Enterprise AI Security Risks Driven by Shadow AI Adoption and Rapid Exploitability
Multiple reports highlighted escalating enterprise AI security risk driven by rapid adoption, weak governance, and widespread shadow AI use. Zscaler research reported that 90% of tested enterprise AI systems had critical vulnerabilities discoverable in under 90 minutes, with a median 16 minutes to first critical failure, enabling fast data loss and defense bypass; the same reporting noted sharp growth in AI/ML activity across thousands of apps and rising corporate data transfers into AI tools such as ChatGPT and Grammarly. Separately, CSO Online reported that roughly half of employees use unsanctioned AI tools and that enterprise leaders are significant contributors, reinforcing the risk that sensitive data and workflows are being exposed outside approved controls.
Governance and control gaps were further underscored by coverage of NIST AI guidance pushing organizations to expand cybersecurity risk management to AI systems, and by reporting on AI infrastructure abuse (criminals hijacking/reselling AI infrastructure) and Hugging Face infrastructure being abused to distribute an Android RAT at scale. Several other items in the set were not about enterprise AI risk specifically, including a ShinyHunters vishing campaign, critical RCE flaws in the n8n automation platform, an article on the EU’s alternative to CVE and potential fragmentation, a piece on a startup’s Linux security overhaul, and an opinion column on human risk management; these are separate topics and should not be treated as part of the same AI-risk story.
Get ahead of threats like this
Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
How this story unfolded
6 events from the most recent confirmed update back to the earliest known activity.
BlackFog research finds shadow AI use is widespread in businesses
Research reported on February 2, 2026 found 58% of workers use unapproved AI tools and 63% believe doing so without IT approval is acceptable. The findings highlighted risks from employees sharing sensitive business data with public or unsanctioned AI services.
Hugging Face infrastructure reportedly abused to spread Android RAT
On January 30, 2026, reporting said Hugging Face infrastructure was abused in a large-scale malware campaign to distribute an Android remote access trojan. The item identified the activity as a mobile malware and endpoint security concern.
Critical RCE flaws in n8n automation platform reported
A January 29, 2026 news item flagged critical remote code execution vulnerabilities in the n8n automation platform that could enable host-level compromise. The disclosure raised concern about the security impact on organizations using the platform.
Reports highlight widespread employee use of unsanctioned AI tools
Late-January 2026 reporting said roughly half of employees were using unapproved AI tools for work, with enterprise leaders also identified as major contributors. The issue was presented as a growing governance and data exposure risk for businesses.
Zscaler reports enterprise AI systems can be breached in under two hours
Research cited on January 29, 2026 found that 90% of assessed enterprise AI systems had critical vulnerabilities discoverable in under 90 minutes, with a median time to first critical failure of 16 minutes. The report warned that rapid enterprise AI adoption is creating machine-speed attack paths and recommended zero trust controls.
NIST AI guidance highlighted for expanding cybersecurity governance
Coverage in late January 2026 emphasized new NIST guidance on AI and its implications for cybersecurity governance and risk management. The reporting framed the guidance as pushing cybersecurity boundaries for organizations adopting AI.
Related entities
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
Sources
5 references tracked. Mallory keeps watching after this page renders.
Shadow AI use poses significant risk to businesses, new research reveals | SC Media
scworld.com
Open sourceHugging Face infra abused to spread Android RAT in a large-scale malware campaign | CSO Online
csoonline.com
Open sourceZscaler: Enterprise AI systems can be breached in under 2 hours | SC Media
scworld.com
Open sourceRoughly half of employees are using unsanctioned AI tools, and enterprise leaders are major culprits | CSO Online
csoonline.com
Open sourceNIST’s AI guidance pushes cybersecurity boundaries | CSO Online
csoonline.com
Open sourceSee the full picture, correlated to your attack surface.
Map indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.
Related stories
Other stories Mallory is tracking that overlap on entities, sources, or topic labels.
