Enterprises neglect AI security – and attackers have noticed
Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.
The findings come from Big Blue's Cost of a Data Breach Report 2025 report, which shows that AI-related exposures currently make up only a small proportion of the total, but these are anticipated to grow in line with greater adoption of AI in enterprise systems.
Based on data reported by 600 organizations globally between March 2024 and February 2025, IBM says 13 percent of them flagged a security incident involving an AI model or AI application that resulted in an infraction.
About a third of those that experienced a security incident involving their AI suffered operational disruption and saw criminals gain unauthorized access to sensitive data, while 23 percent said they incurred financial loss as a result of the attack, with 17 percent suffering reputational damage.
Supply chain compromise was the most common cause of those breaches, a category that includes compromised apps, application programming interfaces (APIs), and plug-ins. The majority of organizations that reported an intrusion involving AI said the source was a third-party vendor providing software as a service (SaaS).
