The retail sector’s embrace of generative AI is creating a significant cybersecurity challenge, according to a new report. Netskope’s findings reveal that 95% of retail organizations are now leveraging generative AI applications, a steep climb from 73% just a year prior. This accelerated adoption, however, is widening the attack surface and heightening the potential for sensitive data breaches.
The report signals a move towards company-sanctioned AI tools. While personal AI account usage has declined, the use of approved platforms is on the rise. ChatGPT remains the dominant player, but Google Gemini and Microsoft Copilot are gaining ground.
A major point of concern is the potential exposure of sensitive information. Source code accounts for a staggering 47% of data policy violations within GenAI applications, followed by regulated data at 39%. This has led retailers to increasingly ban potentially risky applications, with ZeroGPT being the most frequently blocked.
In response to these risks, retailers are increasingly turning to enterprise-grade AI platforms offered by major cloud providers like OpenAI via Azure and Amazon Bedrock. These platforms offer enhanced control and private model hosting capabilities. However, even with these safeguards, misconfigurations remain a critical vulnerability, capable of triggering major breaches. Furthermore, a substantial 63% of organizations are directly integrating with OpenAI’s API, embedding AI more deeply into their core systems.
The report also underscores the prevalence of poor cloud security practices, with malicious actors exploiting trusted services like Microsoft OneDrive and GitHub to deliver malware. The use of personal applications by employees further compounds the problem, leading to data leaks on unapproved platforms. To effectively address these mounting threats, retail security leaders must prioritize comprehensive visibility of web traffic, proactively block high-risk applications, and rigorously enforce data protection policies.