TheStateofAI:

GoBeyondthe

HypetoNavigateTrust,Security

andValue

TableofContents

Introduction4

CurrentstateofEnterpriseAI

9

SignsofstrengtheningguardrailsforAI

17

Implementationstatusandimpediments

22

Addressingdatasecurityanddatamanagementissueswith

generativeAI

26

Informationmanagementstrategies

31

That’sawholelotofdata

37

DataqualityconcernswithgenerativeAIhindervalue

43

CapturingareturnonAIinvestments

47

CollectingfeedbackonAItoolsfromemployees

52

InterventionsarestrengtheningAIliteracy

55

Recommendations

58

Conclusion

60

2TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

01

Introduction

INTRODUCTION

AIisnolongerafuturedisruptor–it’sapresentreality.

Butasadoptionaccelerates,trustinAIoutputsiseroding.Organizationsrealizethatwithoutstronggovernance,resilientdatastrategies,andacommitmenttoquality,AIcanjustaseasilybecomealiabilityasacompetitiveadvantage.

Accordingtodatafrom775globalbusinessleadersacrossfinancial

services,government,andhealthcare,AvePointfound:

AIusagefuelsdatasecurityincidents.

#1

75.1%oforganizationsreportedatleastonedatasecurityincidentwhereoversharingsensitiveinformationnegativelyimpactedthem.

AsAIbecomesmorepopular,scrutinyincreases.

#2

Microsoft365CopilothasbecomethetopsanctionedgenerativeAItool,andover50%ofemployeeshaveintegratedtheuseofgenerativeAItoolsintodailyand

weeklywork.Still,88.3%oforganizationshaveonlyrolledthisouttosomeem-ployees,withpilotprogramsfocusedondatasecurityandreadiness.

#3

SecurityandaccuracyconcernsstallAIrolloutsuptoayear.

ThetwomainreasonsAIisnotmorewidespreadareinaccurateoutput(68.7%)anddatasecurityconcerns(68.5%).ThesechallengesaredelayingAIrolloutsupto12monthsforoverthree-quartersoforganizations.

#4

TraditionalinformationmanagementframeworksfallshortintheAIera.

While90.6%oforganizationshavewhattheyperceivetobeaneffective

informationmanagementprogramorframeworkinplace,fewhavedata

classificationandincidentpreventioninplace.Theiroverconfidencewillcreatechallengesasdataincreasesatarapidclip.

4TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

#5

Datagrowthisn,tjustascaleissue–it,sasecurityrisk.

79.2%oforganizationsnowmanage1PBormoreofdata,up25%fromlastyear,andnearly20%oforganizationsbelievethatin12monthsmorethanhalfoftheirdatawillbecreatedbygenerativeAI.Asdatasprawlsacrosscloudplatforms,organizations

mustdeploytrueinformationlifecyclemanagementtoreducetheirrisk.

#6

InaccurateAIoutputthreatensrolloutsanderodesemployeejudgment.

68.7%oforganizationshaveslowedtherolloutofgenerativeAIassistantsduetoinaccurateAIoutput,andmorethantwo-thirdsofrespondentsexpresssignificantconcernfortheimpactofinaccurateoutputsonemployeejudgment.

#7

CultivatingAIliteracyiscriticaltothesuccessofanyAIrollout.

99.5%oforganizationshaveusedarangeofinterventionstostrengthenAIliteracyamongemployees.

#8

PublicAIuseisfinallybeinggoverned.

AIAcceptableUsepolicieshaveincreasedby79.8%year-over-year,with84.5%oforganizationsnowenforcingordevelopingclearAIusageguidelines.

#9

AIsuccessismeasuredbycustomerimpact–butthat,swheremostfallshort.

EnhancingcustomerinsightsandpersonalizationiswhatorganizationswanttoimprovewhenimplementingAI,yetthereisa5.8%gapbetweenwhattheyhopetoachieveandwhattheyactuallydo.

AIadoptionismeasuredbyusage–notbyimpact.

#10

89.6%oforganizationsusebuilt-inorthird-partyreportstotrackhowgenerativeAIassistantsareusedandhowwelltheyperform.Butfarfewerlookatthehumanorbusinessimpactusinginterviewsorotherqualitativemethods.

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue5

Data&Methodology:

Keyfindingsanddatainthisreportcomesfroma2025globalstudybyOstermanResearchfor

AvePoint.Buildingon

AvePoint,s2024AI&InformationManagementReport

,this2025study

contrastsyear-over-yeardata,revealinghowenterprisesaremovingfromAIexperimentationtoenterprise-wideenablement,emphasizinggovernance,riskmitigation,andmeasurableoutcomes.

775respondentswithresponsibilityforinformationmanagement,datasecurity,orAIprogramsattheirorganizationweresurveyed.

