- Only one in five companies encrypt their AI data, report finds
- Vulnerabilities come from within – not AI models
- Half of Businesses Rely on Consulting to Do the Bare Minimum
With 89% of organizations now running or piloting AI workloads, research from Tenable warns of an “AI exposure gap” where security practices may not keep up with advances.
To date, one in three AI users (34%) have already experienced an AI-related breach, but Tenable says these breaches are largely attributable to the companies involved rather than the AI technologies.
Instead of sophisticated model attacks, vulnerability exploits are most common, suggesting that Tenable’s “AI exposure gap” is already a reality.
Security practices are not keeping pace with AI
Only 22% of organizations surveyed said they fully classify and encrypt AI data, leaving 78% (or four out of five) leaving it accessible in the event of an attack.
Software vulnerabilities (21%) and insider threats (18%) were among the top three causes of breaches, but Tenable also recognized that flaws in AI models (19%) could also pose a risk.
“The real risks come from familiar exposures – identity, misconfigurations, vulnerabilities – not science fiction scenarios,” said Liat Hayun, vice president of products and research.
This is because companies are scaling AI faster than they can secure it, leaving visibility into systems fragmented. As a result, businesses tend to resort to reactive defenses to pick up the pieces rather than securing systems before an attack.
And that’s exactly how Tenable says companies should go about closing the “AI exposure gap.”
Currently, about half (51%) rely on NIST’s AI risk management framework or EU AI law to guide their strategies, suggesting they may only be doing the bare minimum.
Only one in four (26%) conduct AI-specific security testing, such as red-teaming.
Tenable advises businesses to prioritize foundational controls like identity governance, misconfiguration monitoring, workload hardening, and access management, making compliance the starting point for a strong security posture – not the end-all, be-all.
Follow TechRadar on Google News And add us as your favorite source to get our news, reviews and expert opinions in your feeds. Make sure to click the Follow button!
And of course you can too follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp Also.
