#Japan #Tokyo #AI Security #Netskope #Data Policy

The Growing Concern of AI-Related Data Violations in Japan

Netskope Threat Labs, a leading research arm under Netskope (NASDAQ: NTSK), has released a revealing annual report shedding light on the challenges Japanese organizations face with AI, cloud, and malware threats. Over the course of 2025, it has been documented that Japanese companies are struggling with a significant surge in data policy violations related to generative AI technologies. Currently, monthly violations exceed 500, indicating more than double the global average, which stands at 223 violations.

The rising integration of generative AI tools has been notably robust over the past year, with 80% of Japanese organizations now employing this technology compared to 69% a year ago. Furthermore, the number of observed generative AI tools has skyrocketed to over 1,800, marking a fivefold increase within the same timeframe. This rapid growth presents an escalating need for robust governance around data handling practices.

As the adoption of AI tools grows, the risk associated with employees inadvertently inputting sensitive data or uploading critical documents has also risen alarmingly. Recent statistics reveal that 48% of the policy violations fall under regulated data. In particular, intellectual property violations make up 38% of these breaches, with sensitive elements such as source code and authentication credentials—like passwords and API keys—following closely behind.

In light of these developments, Japanese organizations are proactively implementing measures to govern the use of generative AI tools. With many employees defaulting to personal, unsecured accounts rather than company-managed solutions, firms are finding it challenging to maintain visibility and control over data use, which can lead to significant data breaches. Consequently, there has been a notable shift in generative AI usage statistics over the past year; the usage of shadow AI in workplaces dropped from 85% to a mere 11%, drastically different from the global average of 47%. Conversely, the proportion of employees leveraging company-approved accounts has skyrocketed from 15% to 79%, outpacing the global average of 62%.

ChatGPT has traditionally been the frontrunner in generative AI applications; however, recent data indicates that Google's Gemini has pulled ahead in Japan, marking a historic moment as the first AI service to eclipse ChatGPT in adoption rates. This shift underscores the broader trend of organizations accelerating the integration of corporately sanctioned AI tools, resulting in expanded use across mainstream software applications.

Ray Canzanese, Director of Netskope Threat Labs, emphasizes the balancing act of fostering innovation while mitigating security risks. 'Organizations must find a way to enable employees to leverage the potential of generative AI technologies without exposing sensitive data to risk. In Japan, businesses have made remarkable progress in eradicating shadow AI practices that were commonplace just a year ago. However, merely introducing sanctioned tools to visualize AI usage is just the first step; robust data protection measures are essential to address real security challenges and maintain the crucial balance between innovation and security.'

The widespread use of cloud applications among workplaces continues to be a significant pathway for data breaches and malware dissemination within Japanese organizations. The regular use of personal cloud applications by employees contributes to blurring the lines between personal and organizational data management, resulting in an average of 17 policy violations monthly that pertain to personal applications.

A breakdown shows that half of these violations involve intellectual property, followed by regulated data (37%), passwords and API keys (10%), and source code (2%). To mitigate these risks, implementing real-time automatic guidance to dissuade employees from sharing confidential information through unmanaged services can prove effective. Organizations that adopted such policies found that over 34% of users were prevented from uploading files to personal Google Drive accounts over the past year.

Additionally, the threat landscape includes attackers exploiting commonly used cloud applications like Box, GitHub, and Microsoft OneDrive. These platforms are utilized widely within Japanese organizations, with attempts to download malware reported at alarming rates: 10%, 7.6%, and 7.1%, respectively.

Canzanese warns, 'These platforms are equipped with multi-layer defenses for quick removal of malicious content, yet even minor delays in detection can enable malware dissemination or proliferation within the organization. Thus, it's critical for organizations to consider deploying comprehensive security capabilities that encompass cloud usage, especially regarding free or unauthorized accounts that often act as breeding grounds for threats.'

For more in-depth threat analysis and statistics, readers are encouraged to consult the complete report.

Methodology

The information contained in this report is derived from anonymized usage data collected between October 1, 2024, and October 31, 2025, via the Netskope One Security Platform and relates to a pre-approved subset of Netskope's customers in Japan.

About Netskope

Netskope (NASDAQ: NTSK) leads the industry in providing state-of-the-art security and networking technologies suited for the cloud and AI era. The company optimizes access and provides real-time contextual security across people, devices, and data, addressing the needs of both security and network teams. With thousands of customers, including over thirty Fortune 100 companies, relying on the Netskope One Platform, Zero Trust Engine, and robust NewEdge network, these solutions offer visibility into all aspects of cloud, AI, SaaS, web, and private application usage, thus enhancing security risk reduction and network performance. For further information, visit netskope.com/jp.