Zscaler ThreatLabz 2025 Data@Risk Report: Safeguarding Enterprise Data in an AI-Driven World

As enterprise technology races forward at a breakneck pace, organizations are reaping the rewards of digital transformation—bolstered by cloud adoption, generative AI tools, and a sprawling SaaS ecosystem. Yet, while the benefits of this connectivity are clear, the dramatic expansion of the digital attack surface has elevated the urgency and complexity of data protection to unprecedented heights. The Zscaler ThreatLabz 2025 Data@Risk Report serves as a critical wake-up call, exposing the contours of data loss risk in an AI-driven era and providing strategic blueprints for security leaders striving to keep pace.

The Expanding Risk Horizon: Lessons from 1.2 Billion Blocked Transactions​

Drawing on detailed telemetry from more than 1.2 billion blocked data loss transactions—logged between February and December 2024 via the Zscaler Zero Trust Exchange—the ThreatLabz 2025 report provides a rare, quantitative window into the often opaque world of enterprise data security. Each blocked incident is a story in itself—a near-miss, a thwarted breach, or the visible symptom of an evolving threat landscape.
A striking theme emerges: as organizations increase reliance on cloud-driven platforms and productivity-enhancing AI tools, their most sensitive data—personal identifiers, intellectual property, proprietary code, and financial records—becomes ever harder to control. The very tools designed to drive innovation and efficiency have, in many cases, become unwitting vectors for data loss.

Data Loss Channels: Where Breaches Emerge​

Generative AI Tools: The New Data Leakage Hotspot​

AI applications such as ChatGPT and Microsoft Copilot are fundamentally reshaping how enterprises work, automate, and solve problems. Yet with this innovation comes new, unanticipated risks. According to the report, AI platforms contributed to 4.2 million data loss violations in 2024 alone, with personal identifiers—such as Social Security numbers—among the most commonly exposed data types.
What’s especially concerning is the double-edged nature of generative AI. As users interact with these highly capable models, prompts and outputs can inadvertently shuttle sensitive corporate or customer information to third-party AI services. Zscaler researchers underscore that this flow of information is often invisible or poorly understood by both users and IT governance teams.
Security experts outside Zscaler have echoed these findings: Gartner projects that, by 2026, over 30% of critical corporate data will have traversed generative AI models in some form, tripling the risk of exposure compared to pre-AI years. The consensus is growing that AI tools require not just user education, but specialized monitoring and granular controls to avoid catastrophic loss events.

SaaS Platforms: Colliding Collaboration and Compliance​

With over 872 million flagged data loss incidents across 3,000+ SaaS apps, the dual role of SaaS platforms as collaboration drivers and security flashpoints is stark. Topping the list of risky tools are Microsoft 365, Salesforce, and Google Workspace—platforms that permeate nearly every enterprise. Their flexibility fosters efficiency, but also makes it easy for users to overshare sensitive data, often inadvertently.
This risk is amplified by the “always-on, everywhere” aspect of SaaS: employees access documents, dashboards, and presentations from any device, on any network, making perimeter-based defenses obsolete. The ThreatLabz data confirms a trend observed by Forrester in late 2024: organizations are seeing a year-on-year increase of more than 40% in SaaS-based data loss events, particularly those involving regulatory-protected data like health or financial records.

Email: Perennial Danger in a Modern Context​

Despite the rise of newer channels, email remains a stubbornly persistent data loss vector. Microsoft Exchange and Gmail collectively accounted for 104 million flagged transactions containing billions of sensitive data leak incidents. Leaks include not only medical data and Social Security numbers, but also critical source code and confidential internal memos.
Multiple studies corroborate this risk. Verizon’s Data Breach Investigations Report has consistently ranked email among the top three sources of investigated breaches, propelled largely by phishing, simple user error, and the challenge of managing vast, distributed address books. The ThreatLabz finding aligns with industry-wide concerns: the legacy nature of email infrastructure and deeply ingrained user behaviors mean that remediation is as much a human challenge as a technical one.

