AI-related security incidents have become near-universal among organizations deploying the technology, according to compiled enterprise security research. Surveys indicate that 86 percent of organizations experienced at least one AI-related security incident in the past 12 months, underscoring how quickly the attack surface has grown alongside adoption.

A recurring weak point is so-called shadow AI, the unsanctioned use of generative AI tools by employees outside official channels. One in five organizations reported a breach tied to shadow AI, yet only 37 percent have policies in place to manage AI use or detect shadow AI activity. That governance gap leaves many companies unable to see where corporate data is flowing into external AI tools.

Access controls are another consistent failure. Among organizations that suffered AI-related breaches, 97 percent lacked adequate AI access controls, a finding that points to immature security practices rather than uniquely sophisticated attacks. Shadow AI also carried a measurable cost, adding roughly $670,000 to the average price of an affected breach.

The data sketches a clear divide between how fast organizations are adopting AI and how slowly they are securing it. With most companies reporting at least one incident and only a minority holding formal AI policies, the figures suggest that security and governance remain the lagging elements of enterprise AI programs as deployment accelerates.

Source: Index.dev - https://www.index.dev/blog/enterprise-ai-security-risk-statistics