Security service edge (SSE) and data security provider Skyhigh Security released its 2025 Cloud Adoption and Risk report. This document extends a blueprint for securing the modern AI-powered enterprise, backed by real-world insight, trends and best practices, worldwide.
Findings revealed that 94 percent of all AI services are at risk for at least one of the top LLM risk vectors – prompt injection/jailbreak, malware generation, toxicity and bias – while 11 percent of files uploaded to AI applications include sensitive corporate content.
“Our research clearly shows that threats like shadow AI and the unsanctioned use of generative AI applications are rising just as swiftly as AI adoption itself. If your organization hasn’t evaluated its security posture in this new era of AI and cloud, these statistics should serve as a critical reminder,” said Steve Tait, CTO, Skyhigh Security. “Both unsanctioned and sanctioned AI use isn’t just a compliance risk, it also opens the door to the exfiltration of sensitive data. At this point, security and governance aren’t optional—they’re foundational.”
Skyhigh Security noted that enterprises use 320 AI cloud applications, on average, with DeepSeek emerging as a key driver of shadow AI growth. In January 2025, Skyhigh recorded DeepSeek usage by 43 percent of customers, uploading a combined 176GB of data into the AI chatbot.
Traditional DLP and access-control models are no longer suited to address the nuances of Shadow AI, prompt-based data exposure and AI learning risks on their own. SSE solutions allow enterprises to gain full visibility into all AI applications, along with usage metrics such as user counts, upload data and request count. In addition, SSE solutions provide risk information calculated using a set of controls.
Skyhigh’s research also revealed a 200 percent increase in AI application traffic within the last year, compared to a 23 percent increase in traffic (non-AI applications). Furthermore, data uploaded to AI applications is up 80 perecnt, while other categories registered just 13 percent growth.
Copilot for Microsoft 365 and OpenAI’s ChatGPT led as the top AI applications used by enterprises. Copilot dominated with 82 percent of all Skyhigh Security customers using it within their enterprise, up from 18 percent (2024). Within the same timeframe, the traffic to Copilot increased 3,600X, with data uploads increasing 6,000X.
As Copilot adoption accelerates across the enterprise, organizations are prioritizing the extension of existing security controls to protect sensitive data within Copilot environments. This includes the application of DLP), data-at-rest scanning and the prevention of sensitive data ingestion.
As organizations integrate AI solutions across departments and global operations, adhering to region-specific and industry-mandated compliance frameworks has become essential. The top regulations that have expanded their reach to include AI applications include GDPR, HIPAA and the EU AI Act.
Skyhigh found that 95 percent of AI applications are at medium or high risk for EU GDPR violation, and only 22k percent of all AI applications are in adherence to one or more compliance certifications. The report revealed that 84 percent of AI applications do not support ‘Data Encryption at Rest,’ while 83 percent fail to support integration with MFA tools.
The 2025 Cloud Adoption and Risk report findings are a result of anonymized telemetry data across over three million users, including corporate professionals and information workers, 40,000+ cloud services and more than two billion daily events over the course of 2024.