File-Sharing Services: Convenience with a Side of Chaos​

File-sharing giants—Google Drive, Microsoft OneDrive, Dropbox, and similar platforms—are indispensable to modern workflows. Unfortunately, they also offer fertile ground for inadvertent or malicious exfiltration. The report tallied 212 million flagged data loss transactions on these platforms in 2024, most commonly involving proprietary source code, financial data, or other high-value, regulated information.
Security researchers at MITRE have warned that as file-sharing integrates more deeply with SaaS and AI, the “blast radius” of a compromised account or misconfigured sharing permission can extend across entire customer and partner ecosystems. Even a single public folder link can lead to downstream exposure at an alarming scale.

Root Cause: Technology Advancements Outpacing Controls​

What underpins this escalation in risk is not merely the number of connected endpoints or the rise of remote work, but the rapid outpacing of traditional data security approaches by accelerating innovation. Zero trust, cloud-based DLP (data loss prevention), and AI-driven monitoring are no longer future-facing ambitions—they are urgent necessities.
The ThreatLabz 2025 Data@Risk Report highlights five contributing factors:

• Proliferation of Shadow IT: Employees deploy unapproved SaaS and AI tools, often bypassing corporate governance.
• Complexity of SaaS Permissioning: Granular user roles and document-level permissions are rarely managed consistently; over-permissioning is the norm.
• Lack of Visibility Across Channels: From email and chat to API links embedded in AI prompts, data frequently moves in unmonitored paths.
• BYOD (Bring Your Own Device) Sprawl: Corporate data spreads onto unmanaged and often insecure personal devices.
• Misconfiguration: Even well-intentioned IT teams struggle to correctly set and maintain security postures across hundreds of cloud services.

The New Best Practice: Unified, AI-Driven Data Security​

While the numbers in the ThreatLabz report may seem daunting, its guidance is both pragmatic and actionable. Security, the authors argue, must no longer rely on patchwork solutions or isolated teams. Instead, organizations should prioritize a unified, AI-fueled approach that adapts as quickly as the digital landscape evolves.

AI-Powered Data Discovery and Classification​

Discovery is the cornerstone of any effective defense: organizations cannot protect data they don’t know exists. Zscaler and peer vendors advocate the use of AI-powered solutions that can continuously scan endpoints, SaaS apps, and cloud stores to identify patterns of sensitive data—from financial identifiers to source code snippets—in both structured and unstructured formats. The use of machine learning enables real-time risk recognition, far outpacing manual inventory methods. This shift dovetails with NIST’s SP 800-53 guidance, which recommends automated, dynamic monitoring for sensitive assets.

Mapping Data Loss Channels and Tailoring Controls​

A recurring lesson from the report is that every organization’s risk profile is unique, shaped by industry, regulatory exposure, and technology stack. The ThreatLabz team urges enterprises to thoroughly map all channels by which data flows—not just email and file-sharing, but AI tools, BYOD access, and even endpoints like USB drives. Granular, channel-appropriate controls—such as AI-specific prompt filtering or BYOD access restrictions—should be prioritized over blanket “one-size-fits-all” policies.

Zero Trust and Secure Access Service Edge (SASE)​

At the architectural level, the report champions a transition from legacy, perimeter-based security to Zero Trust and SASE models. Rather than assuming trust based on network location, Zero Trust enforces least-privilege access, robust identity verification, and continuous monitoring across users and devices. Integration of SASE further enhances this model by offering secure access regardless of where users connect.
Research from IDC and the Cloud Security Alliance confirms this direction: organizations that have implemented Zero Trust and SASE architectures report up to 60% fewer unauthorized data access incidents compared to those relying on older, network-centric models.

Controlling Generative AI and AI App Interactions​

A major advance detailed in the ThreatLabz report is the development of granular, context-aware controls for AI tools. For example, Zscaler’s Browser Isolation technology creates a secure virtual “sandbox” for users accessing AI apps. Clipboard actions, file uploads, and downloads can be restricted or logged, minimizing the risk of accidental leaks.
Further, innovative AI/ML-driven policy enforcement enables organizations to block or flag unsafe input prompts—such as those containing sensitive financial or customer data—before such information is sent to external AI services. This smart prompt blocking is critical as attackers (and even legitimate users) increasingly attempt to probe generative AI models for confidential data.

Continuous Misconfiguration Management​

Misconfigurations are a leading cause of cloud-based breaches. The ThreatLabz report urges continuous scanning for overly broad sharing settings, unused admin privileges, and sensitive files exposed through public or third-party links. Automated remediation and just-in-time permissioning are called out as “must-have” practices.

