Palo Alto Networks, a leading AI cybersecurity company, has released its State of Generative AI 2025 report, which reveals a staggering 890% surge in Generative AI traffic in 2024 driven by the rapid adoption of GenAI tools in enterprise environments. While AI growth offers significant productivity benefits, the report warns that unsanctioned usage, emerging threats, and a lack of governance have rapidly expanded the attack surface for organisations, particularly across the Asia-Pacific and Japan region.
Enterprises have been quick to embrace GenAI for use cases ranging from writing assistants and coding platforms to customer support and enterprise search. However, this widespread adoption is outpacing many organisationsโ ability to implement appropriate security controls. On average, organisations are now managing 66 GenAI applications in their environments, with 10% classified as high-risk.
The Asia-Pacific and Japan region is experiencing a significant acceleration in adopting AI and GenAI technologies. According to IDC, AI investments in the region are projected to reach $110 billion by 2028, growing at a compound annual growth rate (CAGR) of 24%. This growth rate underscores the urgent need for a strong AI governance framework and security measures tailored to the region’s diverse regulatory landscapes and technological advancements.
โAI adoption offers transformative opportunities across both commercial and government sectors in the region. But as this report highlights, we are also seeing an expanding attack surface, particularly with the use of high-risk GenAI applications in critical infrastructure sectors,โ said Tom Scully, Director and Principal Architect for Government and Critical Industries, Asia Pacific & Japan, at Palo Alto Networks. โOrganisations must balance innovation with strong governance, adopting security architectures that account for AIโs unique risks. From shadow AI and data leakage to the more complex threats posed by agentic AI models. Proactive oversight and adaptive security controls are essential to ensuring that the benefits of AI are fully realised without compromising national security, public trust, or operational integrity.โ
The 2025 State of GenAI report, based on traffic analysis from 7,051 global enterprise customers, provides an in-depth look into how enterprises are adopting GenAI and where they remain most vulnerable.
Key findings of the 2025 Generative AI traffic Security Report include:
- Exponential growth in GenAI adoption: GenAI traffic increased more than 890% in 2024. Following the release of DeepSeek-R1 in January 2025, DeepSeek-related traffic alone spiked by 1,800% within two months.
- Rising data loss incidents: GenAI-related data loss prevention (DLP) incidents more than doubled, now accounting for 14% of all data security incidents.
- Shadow AI emerges as a key risk: Unauthorised, unsanctioned GenAI use, termed โShadow AIโ, has created blind spots for IT and security teams, making it difficult to control sensitive data flows.
- Critical infrastructure and government sectors face elevated risks: Many high-risk AI models remain susceptible to jailbreak attacks that produce unsafe content, including offensive material and instructions for illegal activities.
- Industry-specific insights: Technology and manufacturing sectors alone account for 39% of AI coding transactions, creating additional risk for industries that depend on proprietary intellectual property.
The report also offers best practice recommendations for businesses seeking to safely harness the potential of GenAI:
- Establish visibility and control: Gain comprehensive oversight of GenAI app usage, implement conditional access policies, and manage permissions at the user and group level.
- Safeguard sensitive data: Deploy real-time content inspection with centralised policy enforcement to detect and prevent unauthorised data exfiltration.
- Defend against AI-driven threats: Implement Zero Trust security architectures to mitigate modern cyberthreats, malware, and sophisticated AI-powered attacks.
Data for this report was derived from Palo Alto Networksโ analysis of GenAI traffic across a global customer base of 7,051 organisations throughout 2024.
To download the full report, please visit:
https://www.paloaltonetworks.com/resources/research/state-of-genai-2025