Companies are deploying AI faster than they can secure it.
Nearly eight in ten enterprises reported encountering AI-related security issues over the past six months, according to new research from security firm DigiCert, which surveyed 1,001 IT and cybersecurity leaders across the US, UK, and Australia.
Approximately 50% of respondents experienced at least one security incident caused by an unauthorized or misconfigured AI agent, while another 28% identified AI-related vulnerabilities without experiencing an incident, a spokesperson from DigiCert told The Deep View. Science and technology organizations reported the highest rate of AI-related incidents or vulnerabilities, followed by banking, financial services and insurance, telecommunications and media, and retail.
While companies weren't asked to identify specific incidents they experienced, Brian Trzupek, DigiCert’s senior vice president of product, said that unauthorized or misconfigured AI agents can pose a range of security risks, including prompt injection attacks, data poisoning, unauthorized access to sensitive systems, and a lack of traceability. “AI agents are non-human actors operating at machine speed, and most enterprises haven't extended the identity, authentication, and audit controls they already require of every user, device, and application to cover them,” Trzupek told The Deep View.
The risks are outpacing companies' ability to manage them. While 90% of organizations have discussed AI governance, only half have dedicated budgets and formal governance programs in place, according to the study. Nearly half also lack full visibility into how AI systems arrive at their outputs, making it difficult to trace which model produced a decision or investigate what went wrong.
The potential for unintended consequences is becoming more urgent as companies accelerate AI adoption. Over the past six months, 75% of organizations deployed four or more AI-powered systems, while 35% deployed more than 10. As AI becomes embedded across business operations, every new model, agent, and integration introduces new security risks. Without stronger governance, companies could face legal, regulatory, operational, and reputational repercussions.
The report argues that enterprises need stronger identity and governance controls, including the ability to verify AI identities, audit AI decisions, and trace outputs back to the underlying models and data. Companies appear to be moving in that direction, with 86% reporting that they have formal or informal processes for revoking access to compromised AI systems.
“Without governance, organizations lose the ability to answer basic questions: what AI is running, what it can access, and who is accountable when it fails,” Trzupek said.
Our Deeper View #
Enterprises adopting AI have stepped into uncharted territory. Before AI, companies were already dealing with a slew of vulnerabilities and cyberattacks. Now, AI has only added to the challenges as the threat landscape evolves. Companies must not only prevent their AI systems from leaking proprietary data, but also protect them from exploitation by bad actors. And that only scratches the surface. As AI advances, threat actors are becoming more sophisticated, potentially opening the door to new attacks that haven't yet been discovered. If companies are serious about baking AI into their workflows, security and governance will have to become a higher priority.