Security incidents tied to artificial intelligence are becoming a measurable share of corporate breaches, according to IBM's 2025 Cost of a Data Breach Report. The study found that 13 percent of organizations reported breaches of AI models or applications, while another 8 percent said they did not know whether such a compromise had occurred.

Access controls are a recurring weak point. Among organizations that experienced an AI-related security incident, 97 percent lacked proper AI access controls, and 63 percent of organizations reported having no AI governance policies to manage tools or prevent employees from using unapproved 'shadow AI' applications.

Attackers are increasingly using AI themselves. The report found that roughly one in six breaches involved attackers using AI, most commonly for phishing at 37 percent and deepfake impersonation at 35 percent.

Shadow AI accounts for a growing slice of exposure. Unapproved AI tool use was tied to 20 percent of breaches in the data, compared with 13 percent for sanctioned AI systems, underscoring how unmanaged adoption is widening the attack surface inside organizations.

Source: IBM - https://newsroom.ibm.com/2025-07-30-ibm-report-13-of-organizations-reported-breaches-of-ai-models-or-applications,-97-of-which-reported-lacking-proper-ai-access-controls