Introduction to Generative AI in Retail
The retail industry has seen a significant increase in the adoption of generative AI, with 95% of organizations now using these applications. This is a huge jump from 73% just a year ago, showing how quickly retailers are moving to avoid being left behind. However, this rapid adoption comes with a dark side, as organizations are creating a massive new surface for cyberattacks and sensitive data leaks.
The Rise of Generative AI in Retail
According to a report by cybersecurity firm Netskope, the retail sector has all but universally adopted generative AI technology. The report’s findings show a sector in transition, moving from chaotic early adoption to a more controlled, corporate-led approach. There’s been a shift away from staff using their personal AI accounts, which has more than halved from 74% to 36% since the beginning of the year. In its place, usage of company-approved GenAI tools has more than doubled, climbing from 21% to 52% in the same timeframe.
Popular Generative AI Tools in Retail
In the battle for the retail desktop, ChatGPT remains the most popular tool, used by 81% of organizations. However, its dominance is not absolute, with Google Gemini and Microsoft’s Copilot tools also gaining traction. Google Gemini has been adopted by 60% of organizations, while Microsoft 365 Copilot’s usage has surged, likely due to its deep integration with productivity tools.
Security Risks Associated with Generative AI
Beneath the surface of generative AI adoption lies a growing security nightmare. The ability of these tools to process information is also their biggest weakness, as retailers are seeing alarming amounts of sensitive data being fed into them. The most common type of data exposed is the company’s own source code, making up 47% of all data policy violations in GenAI apps. Regulated data, such as confidential customer and business information, accounts for 39% of data policy violations.
Retailers’ Response to Security Risks
In response to these security risks, a growing number of retailers are banning apps they deem too risky. The app most frequently finding itself on the blocklist is ZeroGPT, with 47% of organizations banning it over concerns it stores user content and has even been caught redirecting data to third-party sites. Retailers are also moving towards more serious, enterprise-grade generative AI platforms from major cloud providers, which offer greater control and allow companies to host models privately and build their own custom tools.
Cloud Security Hygiene
The threat isn’t just from employees using AI in their browsers. The report finds that 63% of organizations are now connecting directly to OpenAI’s API, embedding AI deep into their backend systems and automated workflows. This AI-specific risk is part of a wider, troubling pattern of poor cloud security hygiene. Attackers are increasingly using trusted names to deliver malware, knowing that an employee is more likely to click a link from a familiar service.
Conclusion
The retail industry’s adoption of generative AI is a double-edged sword. While it offers many benefits, it also creates a massive new surface for cyberattacks and sensitive data leaks. Retailers must act decisively to gain full visibility of all web traffic, block high-risk applications, and enforce strict data protection policies to control what information can be sent where. Without adequate governance, the next innovation could easily become the next headline-making breach.
FAQs
Q: What percentage of retail organizations are using generative AI applications?
A: 95% of retail organizations are using generative AI applications.
Q: What is the most popular generative AI tool in retail?
A: ChatGPT is the most popular generative AI tool in retail, used by 81% of organizations.
Q: What is the most common type of data exposed in generative AI apps?
A: The most common type of data exposed is the company’s own source code, making up 47% of all data policy violations in GenAI apps.
Q: How are retailers responding to security risks associated with generative AI?
A: Retailers are banning apps they deem too risky, moving towards enterprise-grade generative AI platforms, and enforcing strict data protection policies.
Q: What is the biggest weakness of generative AI tools?
A: The ability of generative AI tools to process information is also their biggest weakness, as it creates a risk of sensitive data being exposed.
