Securing data in the AI era

As businesses increasingly rely on cloud-driven platforms and AI-powered tools to accelerate digital transformation, the stakes for safeguarding sensitive enterprise data have reached unprecedented levels. The Zscaler ThreatLabz 2025 Data@Risk Report reveals how evolving technology landscapes are amplifying vulnerabilities, highlighting the critical need for a proactive and unified approach to data protection.

Drawing on insights from more than 1.2 billion blocked transactions recorded by the Zscaler Zero Trust Exchange between February and December 2024, this year’s report paints a clear picture of the data security challenges that enterprises face. From the rise of data leakage through generative AI tools to the undiminished risks stemming from email, SaaS applications, and file-sharing services, the findings are both eye-opening and urgent.

The 2025 Data@Risk Report sheds light on the multifaceted data security risks enterprises face in today’s digitally enabled world. Some of the most noteworthy trends include:

• AI apps are a major data loss vector: AI tools like ChatGPT and Microsoft Copilot contributed to millions of data loss incidents in 2024, particularly social security numbers.
• SaaS data loss is surging: Spanning 3,000+ SaaS apps, enterprises saw more than 872 million data loss violations.
• Email remains a leading source of data loss: Nearly 104 million transactions leaked billions of instances of sensitive data.
• File-sharing data loss spikes: Among the most popular file-sharing apps, 212 million transactions saw data loss incidents.

AI applications: A new data loss hotspot

Generative AI tools such as ChatGPT and Microsoft Copilot are revolutionizing how enterprises work—but not without consequences. These platforms accounted for 4.2 million data loss violations, revealing how personal identifiers, intellectual property, and financial data are routinely at risk.

SaaS ecosystems: Simplifying workflows, complicating security

More than 872 million data loss incidents were flagged across SaaS platforms. Popular applications such as Microsoft 365, Salesforce, and Google Workspace, which have the largest share of violations, highlight the tension between collaboration and compliance.

Email: A legacy risk with perennial consequences

Despite newer tools and platforms, email remains at the forefront of data loss. Microsoft Exchange and Gmail collectively saw 104 million transactions containing billions of data loss incidents. The most common leaks included medical data, social security numbers, and source code.

File-sharing platforms: Productivity with a heaping side of risk

File-sharing giants like Google Drive, Microsoft OneDrive, and Dropbox logged 212 million transactions that involved data loss. Sensitive information—ranging from proprietary source code to financial records—flowed unchecked in billions of individual violations across these transactions.

While the report reveals massive volumes of data loss across the most popular applications, it also provides a roadmap for organizations to act decisively before data leaks or exfiltration happen. By adopting a unified, AI-driven approach to data security, businesses can turn these risks into opportunities and secure data across every channel, wherever it resides.

Best practice recommendations from the 2025 Data@Risk Report include:

• Use AI to discover and classify your data: Implement a Zero Trust Architecture (ZTA), enabling advanced data loss prevention (DLP) policies across endpoints and networks, and leveraging AI-powered platforms to identify risks in real-time. By taking these steps, enterprises can safeguard their data while enabling productivity and innovation to thrive.
• Understand your data loss channels: Map out all the channels through which data flows within and outside your organization—email, SaaS apps, AI tools (e.g., Microsoft Copilot), BYOD, cloud storage, and physical storage devices. Each channel presents unique risks and requires tailored security controls.
• Lean on your Zero Trust Architecture: Transition from a perimeter-based security model to a ZTA that enforces least-privileged access. Use identity-based access control, granular policies, and Secure Access Service Edge (SASE) to inspect all internet traffic, segment networks, and minimize your organization’s attack surface.
• Secure GenAI and AI tools with granular controls: For generative AI tools like ChatGPT and Microsoft Copilot, enforce granular controls on user sessions, such as input or output restrictions. Block unsafe prompts that might expose sensitive data during user interactions. Additionally, monitor anomalies in user behavior (e.g., excessive queries) and flag or block activities that violate data security policies.

As enterprise AI transforms workflows and accelerates innovation, the challenges of managing and securing data grow in parallel. From sensitive prompts leaked in generative AI tools to data loss across SaaS platforms, email, and endpoints, Zscaler offers best-in-class tools to secure data in this rapidly evolving landscape, providing visibility, control, and Zero Trust protection for enterprise applications worldwide. This allows enterprises to:

• Find sensitive data across endpoints, inline, and cloud with AI-powered auto data discovery and classification.
• Protect data in motion with full TLS/SSL inspection and inline DLP for web, email, BYOD, and GenAI apps.
• Secure data at rest in clouds and on endpoints with unified policy, sharing controls, and device posture.
• Simplify operations with unified end-to-end incident response using a single, integrated console with Workflow Automation.

Protecting enterprise AI apps from data loss

Zscaler also delivers a full suite of best-in-class products to secure generative AI tools like ChatGPT and Microsoft Copilot.

• AI app visibility: As employees rapidly adopt AI tools like ChatGPT and Microsoft Copilot, Zscaler ensures enterprises never lose visibility over sensitive inputs or outputs.
• Smart input prompt blocking: Zscaler uses AI/ML-driven URL filtering and policy enforcement to categorize AI app activity and automatically block unsafe or unapproved input prompts.
• Deep visibility into AI workflows: Innovative categorization of user prompts lets security teams track, analyze, and make educated decisions about AI application security. For instance, Zscaler policies can:
  • Monitor for sensitive user data (e.g., social security numbers) in real time.
  • Block prompts related to intellectual property leakage.
• Secure collaboration via isolation: Prevent accidental data transfers in AI applications, without stifling productivity:
  • Browser isolation for AI tools: Zscaler’s Browser Isolation technology allows employees to interact with AI tools securely by rendering applications in an isolated virtual browser.
    • Clipboard usage, file uploads, and downloads can be restricted while still enabling prompts.
    • Prevent accidental data exfiltration when employees interact with generative AI apps, such as ChatGPT or OpenAI-powered interfaces.
• Safe pixel rendering: By rendering applications as “pixels,” Zscaler ensures sensitive information never physically leaves the organization’s control, even during remote use.
• Securing Microsoft Copilot: With Microsoft Copilot set to revolutionize enterprise productivity, Zscaler eliminates risks tied to sensitive data misuse, misconfigurations, and third-party access.
  • Inline data leak prevention for prompts: Zscaler scans OneDrive files and Copilot functions in real time, mapping data connections to ensure security standards. Prevent excess permissions and proactively block sensitive files from exposure.
  • Fix misconfigurations in SaaS settings: Zscaler continuously monitors configurations to resolve oversharing risks.
  • End User Behavioral Analytics (EUBA): Using AI-driven behavioral analytics, Zscaler identifies anomalies not only from Copilot users but also from any connected third-party SaaS integrations.

There has never been a more critical time to rethink your enterprise’s approach to data security. The 2025 ThreatLabz Data@Risk Report offers a comprehensive look at where risks lie, what drives them, and how organizations can respond effectively to secure their sensitive data in today’s rapidly evolving, AI-driven ecosystem.

For a full list of best practices, download the 2025 Data@Risk Report.