Netskope EU report: 12% of AI data leaks are credentials, 15% are source code

The Netskope Threat Labs Report: Europe 2026 lands with a useful breakdown for anyone building AI tools that handle organizational data. Policy violations across European workplaces split as 59% regulated data, 15% source code, 13% intellectual property, 12% passwords and API keys. The credential and code numbers are the ones builders should mark — together they are more than a quarter of all observed AI data leaks, and they are the leak surface for any agent stack handing tokens or pulling private repos.

Adoption shifted hard over the past year per the same report. Active AI users moved from 35% to 65% of European employees. Personal-account use dropped from 79% to 43% while organization-managed AI climbed from 28% to 72%. The 7% to 15% jump in users running both personal and enterprise accounts in parallel is the persistent shadow-AI surface — people switch back to personal when the org tool blocks something. Tool ranking inside the enterprise: ChatGPT, then Claude (which passed Gemini in September 2025), then Gemini, then Mistral Le Chat. The most blocked applications were Particular Audience (44%), ZeroGPT (37%), and DeepSeek (36%) — the first two being detection-evasion tools, the third the geopolitical signal in EU enterprise AI policy.

The ecosystem read: enterprise AI is consolidating onto org-managed identity faster than the conversation suggests, but the leak vectors are also concrete enough now to target. If you ship an enterprise AI tool, the work is no longer "convince them to adopt" but "be the tool that doesn't leak credentials or code." For the agent stack specifically, the 12% credentials number is a flag — secrets in prompts are routine enough that any agent doing tool-use needs scoped token issuance and audit logs from day one, not as a Series B feature. Source-code leaks via coding assistants are the other concrete vector, and the Netskope numbers don't break out which coding tools — Cursor, Copilot, Cody, Claude Code — sit where in the violation pile, which is the next data the field needs.

If you ship AI tools to enterprises Monday morning: instrument what data category your tool sees, default to OAuth/SSO with audit logging, and never store user-provided secrets in prompt history. If you ship agent infra: assume ~12% of inbound prompts contain credentials your customer would consider a violation.