AI Adoption Outpacing Security Governance and Increasing Enterprise Risk Exposure
Enterprises’ rapid deployment of **AI and agentic AI** is increasingly creating measurable security and business risk, including direct exposure of sensitive personal data and downstream impacts on risk transfer. A widely cited example involved McDonald’s *McHire* applicant-screening platform (built by *Paradox.ai*), where researchers reported a trivial backend credential weakness (`123456` as both username and password) and no MFA, potentially exposing data tied to roughly **64 million** applicants; the incident is being used by insurers and risk teams as evidence that AI adoption is moving faster than security and governance, contributing to tighter cyber-insurance language, higher premiums, and **AI-related exclusions**. Separate reporting also highlighted that “plug-and-play” AI is unrealistic at enterprise scale, with organizations increasingly needing custom integration and operational ownership rather than relying on off-the-shelf tools. Threat reporting during the same period reinforced that AI is expanding both attacker capability and the attack surface: researchers described **Pakistan-linked APT36** using AI coding tools to generate high volumes of low-quality malware variants (including in less common languages) and to leverage legitimate cloud services for command-and-control, complicating detection. Additional research flagged **AI-themed browser extensions** (Chrome/Edge) that impersonate legitimate tools and can harvest LLM chat histories and browsing activity, underscoring the risk of “shadow AI” and unvetted add-ons. In parallel, routine threat-intelligence summaries continued to track major incidents (e.g., ransomware and data breaches) alongside AI-enabled tactics, indicating that AI risk is becoming intertwined with broader enterprise security exposure rather than remaining a standalone technology concern.
Mar 21, 2026
AI Adoption and Misuse Expands Enterprise and Cybercrime Risk
No single incident ties the reporting together; the dominant theme is **AI’s expanding role in both enterprise operations and criminal tradecraft**, alongside broader, non-AI security trend commentary. A Docker-sponsored survey reported by *Help Net Security* says **60% of organizations run AI agents in production**, but **security/compliance is the top scaling barrier (40%)**, with recurring concerns including *prompt injection*, *tool poisoning*, runtime isolation/sandboxing, auditability, and credential/access control in distributed agent systems. Separately, forum-traffic research summarized by *Help Net Security* found cybercriminals increasingly using mainstream and local AI models to support phishing, code generation, and social engineering, with frequent discussion of jailbreaking and the use of stolen/resold premium AI accounts. Several other items are adjacent but not about the same specific story: an ESET article provides **generic guidance** on detecting **AI voice deepfakes** used for fraud; an Ars Technica piece covers **copyright/data memorization** risks in LLMs; and multiple outlets publish broader security trend or opinion content (quantum preparedness, ransomware targeting manufacturing, Romanian warnings about ransomware aligning with Russian hybrid aims, ATM jackpotting increases, and a Check Point retrospective). Some entries are primarily **commentary, historical analogy, newsletters, or how-to recon guidance** rather than new threat reporting, and should be treated as lower-signal for executive situational awareness unless your organization is actively deploying agentic AI or tracking AI-enabled fraud/social engineering.
Mar 21, 2026
Enterprise Risk From Unsanctioned and Over-Permissive AI Tooling
Security leaders are warning that rapid adoption of AI tools—often outside formal governance—creates expanding blind spots and increases the likelihood of **data leakage** and operational incidents. A webcast discussion framed “**Shadow AIT**” as the AI-era evolution of shadow IT, highlighting that AI capabilities are frequently embedded in everyday SaaS features and browser extensions, making it difficult for organizations to accurately inventory where AI is in use and what data is being shared. The panel cited a cautionary example involving *Replit* where insufficient controls around an AI agent reportedly contributed to a production database deletion, underscoring that agentic workflows can translate governance gaps into real outages. Separately, reporting on *Google Vertex AI* raised concerns that **permissions and access control design** in AI platforms can amplify **insider-risk** scenarios if roles, entitlements, and auditability are not tightly managed—particularly where AI services can access or act on sensitive datasets. Commentary-style content also broadly discusses “cognitive AI” and future-facing architectures, but without tying to a specific incident or disclosure; the actionable takeaway across the relevant items is to treat AI enablement as an identity, data-governance, and monitoring problem (inventory AI usage, constrain permissions, and instrument logging) rather than a purely productivity tooling decision.
Mar 21, 2026