Daily NewsThreat Detection & Defense

Netskope Threat Labs: AI Is Transforming Financial Services But Security Gaps Are Growing Faster Than Governance

Because the Security Infrastructure Is Still Catching Up

Netskope Threat Labs just found out something worrying: The financial services sector is going all-in on generative AI (Artificial Intelligence). The security infrastructure needed to manage that bet is still catching up.

That is the central tension running through Netskope Threat Labs’ latest report on AI adoption, data security risks, and malware distribution trends across financial services—a sector that sits on some of the world’s most sensitive regulated data and is deploying AI into its core operations at a pace that is outrunning its own governance frameworks.

The Netskope Threat Labs data covers February 2025 through February 2026, drawn from anonymised usage data across Netskope’s global customer base in financial services. What it reveals is a sector in transition—making meaningful progress on AI governance in some areas, while opening new vulnerabilities in others.

The Shadow AI Problem Is Shrinking—But It Has Not Disappeared

The headline governance story is genuinely encouraging. Over the past year, the percentage of financial services employees using personal generative AI accounts dropped significantly—from 76% to 36%—while those using organisation-managed AI solutions climbed from 33% to 79%. That is a dramatic shift in the right direction, reflecting stronger oversight, clearer policies, and a deliberate push to move AI usage into controlled environments.

But the detail that demands attention is this: 15% of users are now switching between personal and enterprise AI accounts, up from 9% a year ago. That figure is rising because managed tools are not yet fully matching the convenience, accessibility, and features that personal tools offer. When the enterprise solution does not do everything a user needs, they find a workaround. Shadow AI has not been eliminated—it has evolved.

Netskope
Source: Netskope Threat Labs

The GenAI Ecosystem Is Diversifying Fast

According to the Netskope Threat Labs report, ChatGPT remains the dominant generative AI platform in financial services, used by 76% of organisations, with Google Gemini close behind at 68%. But the more significant story is what is happening below them.

Google NotebookLM has reached 39% adoption. AssemblyAI—which registered at just 1% in June 2025—has surged to 37% penetration in under a year, driven by strong demand for specialised transcription and voice data processing capabilities. The generative AI market in financial services is no longer a two-platform conversation. Organisations are building out a broader mix of integrated and specialised tools, and the governance challenge grows with every new application added to that stack.

On the blocking side, ZeroGPT is the most frequently restricted generative AI application at 46%, followed by DeepSeek at 44% and PolitePost at 43%—a clear signal that financial institutions are making active, risk-based decisions about which tools are permissible in regulated environments.

Netskope Threat Labs FInds Primary Risk Exposure

Across generative AI data policy violations in financial services, regulated data accounts for 59% of incidents. Intellectual property represents 20%, source code 11%, and passwords and API keys 9%.

The picture is even starker when it comes to personal application violations: regulated data accounts for 65% of policy violations there, with source code and intellectual property each at 14%, and passwords and API keys at 6%.

These numbers as collated by Netskope Threat Labs reflect the fundamental challenge facing the sector. Financial services organisations handle some of the most compliance-sensitive data in the world—and both direct AI usage and the embedded AI features built into everyday tools are expanding the surface area through which that data can be exposed. Critically, 94% of users are using generative AI applications that rely on user data for training, meaning sensitive financial information may be at risk not just through deliberate sharing, but through the underlying mechanics of the tools themselves.

Netskope
Source: Netskope Threat Labs

Attackers Are Hiding in Plain Sight

Perhaps the most operationally significant finding in the Netskope Threat Labs report concerns where malware is now coming from.

GitHub is the most abused platform for malware distribution in financial services, affecting 11% of organisations. Microsoft OneDrive is second at 8.2%. The tactic is deliberate and effective. By hosting malicious content on trusted, widely used cloud platforms, attackers make detection significantly harder—malicious traffic looks identical to legitimate cloud-hosted activity. For financial institutions that have invested heavily in perimeter defences, this is precisely where the real threat now lives.

Personal Apps Remain a Persistent Leak Point

Despite stronger governance around managed AI tools, the personal application problem has not gone away. LinkedIn is used by 92% of financial services employees as a personal application in workplace environments. Google Drive sits at 84%. ChatGPT, even as a personal—rather than managed—tool, is at 77%.

Organisations are actively trying to control the risk. Google Drive is the most frequently governed application at 40%, followed by ChatGPT at 28% and Gmail at 27%. But the scale of personal app usage in a regulated environment means the exposure surface remains enormous.

Netskope
Source: Netskope Threat Labs

What Needs to Change, According to Netskope

Netskope Threat Labs closes the report with four practical recommendations that amount to a coherent security posture for the AI era: inspect all HTTP and HTTPS traffic to catch malware disguised as legitimate cloud activity; block applications that present disproportionate risk; deploy data loss prevention policies to monitor sensitive data moving into personal apps, generative AI tools, and unauthorised locations; and use Remote Browser Isolation for higher-risk browsing environments.

The deeper message running through all four is the same. In financial services, you cannot manage AI risk and cybersecurity risk as separate disciplines any more. The two are now the same problem—and the organisations that treat them that way will be significantly better positioned than those that do not.

The governance gap is closing. It is not yet closed.

Martin Dale Bolima

Martin has been a Technology Journalist at Asia Online Publishing Group (AOPG) since July 2021, tasked primarily to handle the company’s Disruptive Tech Asia and Disruptive Tech News online portals. He also contributes to Cybersecurity ASEAN and Data&Storage ASEAN, with his main areas of interest being artificial intelligence and machine learning, cloud computing and cybersecurity. A seasoned writer and editor, Martin holds a degree in Journalism from the University of Santo Tomas in the Philippines. He began his professional career back in 2006 as a writer-editor for the University Press of First Asia, one of the premier academic publishers in the Philippines. He next dabbled in digital marketing as an SEO writer while also freelancing as a sports and features writer.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *