of violations, highlighting that sensitive business information continues to be uploaded to personal cloud apps.

                                        This trend underscores the growing risk of placing commercially sensitive information in unapproved locations, emphasizing the need for stronger controls and employee education around secure data handling.

                                        Chart showing the data policy violations for personal apps in the retail sector

                                         

                                        Recommendations link link

                                        With the growing use of genAI tools, both managed and personal, and the misuse of personal cloud apps, it is essential to strengthen visibility, refine policies, and prioritize proactive defenses to protect your organization in this fast-changing threat landscape.

                                        Based on the trends uncovered in this report, Netskope Threat Labs strongly encourages organizations across the retail sector to take a fresh look at their overall security posture:

                                        • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope One NG-SWG with a threat protection policy that applies to downloads from all categories and applies to all file types.
                                        • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
                                        • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
                                        • Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present a higher risk, like newly observed and newly registered domains.

                                        Netskope Threat Labs link link

                                        Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.

                                        About This Report link link

                                        Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

                                        The statistics in this report are based on the period from July 1, 2024, through July 30, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

                                        Related Resources

                                        Results