Enterprise Security Challenges and Risks from AI Adoption
The rapid integration of artificial intelligence into enterprise operations is fundamentally altering the cybersecurity landscape. AI is now embedded in core business workflows, infrastructure, and decision-making processes, expanding the attack surface and introducing new exposure points in data, models, applications, and infrastructure. Security leaders are grappling with governance gaps, especially as agentic AI systems move from pilot to production, and are seeking new standards and controls to manage the risks of autonomous agents and application-to-application access. The need for robust data governance, updated identity and access management, and resilient infrastructure is driving a major IT transformation, with increased spending and a focus on AI-enabled security solutions. Industry experts and CISOs emphasize the importance of adapting security strategies to address the unique challenges posed by AI, including the concentration of sensitive data, the risk of model manipulation, and the complexity of AI-driven environments.
Security vendors and analysts highlight the inadequacy of traditional security practices in the face of AI-driven threats, calling for the elimination of outdated controls and the adoption of new standards such as those proposed by Okta for managing OAuth permissions for AI agents. The evolving role of the CISO, the rise of zero trust as a business necessity, and the persistent importance of the human element in defense are recurring themes. Predictions for 2026 underscore the urgency for enterprises to refresh IT infrastructure, strengthen data governance, and prepare for a future where AI agents operate autonomously across interconnected systems, requiring continuous adaptation of security policies and controls to mitigate emerging risks.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
Deloitte report says enterprise AI has broken traditional security models
A Deloitte report described how rapid enterprise AI adoption has expanded attack surfaces across data, models, applications, infrastructure, and agentic AI systems, often without sufficient governance. It urged organizations to integrate security early, use controlled pilots, and coordinate more closely across CISO, CIO, CTO, and CDO roles.
Major SaaS vendors emerge as early IAAG adopters
Google, Amazon, Salesforce, Box, and Zoom were identified as early adopters of the draft IAAG standard, signaling initial industry support for centralized IAM oversight of AI-agent and application access. The effort remains in draft form and still requires broader SaaS integration and adoption.
Okta and partners propose IAAG standard for AI agent access control
Okta, working with the IETF and partners including Microsoft and Ping Identity, proposed the Identity Assertion Authorization Grant (IAAG), a draft open standard to improve OAuth-based delegated access. The model shifts consent and control to organizational IAM systems to give enterprises better visibility, policy enforcement, and deprovisioning for AI agents and app-to-app access.
Frank Wang publishes cybersecurity modernization wishlist
Frank Wang called for the security industry to modernize by dropping outdated practices such as mandatory password rotation, security questions, and ineffective awareness training. He advocated for engineering-driven security, tool consolidation, compliance aligned to real risk, and a more collaborative, business-enabling security culture.
Security leaders outline 2026 priorities from 2025 lessons
Cloudflare's Connectivity Cloud Podcast compiled 2025 insights from CISOs and security experts to forecast 2026 trends, highlighting AI's impact, the CISO's shift toward business leadership, zero trust as a business necessity, and persistent regulatory complexity. The discussion framed 2026 security strategy around transformation, resilience, and practical risk management.
Industry and analysts forecast AI-driven IT refresh in 2026
Analysts and executives projected that 2026 would bring a major enterprise IT infrastructure refresh cycle driven by AI adoption, hybrid cloud evolution, and hybrid work. Forecasts cited include IDC expecting 10% IT spending growth and Gartner projecting worldwide IT spending to reach $6.08 trillion in 2026.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
AI breaks the old security playbook
helpnetsecurity.com
Open sourceThe coming AI agent crisis: Why Okta's new security standard is a must-have for your business
zdnet.com
Open sourceEnterprises Gear Up for 2026’s IT Transformation
darkreading.com
Open sourceMy Christmas Security Wishlist
franklyspeaking.substack.com
Open sourceCybersecurity Predictions 2026: What Security Leaders Learned in 2025
securitysenses.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
Enterprise Security Challenges and Frameworks for AI Adoption
The rapid integration of AI technologies into enterprise environments is introducing new security challenges that traditional controls are not equipped to handle. Organizations are grappling with how to secure AI models, data, and autonomous agents, as well as how to operationalize AI security across the entire lifecycle. Security leaders emphasize the need for clear frameworks that address the unique risks posed by AI, including misconfigurations, configuration drift, and the importance of focusing on outcomes rather than simply adding more tools or dashboards. Efficiency, automation, and prioritization are highlighted as critical factors in reducing real risk, with a shift from compliance-driven approaches to measurable security outcomes. Industry experts stress that many organizations are "over-tooled but under-protected," with operational blind spots and unused controls creating exposure long before sophisticated attacks occur. The conversation around AI in security is moving beyond tool acquisition to ensuring that existing capabilities are properly configured and operationalized. This evolving landscape requires security teams to rethink governance, data protection, and the deployment of AI-enabled solutions, with a focus on practical frameworks and exposure management to address the complexities of modern enterprise environments.
