A measurable share of organizations is now reporting security breaches involving their AI systems, according to IBM research that quantifies a risk emerging alongside rapid AI adoption. The data shows 13 percent of organizations reported breaches of AI models or applications, while another 8 percent said they did not know whether their AI systems had been compromised.

Access control gaps stand out as a central weakness. Among organizations that suffered an AI-related security incident, 97 percent reported lacking proper AI access controls, meaning they had not implemented the authentication and permission systems that limit who and what can reach AI models and the data they use.

Governance lags adoption broadly. The research found that 63 percent of organizations had no AI governance policies in place to manage AI use or prevent workers from turning to unapproved tools. That absence of oversight leaves AI systems and their training data exposed to both external attackers and internal misuse.

The attack surface is widening as AI moves into production. Separate industry data indicates that 1 in 6 breaches, about 16 percent, involved AI-driven attack techniques, with attackers most often using AI for phishing and deepfake impersonation. The combination of AI as both a target and a tool for attackers points to a new layer of security risk that many organizations have not yet addressed with controls or policy. The figures describe an environment where AI deployment is outpacing the safeguards meant to protect it.

Source: IBM Newsroom - https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls