- Only one in five companies encrypt their AI data, report finds
- Vulnerabilities come from within – not from AI models
- Half of companies rely on guidance to do the bare minimum
With 89% of organizations now running or piloting AI workloads, research from Tenable is warning of an “AI exposure gap” where security practices might not be keeping up with progress.
To date, one in three (34%) AI adopters have already experienced an AI-related breach, but Tenable says these breaches are largely down to the companies involved rather than the AI technologies.
Instead of sophisticated model attacks, vulnerability exploits are most common, suggesting Tenable’s “AI exposure gap” is already a reality.
You may like
Security practices aren’t keeping up with AI
Only 22% of the organizations surveyed said they fully classify and encrypt AI data, leaving 78% (or four in five) leaving it accessible in the event of an attack.
Software vulnerabilities (21%) and insider threats (18%) were among the top three causes of breaches, but Tenable did also acknowledge that AI models flaws (19%) may also pose a risk.
“The real risks come from familiar exposures – identity, misconfigurations, vulnerabilities – not science-fiction scenarios,” Product and Research VP Liat Hayun explained.
This comes from enterprises scaling AI faster than they can secure it, leaving visibility across systems fragmented. As a result, companies tend to employ reactive defences to pick up the pieces rather than securing systems ahead of an attack.
And that’s exactly how Tenable says enterprises should go about fixing the “AI exposure gap.”
Currently, around half (51%) rely on the NIST AI Risk Management Framework or the EU AI Act to guide their strategies, suggesting they may only be doing the bare minimum.
Only one in four (26%) conduct AI-specific security testing like red-teaming.
Tenable advises companies to prioritize foundational controls like identity governance, misconfiguration monitoring, workload hardening and access management, ultimately resulting in compliance being the starting point for a strong security posture – not the be all and end all.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
