Just six percent of CISOs have AI protection in place
While 79 percent of organizations are already using AI in production environments, only six percent have implemented a comprehensive, AI-native security strategy.
This is among the findings in the new AI Security Benchmark Report from SandboxAQ, based on a survey of more than 100 senior security leaders across the US and EU, which looks at concerns about the risks AI introduces, from model manipulation and data leakage to adversarial attacks and the misuse of non-human identities.
Despite a growing anxiety among CISOs, only 28 percent of organizations have conducted a full AI-specific security assessment, and most are still relying on traditional, rule-based tools that were never designed to address dynamic, machine-speed systems.
The report finds 74 percent of security leaders are highly concerned about AI-enhanced cyberattacks, and 69 percent are highly concerned about AI uncovering new vulnerabilities in their environments. But despite these worries just 10 percent of companies have a dedicated AI security team. In most organizations, responsibility falls to traditional IT or security teams.
The rise of non-human identities (NHIs), which include autonomous AI agents, services, and machine accounts, has further complicated the security landscape. These systems often operate independently, holding and exchanging cryptographic credentials, accessing sensitive resources, and interacting with other software without human oversight. Most security teams lack visibility into these entities or control over their behavior.
“This isn’t just a solution gap, it’s a conceptual one,” says Marc Manzano, general manager of
the Cybersecurity Group at SandboxAQ. “AI is radically changing the cybersecurity paradigm at
an unprecedented speed. This report highlights a growing recognition among security leaders
that defending against evolving threats requires new assumptions and approaches, not just
new layers or patches to current tooling.”
In spite of all the concerns investment in AI is still accelerating. 85 percent of organizations say they plan to increase AI security spending in the next 12 to 24 months, with a quarter planning significant increases. Areas of focus include protecting training data and inference pipelines, securing non-human identities, and deploying automated incident response capabilities tailored to AI-driven infrastructure.
You can get the full report from the SandboxAQ site.
Image credit: BiancoBlue/depositphotos.com