SecurityBrief New Zealand - Technology news for CISOs & cybersecurity decision-makers
New Zealand

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Retail store digital screens security icons ai technology integration
#
Malware
#
Data Protection
#
Physical Security

Retail sector boosts AI use while clamping down on shadow risks

Tue, 30th Sep 2025
Author image
By Melvin Hipolito, Editor

Research from Netskope Threat Labs has highlighted significant shifts in generative AI adoption and data security practices within the retail industry.

The report states that generative AI (genAI) adoption in retail has reached 95%, up from 73% in the previous year. While genAI uptake is markedly higher, a decline has been registered in the use of personal genAI accounts at work. The proportion of retail employees using personal accounts dropped sharply from around 74% in January to 36% in June.

Netskope's research identifies the use of personal genAI accounts at work as a major security risk. Security teams are unable to monitor or secure these unauthorised accounts, increasing the likelihood of accidental leaks of sensitive data. According to the report, most data leaks involved source code (47%) and regulated data (39%), with employees sometimes sharing business and customer information with genAI tools.

Intellectual property, passwords, and API keys have also been exposed through such applications, with leak rates in the retail sector broadly reflecting those recorded across other industries.

Shift to managed AI solutions

Adoption of organisation-approved genAI apps has more than doubled over the same period, rising from 21% to 52%. Organisations are deploying sanctioned genAI tools to encourage productivity while implementing stronger safeguards and improving control over usage. This shift signals a changing approach as businesses attempt to balance innovation with increased oversight.

The report also finds that 97% of retail organisations use genAI applications that collect user data for training purposes. Concerns about transparency and data handling have led to some apps, notably ZeroGPT and DeepSeek, being among the most frequently blocked by retail IT departments.

While use of ChatGPT within retail dipped slightly between February and May, this is the first decrease observed by Netskope Threat Labs in this sector, a trend also seen elsewhere in the industry.

Emergence of 'shadow AI'

Retail employees are turning to more advanced AI platforms, allowing the building and deployment of genAI models or AI agents. Employees have sometimes bypassed formal security approval procedures, raising the issue of so-called "shadow AI" - platforms and apps not officially sanctioned by an organisation.

Direct connections between these platforms and enterprise data sources risk misconfigurations or unauthorised access, putting customer and business data at risk. The report urges retail organisations to seek out and monitor shadow AI use to avoid potential gaps in security.

Malware risks via trusted cloud services

Attackers are also exploiting reputable cloud services to distribute malware. According to the report, Microsoft OneDrive is most frequently affected, with 11% of retail organisations encountering malware downloads through OneDrive each month. Github, used widely by developers, follows at 9.7%, and Google Drive at 6.9%.

Gianpietro Cutolo, Cloud Threat Researcher at Netskope Threat Labs, said: "GenAI adoption in the retail sector is accelerating, with organisations increasingly using platforms like Azure OpenAI, Amazon Bedrock, and Google Vertex AI. While the use of personal genAI accounts is declining, organisation-approved platforms are gaining traction, reflecting a shift toward more controlled and monitored usage. Retailers are strengthening data security and monitoring cloud and API activity, helping to reduce exposure of sensitive information such as source code and regulated data. The goal is clear: leverage the benefits of AI innovation while protecting the organisation's most valuable data assets."
Stefan Baldus, Chief Information Security Officer at HUGO BOSS, explains: "As a major international fashion label, the security of our data is paramount. The trend is clear and the era of uncontrolled shadow AI is over. As IT managers, we must no longer block innovation, we must manage it securely. That's why we rely on modern security solutions that give us full transparency and control over sensitive data flows in the age of cloud computing and AI, and that can withstand constantly evolving cyber attacks. This is the only way we can harness the creative power of AI while ensuring the protection of our brand and customer data."

Information in the Netskope report is drawn from anonymised usage data provided by a subset of retail customers, collected with prior consent.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Rubrik unveils AI tools to boost recovery for Microsoft 365 & DevOps
Cohesity & Microsoft deepen AI-driven data security & growth
ROLLER boosts global speed & security with Fastly platform
Nutanix to bring Azure Virtual Desktop support to hybrid setups
Fortinet & Crime Stoppers launch global cybercrime bounty scheme

Top stories

Claroty unveils AI-powered CPS Library to boost asset visibility
New Relic boosts AI observability with Microsoft Azure tie-in
Rubrik & Microsoft integrate to manage AI agents in 365 apps
DEFEND wins global Microsoft award as cyber threats surge in NZ
Exabeam & Recorded Future boost threat response with AI-driven intel