Menlo Security’s 2025 Report Reveals 68% Rise in Shadow Generative AI Usage Amid Surge in AI-Driven Cyber Threats

Menlo Security, the pioneer in browser security, has released its 2025 Report: How AI is Shaping the Modern Workspace, revealing a 68% increase in the use of “shadow” generative AI tools within enterprises. The findings, drawn from telemetry data collected across hundreds of global organizations, highlight a dramatic rise in unapproved AI usage, underscoring growing risks in the modern digital workplace. The report identifies a 50% surge in web traffic to generative AI platforms in early 2025, with 10.53 billion visits recorded in January alone. This spike reflects widespread adoption of AI tools by employees, often outside official IT policies and without proper oversight. These so-called “shadow AI” applications—used without enterprise approval—are now a common feature in many organizations, driven by employee demand for faster, more efficient workflows. However, the rapid adoption comes with serious security implications. As employees interact with third-party AI services, the attack surface for cyber threats expands significantly. Menlo Security’s data shows a sharp increase in AI-related malware, phishing attempts, and data exfiltration risks linked to unsecured AI platforms. Many of these tools collect and store user data without clear privacy safeguards, exposing sensitive corporate information to potential breaches. The report also reveals that a majority of organizations lack visibility into how or where AI tools are being used. Nearly 60% of surveyed companies admitted they have no formal policy governing the use of generative AI, and only a small fraction have implemented technical controls to monitor or restrict access. Menlo Security’s findings underscore the urgent need for enterprises to establish clear AI governance frameworks. The company recommends deploying secure, isolated browser environments that prevent data leakage and block malicious content from AI platforms. These solutions allow employees to leverage AI for productivity while maintaining enterprise security and compliance. As generative AI becomes deeply embedded in daily operations, the report warns that without proactive security measures, organizations risk significant data exposure, regulatory penalties, and reputational damage. The 2025 data makes clear: AI adoption is accelerating, but so are the associated risks—and businesses must act now to secure the future of their digital workspaces.