Retailers are leading the charge on embracing generative AI (GenAI). New research from cybersecurity company Netskope Threat Labs found that 95% of retail organisations are now using GenAI tools, up from 73% last year, putting the sector ahead of the pan-industry average of 90% – and highlighting retail’s rapid digital transformation and appetite for innovation.
However, Netskope’s report reveals that the way retailers are using GenAI is evolving as organisations become more cybersecurity-conscious, particularly in the light of recent high-profile data breaches, such as the cyberattacks on M&S and JLR . It found a sharp decline in the use of personal GenAI accounts, dropping from 74% in January to just 36% in June. In contrast, adoption of organisation-approved platforms has more than doubled, rising from 21% to 52% – reflecting the growing concerns around data governance, with retailers opting for managed environments that offer stronger safeguards and greater control.
Platforms such as Azure OpenAI, Amazon Bedrock, and Google Vertex AI are gaining traction, enabling retailers to host private models, build custom applications, and deploy AI agents securely. These tools offer flexibility while helping organisations maintain tighter control over sensitive data.
Shadow AI remains a threat
Despite these advances, risks remain. Shadow AI – where employees use unapproved tools – continues to pose a threat. The use of APIs is surging, with 63% of organisations connecting to api.openai.com and 44% to api.assemblyai.com. Sensitive data, including source code (47%) and regulated customer information (39%), is still being fed into external GenAI tools, exposing businesses to potential breaches. Intellectual property, passwords, and API keys are also at risk, with retail exposure rates mirroring broader industry patterns.
Cybercriminals are also exploiting trusted cloud services to deliver malware. Microsoft OneDrive is the most affected, with 11% of retail organisations encountering malware downloads monthly, followed by GitHub and Google Drive.
Retailers step up on cybersecurity
What is clear, however, is that retailers are aware of the risks (as well as the opportunities) of GenAI and taking clear steps to prevent them. As Gianpietro Cutolo, cloud threat researcher at Netskope, said: “Retailers are strengthening data security and monitoring cloud and API activity, helping to reduce exposure of sensitive information such as source code and regulated data. The goal is clear: leverage the benefits of AI innovation while protecting the organisation’s most valuable data assets.”
Stefan Baldus, chief information security officer at HUGO BOSS, added: “The era of uncontrolled shadow AI is over. As IT managers, we must no longer block innovation, we must manage it securely. That’s why we rely on modern security solutions that give us full transparency and control over sensitive data flows in the age of cloud computing and AI, and that can withstand constantly evolving cyber attacks. This is the only way we can harness the creative power of AI while ensuring the protection of our brand and customer data.”
Stay informed
Our editor carefully curates two newsletters a week filled with up-to-date news, analysis and research. Click here to subscribe to the FREE newsletter sent straight to your inbox. Why not follow us on LinkedIn to receive the latest updates on our research and analysis?
