Enterprise Security Challenges and Risks from AI Adoption
The rapid integration of artificial intelligence into enterprise operations is fundamentally altering the cybersecurity landscape. AI is now embedded in core business workflows, infrastructure, and decision-making processes, expanding the attack surface and introducing new exposure points in data, models, applications, and infrastructure. Security leaders are grappling with governance gaps, especially as agentic AI systems move from pilot to production, and are seeking new standards and controls to manage the risks of autonomous agents and application-to-application access. The need for robust data governance, updated identity and access management, and resilient infrastructure is driving a major IT transformation, with increased spending and a focus on AI-enabled security solutions. Industry experts and CISOs emphasize the importance of adapting security strategies to address the unique challenges posed by AI, including the concentration of sensitive data, the risk of model manipulation, and the complexity of AI-driven environments.
Security vendors and analysts highlight the inadequacy of traditional security practices in the face of AI-driven threats, calling for the elimination of outdated controls and the adoption of new standards such as those proposed by Okta for managing OAuth permissions for AI agents. The evolving role of the CISO, the rise of zero trust as a business necessity, and the persistent importance of the human element in defense are recurring themes. Predictions for 2026 underscore the urgency for enterprises to refresh IT infrastructure, strengthen data governance, and prepare for a future where AI agents operate autonomously across interconnected systems, requiring continuous adaptation of security policies and controls to mitigate emerging risks.
Timeline
Dec 17, 2025
Deloitte report says enterprise AI has broken traditional security models
A Deloitte report described how rapid enterprise AI adoption has expanded attack surfaces across data, models, applications, infrastructure, and agentic AI systems, often without sufficient governance. It urged organizations to integrate security early, use controlled pilots, and coordinate more closely across CISO, CIO, CTO, and CDO roles.
Dec 16, 2025
Major SaaS vendors emerge as early IAAG adopters
Google, Amazon, Salesforce, Box, and Zoom were identified as early adopters of the draft IAAG standard, signaling initial industry support for centralized IAM oversight of AI-agent and application access. The effort remains in draft form and still requires broader SaaS integration and adoption.
Dec 16, 2025
Okta and partners propose IAAG standard for AI agent access control
Okta, working with the IETF and partners including Microsoft and Ping Identity, proposed the Identity Assertion Authorization Grant (IAAG), a draft open standard to improve OAuth-based delegated access. The model shifts consent and control to organizational IAM systems to give enterprises better visibility, policy enforcement, and deprovisioning for AI agents and app-to-app access.
Dec 16, 2025
Frank Wang publishes cybersecurity modernization wishlist
Frank Wang called for the security industry to modernize by dropping outdated practices such as mandatory password rotation, security questions, and ineffective awareness training. He advocated for engineering-driven security, tool consolidation, compliance aligned to real risk, and a more collaborative, business-enabling security culture.
Dec 16, 2025
Security leaders outline 2026 priorities from 2025 lessons
Cloudflare's Connectivity Cloud Podcast compiled 2025 insights from CISOs and security experts to forecast 2026 trends, highlighting AI's impact, the CISO's shift toward business leadership, zero trust as a business necessity, and persistent regulatory complexity. The discussion framed 2026 security strategy around transformation, resilience, and practical risk management.
Dec 16, 2025
Industry and analysts forecast AI-driven IT refresh in 2026
Analysts and executives projected that 2026 would bring a major enterprise IT infrastructure refresh cycle driven by AI adoption, hybrid cloud evolution, and hybrid work. Forecasts cited include IDC expecting 10% IT spending growth and Gartner projecting worldwide IT spending to reach $6.08 trillion in 2026.
