- Only one in five companies encrypts their AI data, report says
- Vulnerabilities come from within, not from AI models
- Half of companies depend on guidance to do the bare minimum
With 89% of organizations now running or testing AI workloads, Tenable research warns of an “AI exposure gap” where security practices may not keep pace with progress.
To date, one in three (34%) AI adopters have already experienced an AI-related breach, but Tenable says these breaches are largely due to the companies involved and not the AI technologies.
Instead of attacks on sophisticated models, exploiting vulnerabilities is more common, suggesting that Tenable’s “AI exposure gap” is already a reality.
Security practices fall short of AI
Only 22% of organizations surveyed said they fully classify and encrypt AI data, while 78% (or four in five) leave it accessible in the event of an attack.
Software vulnerabilities (21%) and insider threats (18%) are among the top three causes of breaches, but Tenable also acknowledged that flaws in AI models (19%) can also pose a risk.
“Real risks come from familiar exposures (identity, misconfigurations, vulnerabilities) and not from science fiction scenarios,” explained Vice President of Product and Research Liat Hayun.
This is because companies scale AI faster than they can protect it, leaving systems visibility fragmented. As a result, companies tend to employ reactive defenses to pick up the pieces rather than protecting systems before an attack.
And that’s exactly how Tenable says companies should address the “AI exposure gap.”
Currently, around half (51%) rely on the NIST AI Risk Management Framework or the EU AI Law to guide their strategies, suggesting they may only be doing the bare minimum.
Only one in four (26%) perform AI-specific security testing, like the red team.
Tenable advises enterprises to prioritize critical controls such as identity governance, misconfiguration monitoring, workload hardening, and access management, ultimately resulting in compliance being the starting point for a strong security posture, not the be-all and end-all.
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
