An "AI Exposure Gap" could be the most worrying security issue your business isn't aware of

News
By published

AI users aren’t handling security properly

AI writer
(Image credit: Getty Images)
  • Only one in five companies encrypt their AI data, report finds
  • Vulnerabilities come from within – not from AI models
  • Half of companies rely on guidance to do the bare minimum

With 89% of organizations now running or piloting AI workloads, research from Tenable is warning of an “AI exposure gap” where security practices might not be keeping up with progress.

To date, one in three (34%) AI adopters have already experienced an AI-related breach, but Tenable says these breaches are largely down to the companies involved rather than the AI technologies.

Instead of sophisticated model attacks, vulnerability exploits are most common, suggesting Tenable’s “AI exposure gap” is already a reality.

Security practices aren’t keeping up with AI

Only 22% of the organizations surveyed said they fully classify and encrypt AI data, leaving 78% (or four in five) leaving it accessible in the event of an attack.

Software vulnerabilities (21%) and insider threats (18%) were among the top three causes of breaches, but Tenable did also acknowledge that AI models flaws (19%) may also pose a risk.

“The real risks come from familiar exposures – identity, misconfigurations, vulnerabilities – not science-fiction scenarios,” Product and Research VP Liat Hayun explained.

This comes from enterprises scaling AI faster than they can secure it, leaving visibility across systems fragmented. As a result, companies tend to employ reactive defences to pick up the pieces rather than securing systems ahead of an attack.

And that’s exactly how Tenable says enterprises should go about fixing the “AI exposure gap.”

Currently, around half (51%) rely on the NIST AI Risk Management Framework or the EU AI Act to guide their strategies, suggesting they may only be doing the bare minimum.

Only one in four (26%) conduct AI-specific security testing like red-teaming.

Tenable advises companies to prioritize foundational controls like identity governance, misconfiguration monitoring, workload hardening and access management, ultimately resulting in compliance being the starting point for a strong security posture – not the be all and end all.

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

TOPICS
Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.