SecurityBrief India - Technology news for CISOs & cybersecurity decision-makers
India
Most firms hit by AI security incidents, study finds

Most firms hit by AI security incidents, study finds

Fri, 3rd Jul 2026 (Today)
Sean Mitchell
SEAN MITCHELL Publisher

AvePoint has published research showing that 88.4% of organisations suffered at least one AI-related security incident in the past year. The study surveyed 750 enterprise leaders across the Americas, EMEA and APAC.

The findings point to a widening gap between the pace of AI adoption and the controls organisations have in place to manage it. Nearly half of employees, 46.9%, now use AI agents daily or weekly, yet many organisations still lack clear oversight of how those tools are being used.

One in five respondents, 21.1%, said they could not determine whether staff were using unsanctioned tools to create AI agents. In generative AI, that lack of visibility also grew sharply, with the share of organisations unable to tell whether employees were using unauthorised tools rising to 17.6% from 6.3% a year earlier.

The survey also found a gap between executive confidence and actual outcomes. While 82.7% of respondents said they were very or extremely confident in their ability to prevent unauthorised AI data access, incidents remained widespread even among that group.

Among those who described themselves as very confident, 72% reported an unauthorised access incident in the past 12 months. Among those who said they were extremely confident, 62% also reported such an incident.

Deployment delays

Security concerns are also affecting implementation timelines. The research found that 86.9% of organisations delayed generative AI deployments by an average of nearly six months because of data security concerns.

The pattern was much the same for AI agents. Some 86% of organisations said they had delayed deployments, suggesting that internal governance and data management issues are proving as significant as the underlying AI systems themselves.

The data problem appears to be growing as AI produces more of the information companies store and use. On average, 35.5% of enterprise data is now AI-generated, while 84.1% of organisations surveyed said they manage at least one petabyte of data.

That combination creates additional risk when AI systems rely on content that may be redundant, outdated or poor quality. Governance failures can multiply quickly when AI tools consume and act on that material at scale, the report warned.

Investment shift

Despite the high rate of incidents, the findings indicate that organisations are responding with new spending plans. Securing data used for AI training ranked as the top future investment priority, cited by 79.5% of respondents.

Planned spending over the next 12 months also focused on third-party governance tools that monitor AI agent actions for policy compliance. At the same time, the proportion of organisations doing nothing to address AI security concerns fell to 2.5% from 8.3%.

Chris Shaw, Channel Director for UK and Ireland at AvePoint, said the figures reflected weaknesses in long-standing information management practices rather than problems created by AI alone.

"These days, everyone talks about how powerful AI has become, which is of course true, but this discourse has largely distracted from the fact that many organisations face basic data protection and governance issues that are exposing them to serious risks.

"The acceleration of AI has exposed and amplified gaps in existing data protection frameworks that organisations need to fix urgently before they adopt these new tools. Almost nine in 10 organisations have experienced an AI-related breach in the last year, according to our research. That's a startling figure that really shows the scope of the problem."

John Peluso, Chief Technology Officer at AvePoint, said organisations should not treat confidence levels as a reliable measure of preparedness.

"Trust in AI cannot be measured by confidence alone.

"It requires operational foundations: visibility into what AI systems are doing, enforceable governance over the data they consume and create, and the ability to audit and correct outcomes when something goes wrong. This is what distinguishes a trust layer from a trust score."

The survey was conducted with Osterman Research and covered respondents with direct responsibility for information management, data security or AI programmes. The results suggest that many large organisations have moved quickly to put AI tools in employees' hands, but have been slower to build the controls needed to track use, manage data exposure and investigate incidents.

AvePoint Chief Executive Officer and Co-Founder Dr Tianyi Jiang said the main constraint facing companies was no longer access to AI models, but the systems required to govern them.

"Nearly half of global employees are already relying on AI agents weekly or daily, and organisations are deploying agents faster than they are building the foundations required to trust them.

"The constraint on enterprise AI is no longer model capability, but whether organisations have built a trust layer: the data visibility, governance and enforceable control required to scale AI with confidence. Without it, speed of deployment becomes speed of exposure."