Global data reveals pervasive Shadow AI usage and growing LLM risks, underscoring security and governance are now a business imperative
Skyhigh Security, a global leader in the Security Service Edge (SSE) and data security markets, has released its 2025 Cloud Adoption and Risk Report, offering a blueprint for securing the modern AI-powered enterprise backed by real-world insights, trends, and best practices from across the globe. The findings reveal that 94% of all AI services are at risk for at least one of the top LLM risk vectors—prompt injection/jailbreak, malware generation, toxicity, and bias—and 11% of files uploaded to AI applications include sensitive corporate content.
“Our research clearly shows that threats like Shadow AI and the unsanctioned use of generative AI applications are rising just as swiftly as AI adoption itself. If your organization hasn’t evaluated its security posture in this new era of AI and cloud, these statistics should serve as a critical reminder,” said Steve Tait, Chief Technology Officer at Skyhigh Security. “Both unsanctioned and sanctioned AI usage isn’t just a compliance risk, it also opens the door to the exfiltration of sensitive data. At this point, security and governance aren’t optional—they’re foundational.”
Shining a light on Shadow AI and unsanctioned app usage
The Shadow AI problem is an extension of the Shadow IT problem that enterprises have dealt with for the last decade. Skyhigh Security data finds that enterprises use a staggering 320 AI cloud applications on average – with DeepSeek emerging as a key driver of Shadow AI growth. In January 2025, Skyhigh Security recorded DeepSeek usage by 43% of customers, who uploaded a combined 176GB of data into the AI chatbot.
Traditional DLP and access control models are no longer suited to address the nuances of Shadow AI, prompt-based data exposure, and AI learning risks on their own. Security Service Edge (SSE) solutions allow enterprises to gain full visibility into all AI applications, along with usage metrics such as user counts, upload data, and request count. In addition, SSE solutions provide risk information calculated using a set of controls.
Microsoft Copilot, ChatGPT adoption continues to surge for global enterprises
It comes as no surprise that AI adoption is skyrocketing, with Skyhigh Security research revealing a 200% increase in AI application traffic within the last year, compared to a 23% increase in traffic to non-AI applications. Furthermore, data uploaded to AI applications is up 80% while other categories registered just 13% growth.
Copilot for Microsoft 365 and OpenAI’s ChatGPT lead as the top AI applications used by enterprises. While both are wildly popular, Microsoft Copilot dominates with 82% of all Skyhigh Security customers using Microsoft Copilot within their enterprise—up from 18% last year. Within the same timeframe, the traffic to Microsoft Copilot increased 3,600x, with data uploads increasing 6,000x.
As Microsoft Copilot adoption accelerates across the enterprise, organizations are prioritizing the extension of existing security controls to protect sensitive data within Copilot environments. This includes the application of Data Loss Prevention (DLP), Data-at-Rest Scanning, and the Prevention of Sensitive Data Ingestion.
Growing AI usage demands stronger compliance oversight
As organizations integrate AI solutions across departments and global operations, adhering to region-specific and industry-mandated compliance frameworks has become essential. The top regulations that have expanded their reach to include AI applications include the General Data Protection Regulation (GDPR), Health Insurance Portability and Accountability Act (HIPAA), and EU AI Act.
Skyhigh Security’s analysis finds that 95% of AI applications are at medium or high risk for EU GDPR violation, and only 22% of all AI applications are in adherence to one or more compliance certifications such as HIPAA, PCI, ISO, FISMA, and FedRAMP. In particular, the report reveals that 84% of AI applications don’t support ‘Data Encryption at Rest,’ while 83% don’t support integration with multi-factor authentication (MFA) tools.
Key takeaways
Artificial intelligence has moved from the margins to the mainstream, and is now serving as a catalyst for enterprise transformation across industries. From copilots that boost productivity to private assistants that streamline operations, AI is driving undeniable value across industries. But with rapid adoption comes a new wave of risk: the rise of Shadow AI, regulatory compliance challenges, data leakage, and evolving security vulnerabilities.
Skyhigh Security’s cloud-native SSE platform provides the necessary visibility, control, and enforcement capabilities required to enable safe and scalable AI use. These solutions can combat AI application sprawl—including Shadow AI and unsanctioned application usage—and help alleviate the fear of regulatory noncompliance. Altogether, the research presented in the 2025 Cloud Adoption and Risk Report underscores the immediate need for enterprises to evaluate their security postures and consider leveraging advanced SSE solutions that protect against the rising risks of AI adoption.
Additional Resources:
- Download the 2025 Cloud Adoption and Risk Report
- Learn more about Skyhigh Security Service Edge
- Learn more about Skyhigh AI
Methodology
The 2025 Cloud Adoption and Risk Report findings are a result of anonymized telemetry data across 3M+ users consisting of corporate professionals and information workers, 40,000+ cloud services, and 2B+ daily events over the course of 2024.
About Skyhigh Security
Skyhigh Security is dedicated to securing the world’s data with cloud-native, data-aware security solutions that empower organizations to collaborate freely without compromising on security. Its market-leading Security Service Edge (SSE) portfolio focuses on protecting data use, enabling innovation and compliance across hybrid environments. For more information, visit https://www.skyhighsecurity.com/.
View source version on businesswire.com: https://www.businesswire.com/news/home/20250424587953/en/
Contacts
Media Contact:
Lindsay Yanko, Sr. Communications Manager | Skyhigh Security
lindsay.yanko@skyhighsecurity.com
