
Generative AI (GenAI) is driving up the risk of data breaches, according to Verizon’s new 2025 Data Breach Investigations Report. The report, which analyzed over 20,000 real-world incidents, showed that threat actors are leveraging GenAI in their attacks, and employees are using GenAI in unsecure ways.
While the report covers many security topics, its insights on GenAI and its impact on the threat landscape are particularly worth unpacking.
The technology is still developing, leaving most organizations unsure of how to protect themselves from GenAI-assisted risks. Now, we have some new data to help organizations understand what they’re facing.
Employee use of GenAI opens businesses to risks
While 60% of employees agree that AI poses an increased risk to security, according to a recent Dashlane survey, that hasn’t stopped them from using GenAI tools at work.
The Data Breach Investigations Report found that:
- 14% of employees routinely access GenAI systems on their corporate devices.
- Of that 14%, nearly three-quarters (72%) used a non-corporate email for their account and 17% used their corporate email without an integrated authentication system, such as SSO.
Shadow IT isn’t new, of course. We already know it increases an organization’s attack surface and that SSO and MFA provide no protection against it.
However, this GenAI-assisted shadow IT is particularly concerning because “the most common use cases of GenAI tools—such as summarization or coding assistance—often invite the user to upload confidential documents and codebases to achieve them,” states the report.
Also, with GenAI being integrated into some new mobile devices’ operating systems, there’s even more potential for employees to inadvertently expose sensitive information. Core functions like voice assistants and messaging apps leverage GenAI.
Adding fuel to the fire, some of these functions are enabled by default, requiring users or a centralized mobile device management system to opt out. For organizations with BYOD policies, this is especially dangerous.
GenAI is also fueling more external risks
All this sensitive data handed over to GenAI tools can be leaked at any time. Just last January, the popular GenAI tool DeepSeek was found to be insecurely leaking chat history and other sensitive data.
And even without data leaked by GenAI tools, threat actors are using this technology to generate smarter and more personalized cyberattacks that are harder to detect. Since credential abuse is the most common initial access vector (22%) and phishing is the third (16%), let’s focus on those for a moment.

It would take only a minute and a little prompting for a threat actor to use GenAI and data from data brokers or the dark web to create thousands of realistic, error-free phishing emails catered to their audience. These messages often appear legitimate even to respected cybersecurity experts because they’re used to more generic phishing emails with spoofed hyperlinks and typos.
Thus, employees get tricked into giving away work credentials and other sensitive information—and their security teams don’t know until it’s too late.
In fact, the percentage of AI-assisted malicious emails doubled from around 5 percent in 2022 to around 10 percent in 2025, according to the report. And many security experts expect that percentage to continue climbing.
GenAI tools are also being used by state-sponsored actors, with OpenAI and Google both reporting attempts from state-sponsored actors to abuse their GenAI tools. However, the attempts don’t appear to have been successful thus far.
Get insights on how the security landscape continues to evolve in Verizon’s 2025 Data Breach Investigations Report.
The urgent need for a more intelligent approach
GenAI is exposing organizations to smarter threats at a faster pace. Enterprise security leaders need:
- Proactive risk intelligence: Always-on intelligence paired with targeted actions so they can combat the #1 breach threat: Human risk.
- Real-time response: Smart, in-context alerts that prompt employees to take action against phishing and credential threats to close security gaps.
- Protected employee access: The ability to stay in control of shadow IT while equipping every employee with a secure browser-based vault for all their credentials.
To deliver on this need, Dashlane recently launched Dashlane Omnix™, the AI-accelerated platform that gives enterprises complete visibility into credential risk and enables IT and security leaders to be proactive, stopping threats before they escalate.
It provides credential risk insights, in-context alerts, and expanded enterprise deployment options—all in one unified platform.
Sign up to receive news and updates about Dashlane