AI Adoption in Enterprises Outpaces Security Governance and Data Protection
Organizations are rapidly integrating AI technologies into their operations, with studies showing a significant increase in AI adoption and the implementation of AI acceptable use policies. However, despite these advances, many companies struggle to effectively classify and protect data, and governance frameworks often lag behind the pace of AI deployment. Reports highlight that while 80% of organizations have established AI use policies, only a third feel confident in their data protection measures, and over half believe their data is not yet ready for AI. This gap between adoption and governance is further exacerbated by the acceleration of data growth driven by AI, with a notable rise in organizations managing petabyte-scale datasets.
The lack of robust governance and holistic data management frameworks has led to increased risks, including the emergence of shadow identities and unmitigated security threats associated with AI tools. Experts emphasize the need for organizations to move beyond initial policy creation and embed comprehensive AI governance and dynamic data protection into their core operations. Without these measures, the benefits of AI could be undermined by vulnerabilities and operational blind spots, making it critical for security teams to proactively address these challenges as AI becomes ubiquitous in enterprise environments.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
3 events from the most recent confirmed update back to the earliest known activity.
Report says most AI-using organizations suffered data exposure in past year
The report stated that 75% of organizations using AI experienced a data exposure during the previous year, highlighting the operational security impact of weak AI governance. It also noted limited workforce AI training and called for stronger lifecycle governance, auditing, and proactive protection.
Report finds major gaps in AI data governance and protection
A 2025 report found that only about one-third of organizations effectively classify and protect their data despite growing AI use. It warned that traditional static safeguards are not keeping pace with AI-driven data risks and shadow identity exposure.
Organizations sharply expand AI acceptable use policies in 2025
By 2025, 80% of organizations had adopted an AI acceptable use policy, up from 46% in 2024, reflecting rapid enterprise AI adoption. The references present this as a broad industry shift rather than a single-company event.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
3 references tracked. Mallory keeps watching after this page renders.
Chopping AI Down to Size: Turning Disruptive Technology into a Strategic Advantage
thehackernews.com
Open sourceThree ways to build a more dynamic AI security program
scworld.com
Open sourceAI Adoption Surges While Governance Lags — Report Warns of Growing Shadow Identity Risk
securityonline.info
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise AI Adoption Outpaces Risk and Identity Governance
Enterprises are rapidly integrating artificial intelligence into their risk management and operational processes, but governance and security controls are struggling to keep pace. According to AuditBoard, more than half of organizations have implemented AI-specific tools, and many are investing in machine learning training for their teams. Despite this widespread adoption, confidence in AI systems remains uneven, with few organizations feeling prepared for the governance requirements that new AI regulations will demand. The pace of AI experimentation surged in May and June 2025, only to decline in July as acceptance rates dropped and decision times increased, highlighting volatility in adoption and a lack of robust governance structures. Many organizations find themselves in a 'middle maturity trap,' where initial enthusiasm for AI and risk frameworks fades without sustained governance and oversight. Boards that prioritize risk oversight as a regular agenda item and align on shared performance goals see more consistent progress, while others experience stagnation and last-minute compliance efforts. Control maturity is closely tied to governance, with rapid adoption of controls in some periods followed by slowdowns and only partial recoveries. As regulatory expectations expand to cover AI, cybersecurity, and environmental reporting, the ability to embed controls into daily operations will be critical for resilience. Simultaneously, the rise of autonomous AI agents with significant system privileges introduces new identity and access management challenges. These agents can execute code, handle sensitive data, and perform complex tasks without human intervention, increasing the risk of automation errors leading to major incidents. The traditional security perimeter has shifted, making identity management the central control point for modern enterprises. The 2025-2026 SailPoint Horizons of Identity Security report reveals that fewer than 40% of AI agents are governed by identity security policies, leaving a substantial gap in enterprise security frameworks. The proliferation of non-human identities and automated systems has dramatically expanded the attack surface, making organizations without comprehensive identity visibility especially vulnerable. Mature identity security practices are now seen as a strategic necessity, not just a compliance checkbox. Organizations are mapping controls to multiple frameworks, but the depth of implementation varies widely, with leading firms embedding thousands of requirements into daily operations. The convergence of rapid AI adoption, evolving risk frameworks, and the need for robust identity governance underscores the urgent need for enterprises to strengthen their risk and security postures. Without clear governance structures and comprehensive identity management, the benefits of AI could be undermined by increased exposure to operational and security risks. Boards and CISOs must ensure that risk oversight, control adoption, and identity security are integrated into the core of enterprise strategy to navigate the evolving threat landscape effectively.
