Tech
Enterprise AI still smarting from leaping before looking
AI and ML
Majority report AI-related security incidents or vulnerabilities
The majority of companies that deploy AI systems end up shooting themselves in the foot with security, according to DigiCert.
Seventy-eight percent of enterprises report “experiencing AI-related security incidents or identifying AI-related vulnerabilities,” the digital identity biz said in a commissioned survey.
Among respondents, 27.7 percent experienced one incident, 21.9 percent experienced multiple incidents, and 28.4 percent had no incidents but identified vulnerabilities, a company spokesperson told The Register. Incident details were not disclosed, but they were caused by AI agents that were unauthorized or misconfigured rather than flaws arising from AI-generated code.
Consistent with its business focus, DigiCert attributes the survey’s findings to lack of AI governance.
“We wouldn’t allow an employee to operate without a verified identity,” said DigiCert CEO Amit Sinha in a statement. “AI agents should be no different.”
That’s become a common refrain. There are several initiatives underway to establish identifiers for bots, such as Private Access Control Tokens (PACTs), Estonia’s digital IDs for agents, and Microsoft’s Agent ID. But bot badging infrastructure remains a work-in-progress, leaving AI agents to run amok in many organizations.
DigiCert’s findings [PDF] echo a similar report two weeks ago from Spacelift that found 93 percent of organizations experienced AI-caused infrastructure incidents while only 19 percent had a governance plan in place.
The survey stands in stark contrast with picks-and-shovels seller Nvidia’s State of AI 2026 report, which gushes, “Across every industry, AI is helping increase annual revenue and drive down annual costs while boosting productivity.”
The DigiCert Q&A involves responses from 1,001 IT and cybersecurity leaders in the US, UK, and Australia, from various businesses. The survey shows that businesses are deploying AI first and asking questions later.
While 90 percent of organizations surveyed have discussed AI governance at the board level, just 50 percent have dedicated AI governance budgets and formal governance programs. This allows operational blind spots to persist. Just 53 percent of respondents said their organization could trace AI decisions back to the models and source data that produced those results.
“That becomes a problem the moment an AI system produces an unexpected or controversial result,” the report says. “Customers, executives, and regulators will all ask, ‘Why did it do that?’”
And perhaps at some point, companies will ask, why did we deploy that? ®
You must be logged in to post a comment Login