See the full picture in Mallory
Mallory subscribers get deeper analysis on every story, including:
Who’s affected and how
Deep-dive technical analysis
Actionable next steps for your team
IPs, domains, hashes, and more
Ask questions and take action on every story
Filter by topic, classification, timeframe
Get matching stories delivered automatically
Sources
Related Stories
Enterprise Security Challenges and Frameworks for AI Adoption
The rapid integration of AI technologies into enterprise environments is introducing new security challenges that traditional controls are not equipped to handle. Organizations are grappling with how to secure AI models, data, and autonomous agents, as well as how to operationalize AI security across the entire lifecycle. Security leaders emphasize the need for clear frameworks that address the unique risks posed by AI, including misconfigurations, configuration drift, and the importance of focusing on outcomes rather than simply adding more tools or dashboards. Efficiency, automation, and prioritization are highlighted as critical factors in reducing real risk, with a shift from compliance-driven approaches to measurable security outcomes. Industry experts stress that many organizations are "over-tooled but under-protected," with operational blind spots and unused controls creating exposure long before sophisticated attacks occur. The conversation around AI in security is moving beyond tool acquisition to ensuring that existing capabilities are properly configured and operationalized. This evolving landscape requires security teams to rethink governance, data protection, and the deployment of AI-enabled solutions, with a focus on practical frameworks and exposure management to address the complexities of modern enterprise environments.
1 months ago
AI-Driven Cybersecurity Risks and Strategies for Enterprise Defense
Artificial intelligence is rapidly transforming both the threat landscape and defensive strategies in cybersecurity, prompting CISOs and security leaders to rethink their approaches. A global study by Gigamon found that 86% of CISOs now view metadata and packet-level data as essential for detecting threats in complex hybrid cloud environments, but 97% admit to making trade-offs that leave visibility gaps. The rise of AI-driven attacks is fueling demand for real-time visibility and observability tools, with 75% of CISOs regarding public cloud as their highest security risk and 73% considering moving workloads back to private clouds. Security teams are investing heavily in AI-specific security tools, with 73% of companies spending over $1 million annually, yet 70% cite the rapid pace of AI development as their top concern. Recent high-profile breaches, such as those at LexisNexis Risk Solutions and McLaren Health Care, illustrate the increasing scale and sophistication of attacks, often amplified by AI. AI is accelerating the reconnaissance phase of attacks, enabling adversaries to map environments and identify vulnerabilities with unprecedented speed and precision, though human direction remains necessary for effective exploitation. The proliferation of AI-generated code, including through practices like 'vibe coding,' introduces new risks as less experienced developers may overlook security fundamentals, leading to insecure applications. Agentic AI systems, which act autonomously or on behalf of users, present urgent challenges in authentication, authorization, and identity management, with experts calling for scalable frameworks and robust credentials to prevent security lapses. CISOs are urged to build security into the design phase of software development, leveraging platform-native controls and enforcing policies like Row Level Security to minimize risk. The integration of AI into security operations is seen as both an opportunity and a challenge, requiring adaptive access solutions, post-quantum cryptography, and continuous monitoring. As AI reshapes digital transformation, organizations must balance the benefits of rapid innovation with the imperative to secure their environments against increasingly sophisticated, AI-powered threats. The consensus among experts is that security must evolve in tandem with AI capabilities, emphasizing proactive risk management, cryptographic agility, and a culture of security awareness across all levels of the organization.
1 months ago
AI Governance and Security Challenges in Enterprise Environments
Enterprises are facing a critical inflection point as artificial intelligence becomes deeply embedded across organizational layers, fundamentally altering cyber risk and security postures. Research from industry leaders and the Cloud Security Alliance highlights that mature governance frameworks are now the primary differentiator for organizations confident in their ability to secure AI systems. As AI agents and machine identities proliferate, traditional identity and access management models are proving inadequate, with identity emerging as the new control plane for managing AI risk. The rapid adoption of AI, often without sufficient oversight, is creating new blind spots, expanding attack surfaces, and introducing risks such as shadow AI, where unsanctioned tools and agents operate outside established security controls. Security teams are increasingly involved in AI adoption, leveraging AI for detection, investigation, and response, but the lack of comprehensive governance and workforce training remains a significant barrier. The convergence of AI with other technologies, such as blockchain and cryptocurrency, is also driving the emergence of autonomous financial systems and agentic payments, further complicating the security landscape. Success in this new paradigm requires balancing innovation with robust accountability, ensuring that AI-driven systems are auditable and governed rather than left to unconstrained automation. As organizations move from experimentation to operational deployment of AI, the need for continuous, data-aware identity security and formal governance policies is paramount to mitigate risks, ensure compliance, and maintain confidence in AI-enabled operations.
1 months ago