Behavioral Analytics and Automated Incident Response​

Finally, a proactive response requires more than detection—it requires the ability to rapidly correlate user activity, flag anomalous behaviors (such as a sudden spike in file downloads from a new device), and automate response workflows. Zscaler’s End User Behavioral Analytics (EUBA) is highlighted as an example, using historical and real-time data to detect and contain potential exfiltration attempts.
This mirrors recommendations from leading frameworks such as MITRE ATT&CK and CIS Controls, which emphasize the need for robust detection engineering and integrated response capabilities.

Critical Analysis: Strengths, Innovation—and Persistent Risks​

The ThreatLabz 2025 report is especially notable for its breadth and specificity, moving beyond vague warnings to deliver actionable, data-rich guidance. Its reliance on real-world transaction data—rather than simulated environments—lends credibility and immediacy to its findings.
Strengths include:

• Data-Driven Insight: The scale of analysis (1.2 billion+ blocked transactions) provides statistically significant trends and slices risk profiles by channel and app.
• Pragmatic Recommendations: The report avoids “security theater,” favoring workflow-compatible controls over user-unfriendly lockdowns.
• Emphasis on AI-Specific Risks: Few contemporary security frameworks address generative AI as directly, positioning ThreatLabz at the leading edge of this growing concern.
• Continued Advocacy for Zero Trust: Reinforcing industry best practices with new, practical implementation tips.

Yet, while the guidance is compelling, some cautions remain:

• Dependence on Zscaler Ecosystem: Some recommendations may implicitly favor Zscaler’s proprietary tools. While effective, organizations should scrutinize interoperability with their existing stack and ensure vendor-neutral strategies are available.
• Visibility Gaps Remain: Neither the report nor current toolsets can guarantee perfect visibility into “shadow” AI or SaaS usage, especially as employees increasingly turn to unapproved tools on unmanaged devices.
• The Human Factor: Technology can mitigate—but not eliminate—risks from user negligence, phishing, or social engineering. Ongoing training and culture shift remain essential.

Comparing with Independent Research​

Analysis from other security vendors, including Symantec, CrowdStrike, and Palo Alto Networks, echoes many of the ThreatLabz findings: the explosion of applications, devices, and automation has dramatically raised the stakes for data loss. In its 2024 State of Cloud Security report, CrowdStrike notes a 53% increase in data loss incidents tied to misconfigured SaaS permissions over just two years. The Ponemon Institute’s 2024 study also reports that organizations with AI-powered DLP reduce the average time to remediate an incident by nearly half compared to legacy tools.
What’s unique about ThreatLabz is its focus on the integration of AI behavioral monitoring and prompt analytics—a gap in many mainstream security products.

The Path Ahead: Turning Risk into Opportunity​

The message is clear: as the AI-driven future unfolds, reactive and fragmented approaches to data security are no longer adequate. Only a unified, AI-compatible security posture—one that spans endpoint, cloud, communication, and workflow—will keep sensitive enterprise data safe while enabling productivity.
Key takeaways for enterprises include:

• Invest in continuous, AI-augmented data discovery: Map sensitive assets not just once, but dynamically, in the face of shifting data flows.
• Adopt Zero Trust as the default, not an exception: Enforce least-privilege access and “never trust, always verify” principles across all user and device populations.
• Tailor controls to the channel—including generative AI: Recognize that each vector—email, SaaS, file-sharing, AI apps—demands specific policies and monitoring mechanisms.
• Automate response, not just detection: Use machine learning and workflow orchestration to rapidly correlate, investigate, and remediate threats as they arise.
• Foster a culture of data stewardship: Technology is essential, but so is ongoing user education, executive buy-in, and cross-functional collaboration.

The Zscaler ThreatLabz 2025 Data@Risk Report arrives at a pivotal juncture—illuminating the scale of enterprise data loss, but also charting a course for resilience. Its core insight is both a warning and an invitation: as generative AI and cloud ecosystems evolve, so too must our defenses. Organizations that act now—embracing unified security, dynamic mapping, and AI-first controls—will not only avoid the next wave of crises, but unlock the full power of digital transformation, secure in the knowledge that their data remains protected, wherever it travels.

---

Source: Security Boulevard Securing Data in the AI Era: Insights from the ThreatLabz 2025 Data@Risk Report