Mar 21, 2026
AI-Driven Cybersecurity Risks and Strategies for Enterprise Defense
Artificial intelligence is rapidly transforming both the threat landscape and defensive strategies in cybersecurity, prompting CISOs and security leaders to rethink their approaches. A global study by Gigamon found that 86% of CISOs now view metadata and packet-level data as essential for detecting threats in complex hybrid cloud environments, but 97% admit to making trade-offs that leave visibility gaps. The rise of AI-driven attacks is fueling demand for real-time visibility and observability tools, with 75% of CISOs regarding public cloud as their highest security risk and 73% considering moving workloads back to private clouds. Security teams are investing heavily in AI-specific security tools, with 73% of companies spending over $1 million annually, yet 70% cite the rapid pace of AI development as their top concern. Recent high-profile breaches, such as those at LexisNexis Risk Solutions and McLaren Health Care, illustrate the increasing scale and sophistication of attacks, often amplified by AI. AI is accelerating the reconnaissance phase of attacks, enabling adversaries to map environments and identify vulnerabilities with unprecedented speed and precision, though human direction remains necessary for effective exploitation. The proliferation of AI-generated code, including through practices like 'vibe coding,' introduces new risks as less experienced developers may overlook security fundamentals, leading to insecure applications. Agentic AI systems, which act autonomously or on behalf of users, present urgent challenges in authentication, authorization, and identity management, with experts calling for scalable frameworks and robust credentials to prevent security lapses. CISOs are urged to build security into the design phase of software development, leveraging platform-native controls and enforcing policies like Row Level Security to minimize risk. The integration of AI into security operations is seen as both an opportunity and a challenge, requiring adaptive access solutions, post-quantum cryptography, and continuous monitoring. As AI reshapes digital transformation, organizations must balance the benefits of rapid innovation with the imperative to secure their environments against increasingly sophisticated, AI-powered threats. The consensus among experts is that security must evolve in tandem with AI capabilities, emphasizing proactive risk management, cryptographic agility, and a culture of security awareness across all levels of the organization.
Mar 21, 2026
AI Governance and Security Challenges in Enterprise Environments
Enterprises are facing a critical inflection point as artificial intelligence becomes deeply embedded across organizational layers, fundamentally altering cyber risk and security postures. Research from industry leaders and the Cloud Security Alliance highlights that mature governance frameworks are now the primary differentiator for organizations confident in their ability to secure AI systems. As AI agents and machine identities proliferate, traditional identity and access management models are proving inadequate, with identity emerging as the new control plane for managing AI risk. The rapid adoption of AI, often without sufficient oversight, is creating new blind spots, expanding attack surfaces, and introducing risks such as shadow AI, where unsanctioned tools and agents operate outside established security controls. Security teams are increasingly involved in AI adoption, leveraging AI for detection, investigation, and response, but the lack of comprehensive governance and workforce training remains a significant barrier. The convergence of AI with other technologies, such as blockchain and cryptocurrency, is also driving the emergence of autonomous financial systems and agentic payments, further complicating the security landscape. Success in this new paradigm requires balancing innovation with robust accountability, ensuring that AI-driven systems are auditable and governed rather than left to unconstrained automation. As organizations move from experimentation to operational deployment of AI, the need for continuous, data-aware identity security and formal governance policies is paramount to mitigate risks, ensure compliance, and maintain confidence in AI-enabled operations.
Mar 21, 2026