72.6% of all sensitive prompts analysed in Q2 originated in ChatGPT.

1.8% of all sensitive prompts analysed in Q2 originated in Perplexity.

Of analyzed prompts and files submitted to 300 GenAI tools and AI-enabled SaaS applications between April and June, 22% of files (totaling 4,400 files) and 4.37% of prompts (totaling 43,700 prompts) were found to contain sensitive information.

The average enterprise uploaded 1.32GB of files (half of which were PDFs) to GenAI tools and AI-enabled SaaS applications in Q2. A full 21.86% of these files contained sensitive data.

7.95% of employees in the average enterprise used a Chinese GenAI tool.

535 separate incidents of sensitive exposure were recorded involving Chinese GenAI tools.

In Q2, the average enterprise saw 23 previously unknown GenAI tools newly used by their employees.

5.0% of all sensitive prompts analysed in Q2 originated in Google Gemini.

The theft of credentials via information-stealing malware has skyrocketed by 800% since the start of 2025.

2.5% of all sensitive prompts analysed in Q2 originated in Claude.

Vulnerability disclosures increased by 246% since the start of 2025.

35% of all real-world AI security incidents were caused by simple prompts.

Some prompt injection incidents led to over $100,000 in real losses without requiring any code to be written.

Generative AI (GenAI) was involved in 70% of real-world AI security incidents.

Malware was identified as the second most trafficked threat category.

Of the top five country code Top Level Domains (ccTLDs) identified as likely to be malicious, four were associated with island nations. Domains linked to the Faroe Islands (.fo) were the most prevalent, with 27% of their traffic deemed malicious. Other island nations high on this list included Grenada, Mayotte, and Wallis and Futuna.

In 40% of ransomware attacks, threat actors threatened to physically harm executives at organizations that declined to pay a ransom demand.

69% of companies victimized by ransomware paid a ransom.

In the US, 47% of companies paid ransoms multiple times.

In Singapore, the extortion threat in ransomware attacks surged to 66%, a jump of 40% and the highest among the surveyed countries.