Enterprises neglect AI security – and attackers have noticed

Organizations rushing to implement AI are neglecting security and governance, IBM claims, with attackers already taking advantage of lax protocols to target models and applications.

The findings come from Big Blue's Cost of a Data Breach Report 2025 report, which shows that AI-related exposures currently make up only a small proportion of the total, but these are anticipated to grow in line with greater adoption of AI in enterprise systems.

Based on data reported by 600 organizations globally between March 2024 and February 2025, IBM says 13 percent of them flagged a security incident involving an AI model or AI application that resulted in an infraction.

Almost every one of those breached organizations (97 percent) indicated it did not have proper AI access controls in place.

About a third of those that experienced a security incident involving their AI suffered operational disruption and saw criminals gain unauthorized access to ...