Rapid AI adoption strains cloud security: data violations surge

What happened Netskope’s Cloud and Threat Report: 2026 shows genAI adoption has driven a steep rise in data-policy violations. The average organization logs 223 incidents per month. The top 25% of organizations record roughly 2,100 incidents per month. Regulated data — personal, financial, healthcare — accounts for 54% of violations. 47% of genAI users still access tools via personal, unmanaged accounts. That creates widespread shadow-AI risk (Netskope; IT Pro).

Technical context GenAI user counts rose about 200% year over year. Prompt volumes jumped roughly 500%, expanding the data flows security controls must cover. Netskope warns that agentic AI features broaden the attack surface. It recommends expanding data loss prevention (DLP), logging, and AI-aware monitoring across managed and unmanaged apps. Nine in ten organizations now block at least one genAI app (Netskope; IT Pro).

Implications The problem is compounded by skill and process gaps. InfoWorld notes cloud incidents rose sharply in 2025, citing a 61% increase and many organizations reporting critical events. Security teams should inventory genAI data flows and extend DLP and audit logs to personal and unmanaged apps. Tighten access and secrets controls, and pair those controls with targeted cloud security training (Netskope; InfoWorld; IT Pro).

Why It Matters

• Inventory genAI data flows now: the average organization sees 223 sensitive-data uploads to AI apps per month — unmanaged apps are a major vector.
• Extend DLP and logging to managed and personal AI tools to detect regulated data (54% of violations) and reduce insider/exfiltration risk.
• Treat agentic AI as a new attack surface: map AI tasks, expand monitoring, and include AI behavior in threat models and incident response plans.
• Invest in cloud security skills and governance: rising cloud incidents (61% increase cited) point to misconfigurations and process gaps as primary failure modes.