'The question is no longer whether organisations should adopt AI. It's whether they can explain, govern and trust the AI they've already deployed': Many companies deploying AI often end up with much bigger security issues

Hands typing on a tablet with AI superimposed in text in front
(Image credit: Getty Images)

  • 75% have deployed 4+ AI tools in the past six months, 35% have deployed 10+ tools
  • This is despite four in five experiencing AI security incidents or vulnerabilities
  • Governance and dedicated security budgets could be part of the answer

New DigiCert data has claimed four in five (78%) organizations have either experienced an AI-related security incident or have identified an AI-related vulnerability, despite ongoing AI investments and increased adoption.

Despite uncertainty around security, three-quarters of the companies surveyed have deployed four or more AI tools in the past six months alone, with a third (35%) having deployed more than 10 AI systems in that same period.

With this new data, DigiCert says organizations need to treat AI like any other business system rather than an experimental toy, deeply rooting security into the entire strategy.

Latest Videos From

AI is causing a security headache for most companies

While discussions are clearly taking place, fixes are slow to roll out. For example, 90% have discussion AI governance at executive or board level, but only 50% have implemented both dedicated AI security budgets and formal AI governance programs.

Following years of pilots, two-thirds (64%) have now started logging AI inventories, implying they're still discovering what AI exists across their business. Currently, nearly half lack centralized visibility into AI systems, and only 53% can fully trace AI outputs back to the underlying models and source data.

"The question is no longer whether organisations should adopt AI. It's whether they can explain, govern and trust the AI they've already deployed," SVP Brian Trzupek explained.

While AI explainability remains pretty consistent, at around half, across multiple regions and countries like the US, the UK and Australia, some sectors see more incidents and vulnerabilities than others. Those include science, technology, banking, telecoms and retail.

Looking ahead, many companies are now trialling giving AI agents their own identities, much like human workers, to improve visibility across autonomous actions. Greater governance and stricter policies to iron out the use of unapproved tools should also help companies address some of the growing security issues as adoption continues to mature.


Google logo on a black background next to text reading 'Click to follow TechRadar'

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.

TOPICS

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.