TheVortiq
Inteligencia Artificial

Enterprise AI: 78% suffer security incidents, yet adoption continues unchecked

A DigiCert study reveals that most companies deploy multiple AI tools without governance or visibility, creating critical vulnerabilities.

July 8, 2026 · 4 min read

3D rendered ai text on dark digital background

TL;DR: 78% of organizations have experienced AI-related security incidents, according to DigiCert. Despite this, 75% have deployed four or more AI tools in six months, and only half have dedicated budgets and formal governance. Lack of visibility and traceability exacerbates risks.

What happened?

A new report from DigiCert, based on a survey of 1,000 security and IT professionals globally, reveals an alarming paradox: while 78% of organizations have experienced security incidents or vulnerabilities related to artificial intelligence, the pace of adoption shows no signs of slowing. 75% have deployed four or more AI tools in the last six months, and 35% have incorporated more than ten systems in that same period. These findings come from DigiCert's study "The State of AI Security," published in March 2025 and reported by TechRadar.

The study shows that governance is advancing slowly: 90% of companies discuss the topic at the executive or board level, but only 50% have implemented dedicated AI security budgets and formal governance programs. Additionally, 64% have only just begun to inventory their AI systems, indicating that many are still discovering what tools exist within their organization. This lag in governance contrasts with the speed of adoption, which is comparable to the pace of public cloud implementation in the early 2010s, when many companies also neglected security.

Why is it important?

The lack of visibility and centralized control is critical. Nearly half of companies lack centralized visibility over their AI systems, and only 53% can fully trace outputs back to models and source data. This means that when an error or bias occurs, it is nearly impossible to identify its origin. In sectors such as science, technology, banking, telecommunications, and retail, the incidence of security issues is even higher, according to the report. For example, the banking sector reported an 82% incident rate, while retail stood at 76%.

AI security is no minor issue: 75% of companies have suffered incidents, suggesting that mass adoption without adequate controls is creating a massive attack surface. Compared to the wave of cyberattacks on critical infrastructure in 2021 (such as the Colonial Pipeline attack), AI introduces new risks, such as model manipulation or training data leakage. Moreover, AI explainability remains around 50% across all regions (US, UK, Australia), indicating that transparency remains a global challenge. Without explainability, companies cannot audit or justify their systems' decisions, exposing them to regulatory penalties under laws like GDPR or the upcoming EU AI Act.

What consequences will it have?

The tendency to treat AI as an 'experimental toy' rather than a critical business system is leading to vulnerabilities that can affect reputation, data privacy, and regulatory compliance. As AI agents acquire their own identities (something many companies are already testing, according to DigiCert) and act autonomously, the risk of unauthorized or malicious actions increases. For example, if an AI agent with its own identity accesses sensitive data without oversight, it could violate internal policies or regulations like HIPAA in the healthcare sector.

Companies that fail to implement dedicated governance and security will be exposed to regulatory fines, loss of customer trust, and missed competitive advantages. A similar historical case is the early adoption of cloud computing: companies that misconfigured Amazon S3 buckets suffered massive data breaches (such as Capital One in 2019, which exposed 100 million records). Now, AI multiplies these risks due to its opacity and autonomy. Additionally, the lack of dedicated budgets (only 50% have them) indicates that many organizations underestimate the cost of securing AI, which Gartner estimates could account for up to 10% of total IT spending by 2027.

What should readers know?

For business leaders, the lesson is clear: AI must be treated like any other IT system, with security policies, inventories, traceability, and dedicated budgets. Governance is not optional; it is a strategic necessity. For IT professionals, it is urgent to push for centralized visibility and monitoring tools. For regulators, this data reinforces the need for clear regulatory frameworks, such as the EU AI Act, which requires risk assessments for high-risk systems. However, the report shows that 50% of companies still lack formal governance programs, suggesting that regulation alone will not suffice; a cultural shift is needed.

In summary, AI adoption is occurring at a speed that outstrips organizations' ability to secure it. The risk is not just technical but business-related. As Brian Trzupek, SVP at DigiCert, notes: 'The question is no longer whether organizations should adopt AI, but whether they can explain, govern, and trust the AI they have already deployed.' DigiCert's data is a wake-up call: without investment in security and governance, AI could become the biggest attack vector of the next decade.

Keep reading