- Only one in five companies encrypts their AI data, the report shows
- Vulnerabilities come from within – not from AI models
- Half of the companies rely on guidance to do the bare minimum
With 89% of organizations now running or piloting AI workloads, research from Tenable warns of an “AI exposure gap” where security practices may not keep pace with progress.
To date, one in three (34%) AI adopters have already experienced an AI-related breach, but Tenable says these breaches are largely due to the companies involved rather than the AI technologies.
Instead of sophisticated model attacks, vulnerability exploits are most common, suggesting that Tenable’s “AI exposure gap” is already a reality.
Security practices do not come with AI
Only 22% of organizations surveyed said they fully classify and encrypt AI data, leaving 78% (or four out of five) and leaving it accessible in the event of an attack.
Software vulnerabilities (21%) and insider threats (18%) were among the top three causes of breaches, but Tenable also acknowledged that errors in AI models (19%) can also pose a risk.
“The real risks come from well-known exposures – identity, misconfigurations, vulnerabilities – not science-fiction scenarios,” explained director of product and research Liat Hayun.
This comes from companies scaling AI faster than they can secure it, leaving visibility across systems fragmented. As a result, companies tend to use reactive defenses to pick up the pieces rather than securing systems in advance of an attack.
And that’s exactly how Tenable says companies should go about closing the “AI exposure gap.”
Currently, around half (51%) rely on the NIST AI Risk Management Framework or the EU AI Act to guide their strategies, suggesting they may be doing the bare minimum.
Only one in four (26%) perform AI-specific security tests such as red-teaming.
Tenable advises companies to prioritize basic controls such as identity management, misconfiguration monitoring, workload hardening and access control, ultimately resulting in compliance being the starting point of a strong security posture – not the be-all and end-all.
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews and opinions in your feeds. Be sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, video unboxings, and get regular updates from us on WhatsApp also.
