Shift to enterprise AI tools grows, Yet data leakage risks remain in financial services sector

As India’s financial services sector accelerates digital transformation and AI adoption, new findings from Netskope Threat Labs reveal a growing tension between innovation and data security.

The latest Financial Services Report highlights that regulated financial data accounts for 59% of all data policy violations linked to generative AI (genAI) — underscoring significant compliance risks in an increasingly AI-driven ecosystem. With India’s financial institutions rapidly embracing AI for customer experience, fraud detection, and automation, the implications for data protection are particularly critical.

GenAI usage is now near-ubiquitous, with 70% of users actively using genAI tools and 97% indirectly interacting with AI-powered applications. However, 94% of these applications rely on user data for training, increasing the likelihood of sensitive financial data exposure.

Encouragingly, organisations are shifting towards safer practices. The use of enterprise-managed genAI tools has surged from 33% to 79%, while reliance on personal AI apps has dropped significantly. Yet, 15% of users still switch between personal and corporate accounts, creating potential leakage points for sensitive data — a key concern for India’s highly regulated BFSI sector.

The report also highlights evolving risks beyond AI. 65% of data policy violations in personal cloud applications involve regulated data, while platforms like LinkedIn (92%) and Google Drive (84%) remain widely used in workplace environments. Additionally, GitHub has emerged as the most exploited platform for malware, impacting 11% of organisations.

“In financial services, organizations are actively shifting users away from personal AI tools toward managed, enterprise-ready platforms that offer better visibility and control, though some overlap shows there’s still work to do. What really stands out is the data: regulated financial information continues to dominate policy violations, making this one of the highest-stakes environments for data protection. As AI becomes more deeply embedded through APIs and integrated platforms, strong governance and effective DLP controls are essential to keep innovation moving without putting sensitive data at risk.” – Gianpietro Cutolo, Cloud Threat Researcher, Netskope Threat Labs

Ray Canzanese, Director of Netskope Threat Labs, said: “As financial institutions accelerate their adoption of generative AI, they are also expanding the number of pathways through which sensitive data can be exposed. While the shift towards organisation-managed tools is a positive step, our findings show that risks persist, particularly where personal and enterprise usage overlap.

To reduce risk, organisations need a layered approach – inspecting all web and cloud traffic to stop malware, blocking non-essential applications, and using data loss prevention to protect sensitive information. Technologies like remote browser isolation also play a key role in enabling safe access to higher-risk websites”. As cyber threats grow more sophisticated, the report signals a clear need for Indian organisations to rethink security frameworks — moving towards integrated, AI-aware, and compliance-first architectures.