TLDR: A 2025 report by Menlo Security highlights a 50% increase in web traffic to generative AI sites and a 68% surge in ‘shadow’ generative AI usage within modern enterprises, leading to heightened security risks such as data leakage and sophisticated phishing attacks.
Menlo Security, a leader in browser security, has released its 2025 Report: ‘How AI is Shaping the Modern Workspace,’ revealing a substantial increase in generative AI (GenAI) adoption and a corresponding rise in security threats across global organizations. The report, based on telemetry data, indicates a 50% spike in web traffic to GenAI sites, escalating from 7 billion visits in February 2024 to 10.53 billion in January 2025. A significant 80% of this access occurs via web browsers, underscoring the rapid integration of GenAI into daily operations.
A critical finding from the report is the proliferation of ‘shadow AI’ usage, where 68% of employees are utilizing free-tier AI tools like ChatGPT through personal accounts. Alarmingly, 57% of these users are inputting sensitive company data into these unsanctioned platforms. The scale of this risk is evident from a single month’s data, which recorded 155,005 copy attempts and 313,120 paste attempts, demonstrating how sensitive information is inadvertently exposed as employees strive to complete their work. Devin Ertel, Chief Information Security Officer at Menlo Security, stated, ‘The numbers don’t lie; AI adoption is exploding and essential in the modern workspace. However, without clear governance, this rapid growth can create serious risks around data leakage.’
The report also highlights the explosive growth in GenAI domains and applications, with over 6,500 GenAI domains and 3,000 apps observed. While this offers users a wide array of options, it also creates fertile ground for scammers to deploy sophisticated attacks, including the creation of fake websites designed to deliver ransomware. The security risks are further compounded by phenomena like phishing-as-a-service (PhaaS), which leverages AI capabilities, contributing to a 130% increase in zero-hour phishing attacks. AI-assisted attacks are becoming highly targeted, blending open-source intelligence (OSINT) with generative AI to craft effective spear-phishing campaigns.
Also Read:
- Netskope Threat Labs Warns of Escalating ‘Shadow AI’ Risks Amidst Surging GenAI Adoption
- Cyber Adversaries Leverage AI for Scaled Attacks, Targeting AI Systems Themselves, CrowdStrike Report Reveals
Regionally, the Americas lead in overall AI traffic, while the Asia-Pacific region shows robust growth in GenAI adoption, with 75% of organizations in China and 73% in India reporting GenAI implementation. In contrast, EMEA lags, likely due to stricter regulatory environments. The report emphasizes the need for enterprises to adopt stringent policies against shadow AI, enforce data loss prevention (DLP) measures, and restrict unauthorized access to AI platforms. Organizations are urged to establish sanctioned AI tools and implement controls over uploads, downloads, and direct text inputs to safeguard their networks.
