The retail industry is one of the leaders in the adoption of generator AI, but the new report highlights the security costs associated with it.
According to Cybersecurity Firm Netskope, the retail sector has adopted the technology universally, with 95% of today’s organizations using generated AI applications. This is a big jump from 73% just a year ago, showing how quickly the retailer is scrambling to avoid being left behind.
However, this AI gold rush has dark sides. As organizations weave these tools into the fabric of operations, they create large new surfaces for cyberattacks and sensitive data leaks.
The findings in the report show sectors in transition, moving from a chaotic, early adoption to a more controlled, business-driven approach. There was a transition from staff using personal AI accounts. This has increased by more than half from 74% to 36% since the start of the year. Instead, the company-approved Genai tools have more than doubled, rising from 21% to 52% over the same time frame. This is a sign that businesses are trying to wake up and understand the situation in response to the dangers of “Shadow Ai.”
In the fight for retail desktops, ChatGpt is used by 81% of organizations. But that advantage is not absolute. Google Gemini has broken in with 60% adoption, and Microsoft’s Copilot Tools have hot heels at 56% and 51% respectively. I’ve recently seen ChatGpt’s first DIP popularity, but the use of Microsoft 365 Copilot is rising rapidly. This is thanks to the deep integration with the productivity tools that many employees use every day.
Beneath the surface of this generative AI adoption by the retail industry, security nightmares are rising. What makes these tools useful: the ability to process information – is also their greatest weakness. Retailers believe they have a surprising amount of sensitive data fed them.
The most common type of data published is the company’s own source code, which accounts for 47% of all data policy violations in the Genai app. Nearby, 39% of regulatory data such as confidential customer and business information are available.
In response, more and more retailers have banned apps they find too risky. The most frequently discovered app on blocklists is Zerogpt, with 47% of organizations relating to user content storage, and there are even concerns that they may redirect data to third-party sites.
This new attention is pushing the retail industry into a more serious enterprise-grade generation AI platform from leading cloud providers. These platforms offer much better control, allowing businesses to host their models personally and build their own custom tools.
Both Openai and Amazon Bedrock via Azure are tied to leads, each being used by 16% of retail companies. But these are not silver bullets. A simple misunderstanding can connect powerful AI directly to the corporate crown jewel, creating the possibility of catastrophic violations.
This threat isn’t just from employees using AI in their browsers. The report found that 63% of organizations are directly connected to Openai’s API, embedding AI deep into backend systems and automated workflows.
This inherent risk is part of a poor, troubling pattern of cloud security hygiene. Attackers are increasingly using trusted names to deliver malware, knowing that employees are more likely to click on links from familiar services. Microsoft Onedrive is the most common perpetrator, with 11% of retailers being attacked by malware from the platform every month, and developer Hub Github is used in 9.7% of attacks.
A long-standing problem with employees using personal apps at work continues to fuel fires. Social media sites such as Facebook and LinkedIn are used in almost all retail environments (96% and 94% respectively), along with personal cloud storage accounts. It is in these unauthorized personal services that cause the worst data breaches. When employees upload files to a personal app, they contain data that is regulated to 76% of the resulting policy violations.
For retail security leaders, casual generation AI experiments are over. Netskope’s findings are a warning that organizations must take decisive action. Gain full visibility of all web traffic, block risky applications, enforce strict data protection policies and control where you can send.
Without proper governance, the next innovation can easily be a violation of the next heading.
See: Martin Frederik, Snowflake: Data Quality is the Key to AI-Driven Growth
Want to learn more about AI and big data from industry leaders? Check out the AI & Big Data Expo in Amsterdam, California and London. The comprehensive event is part of TechEx and will be held in collaboration with other major technology events. Click here for more information.
AI News is equipped with TechForge Media. Check out upcoming Enterprise Technology events and webinars here.
