Shadow AI gap check.
Netskope found 183 sensitive data incidents per 10,000 users per month in enterprise AI tools — across 1.7 million users. How many of yours can your security stack actually see?
Takes 2 minutes. No sign-up required.
What the research found.
Netskope Threat Labs analysed AI tool usage across 1.7 million enterprise users in 70 organisations. Source code was the most common sensitive data shared with ChatGPT — at 158 incidents per 10,000 users per month. Credentials, PII, and regulated data made up the remainder, bringing the total to 183 incidents per 10,000 users per month.
These are not one-off accidents. They reflect the normal pattern of how employees use AI tools to get work done — pasting code for debugging, customer data for drafting responses, internal documents for summarisation. The risk is structural, not behavioural.
Source: Netskope Threat Labs, July 2023 · 1.7M users · 70 enterprise organisations
Check your coverage.
Estimates are based on Netskope's research. Coverage percentages reflect structural limitations of each control type — not product quality or configuration.
Step 1
How many employees regularly use AI tools?
Include ChatGPT, Claude, Gemini, Copilot — any browser-based AI assistant.
Estimated 9 sensitive data incidents / month based on Netskope Threat Labs data (183 per 10,000 users across 1.7M enterprise users, 2023).
Step 2
Which controls do you currently have in place?
Check everything that applies to your current security stack.
Your result
Select your controls above to see your actual coverage estimate.
Coverage matrix
Why each control leaves gaps — regardless of how it is configured.
| Control | Personal account | Off-network / home | Prompt content visible | New AI tool |
|---|---|---|---|---|
| Network DLP / CASB | Gap | Gap | Gap | Partial |
| TLS-inspection proxy | Partial | Gap | Partial | Partial |
| Enterprise AI platform | Gap | Partial | Gap | Gap |
| Acceptable use policy | Gap | Gap | Gap | Gap |
| Browser-level detection | Covered | Covered | Covered | Partial |
Coverage estimates are structural — based on where each control operates in the data flow, not on product configuration.
How the estimates work.
Incident estimate:Netskope's 183 incidents per 10,000 users per month is applied linearly to your user count. The real number for your organisation will vary based on industry, AI tool adoption rate, and the types of work your team does. This is an order-of-magnitude estimate, not a precise audit.
Coverage estimates: Each control is rated by the fraction of the total incident pool it can structurally reach. Network DLP and acceptable-use policies are rated at 0% not because they are poorly implemented, but because TLS encryption means prompt content is never visible to network-layer tools. TLS-inspection proxies are rated at ~35% because they only cover managed devices on the corporate network. Browser-level detection is rated at ~80% because it operates before the request is sent, covering managed devices across any network or account type.
Coverage stacking:Controls don't simply add — the calculator uses the maximum coverage of your selected controls, since they largely cover the same scenarios (managed, on-network). A TLS proxy plus network DLP does not give you 35% + 0% = 35%; it gives you 35%.