Mar 21, 2026
Emerging Data Risks and Security Challenges from Enterprise AI Adoption
Enterprises are rapidly integrating artificial intelligence (AI) into their core operations, leading to a significant increase in both the scale and complexity of cybersecurity risks. Autonomous AI agents, once limited to providing suggestions, now act independently within enterprise systems, accessing sensitive data, executing transactions, and triggering downstream workflows without human oversight. These agents, often deployed by individual teams or embedded in third-party software, can inadvertently ingest confidential information, such as customer credit card data, even if the data is only briefly accessible. Unlike human users, AI agents lack contextual understanding and ethical judgment, acting continuously and at scale, which introduces a new category of 'Shadow AI' risk. Multimodal AI systems, which process multiple input streams to generate more human-like outputs, further expand the attack surface. Adversaries can exploit these systems by manipulating data inputs, such as subtly altering images or text, to deceive the AI and bypass security controls. Research has demonstrated that these attacks are not merely theoretical; adversarial manipulations can evade detection and cause significant harm, especially in critical sectors like defense, healthcare, and finance. Organizations are increasingly aware of the dangers posed by AI-augmented threats, including deepfakes and AI-driven social engineering, but many lag in implementing effective technical defenses. Surveys indicate that while a majority of firms have experienced deepfake or AI-voice fraud attempts, more than half have suffered financial losses as a result. Despite this, investment in detection and mitigation technologies remains inadequate, and many companies overestimate their preparedness. The surge in AI adoption is reflected in corporate disclosures, with over 70% of S&P 500 firms now reporting AI as a material risk, up from just 12% two years prior. Reputational and cybersecurity risks are the most frequently cited concerns, followed by legal and regulatory challenges as governments move to establish AI-specific compliance requirements. However, only a minority of corporate boards have formally integrated AI oversight into their governance structures, highlighting a gap between risk awareness and actionable governance. The lack of comprehensive frameworks for managing AI risk leaves organizations vulnerable to both technical and compliance failures. As AI becomes more deeply embedded in business processes, the need for robust governance, continuous education, and responsible-use frameworks becomes increasingly urgent. Security and governance leaders must adapt to this new frontier by developing strategies that address the unique risks posed by autonomous and multimodal AI systems. Failure to do so could result in significant financial, operational, and reputational damage as adversaries continue to exploit the evolving AI landscape.
Mar 21, 2026
AI Adoption and Risks in Enterprise Cybersecurity
A global shift is underway as artificial intelligence becomes the top investment priority for cybersecurity among organizations, according to a recent PwC survey of nearly 4,000 business and technology executives. Sixty percent of respondents indicated that AI technologies are their primary focus for cybersecurity spending in the coming year, with key use cases including threat hunting, AI agents, event detection, and behavioral analysis. This surge in AI adoption is driven in part by ongoing skills shortages, with over half of organizations prioritizing AI and machine learning tools to close capability gaps. Additionally, 38% of companies are turning to managed service providers to access the necessary AI expertise. However, the rapid integration of AI into enterprise environments is not without significant risks. New research from LayerX reveals that AI has already become the leading uncontrolled channel for corporate data exfiltration, surpassing traditional risks like shadow SaaS and unmanaged file sharing. The report highlights that 45% of enterprise employees use generative AI tools, such as ChatGPT, Claude, and Copilot, with AI accounting for 11% of all enterprise application activity. Alarmingly, 67% of AI usage occurs through unmanaged personal accounts, leaving security teams with little visibility or control over sensitive data flows. The research found that 40% of files uploaded to generative AI platforms contain personally identifiable information (PII) or payment card information (PCI), and a significant portion of these uploads are conducted via personal accounts. Traditional data loss prevention (DLP) tools are often ineffective in this context, as they are not designed to monitor or control the new channels introduced by AI tools. Experts warn that the lack of governance and oversight around AI usage in enterprises creates substantial risks, including the potential for AI agents to access sensitive data beyond their intended scope if not properly managed. The PwC survey also notes that organizations are balancing investments between proactive technologies, such as monitoring and testing, and reactive measures like incident response and recovery. As AI becomes more deeply embedded in cybersecurity operations, the need for robust governance, least-privilege access for AI agents, and updated security controls is increasingly urgent. The evolving geopolitical landscape further complicates the risk environment, making it critical for organizations to understand both the opportunities and threats posed by AI in cybersecurity. The convergence of rapid AI adoption and insufficient controls underscores the importance of immediate action to secure enterprise data and workflows against emerging AI-driven threats.
Mar 21, 2026