JOBROLE

34.7%

29.2%

18.2%

9.7%

Seniorvicepresident

C-levelexecutive

Vice

president

Manager

Director

8.3%

INDUSTRY

33.8%32.4%33.8%

Government

orpublic

sector

Financialservicesorinsurance

Healthcare

6TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

Canada

UnitedStates

Scandinavia

UnitedKingdom

Germany

France

UnitedArabEmirates

Taiwan

Saudi

Arabia

HongKong

Mexico

Singapore

SoutheastAsia

NigeriaBrazil

SouthAfrica

Australia

NewZealand

ORGANIZATIONSIZE

50to500employees

500to5,000employees

Morethan5,000employees

33.6%

34.9%

31.6%

GEOGRAPHY

33.9%32.3%33.8%

AmericasEMEAAPAC

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue7

02

CurrentStateofEnterpriseAI

CURRENTSTATE

OFENTERPRISEAI

EnterpriseAIadoptionisaccelerating

Overthepastyear,moreemployeeshavegainedaccesstoapprovedgenerativeAItoolsandmostnowusethemdailyorweekly.

Microsoft365CopilotandChatGPTareusedatsimilarrates,withonlya0.4%difference.However,Copilothasseenfastergrowth–risingfrom47%tosurpassChatGPT,whichgrewslightlyfrom65%.ApprovalforGoogleGeminialsoincreased,growingfasterthanChatGPTbutslowerthanCopilot.Mostorganizationsapprovetwo(44.3%)orthree(25.1%)generativeAItoolsforemployeeuse.

SeeFigure2.1.

Figure2.1

TopgenerativeAItooIssanctionedforusebyorganizations

Percentageofrespondents

71.2%

70.8%

65%

54.5%

47%

40%

ChatGPT

GoogleGemini

Microsoft365Copilot

2025

2024

TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue9

Morethanhalf

ofemployeeshaveintegratedgenerativeAItoolsintheirworkoneormoretimesperweek.

Theremainderhavemadelessprogressindoingso,withanaverageof18.1%ofemployeesusinggenerativeAItoolsonlyoneormoretimespermonth,and14%lessfrequentlythanmonthly.ThismeansthereisstillsignificantopportunityforemployeestointegrategenerativeAItoolsmore

deeplyintotheirdailyworkflows.SeeFigure2.2.

Figure2.2

IntegrationofgenerativeAItooIsintoreguIarworkprocesses

AveragepercentageofemployeesusinggenerativeAItoolspercadence

29.4%

22.8%

18.1%

15.7%

14.0%

Notusing

generativeAI

assistants

Monthly(one

ormoretimesa

month)

Weekly(oneor

moretimesa

week)

Daily(oneor

moretimesa

day)

Infrequently(lessfrequentlythanmonthly)

Moststartedwithapilotprogramtoassess

therealbenefitsofAI

88.3%oforganizationsstartedtheirAIjourneywithapilot–asmall-scale,short-termexperimenttoassessthefeasibilityofawiderrollout.Only11.7%oforganizationsjumpedimmediatelyinto

productionrolloutwithoutassessingfeasibilityinadvance.Onaverage,37.4%ofemployees

wereincludedinapilotprogram–althoughtherewasawiderangeofapproachestakenamongtherespondentstothisresearch.62.6%conductedapre-assessmentofwhereAIcouldassist

employeesintheirworkandassignedpilotlicensesaccordingly,while52.9%hadseniorleadershipspecifyparticipants.SeeFigures2.3and2.4.

10TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

Figure2.3

PercentageofempIoyeesinvoIvedinapiIotprogramforAI

Percentageofrespondents

20.4%

16.3%

15.5%15.6%

13.2%

11.7%

6.7%

0.6%

100%ofemployees

Didn’trun

apilot

program

76%to

99%of

employees

31%to

50%of

employees

11%to

20%of

employees

21%to

30%of

employees

51%to

75%of

employees

10%or

fewerof

employees

Figure2.4

MethodsfordecidingwhichempIoyeesshouIdparticipateinanAI

piIotprogram

Percentageofrespondents

62.6%

52.9%

45.8%

2.2%

Seniorleadershipspecifiedwhowas toparticipateinthepilotprogram

Basedonexpressions

ofinterestfrom

users,groups,and/or

businessunits

Participantswere

selectedbasedon

ourpre-assessment

ofhowAlcouldassist

theirwork

Wedidn’tdecideinadvance;itwasfullyopt-inforanyoneatourorganizationwhowantedtoparticipate

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue11

Figure2.5

MostpilotprogramsincludedtheITdepartment,withdatateamsalsocommonlyinvolved.Thatmakessense,sincethesegroupsareresponsibleforevaluatingdatasecurityandreadiness–twokeygoalsofAIpilotprograms.DifferencesacrossindustriescanbeseeninFigure2.5.

Industry

Most

common

Secondmostcommon

Thirdmost

common

Fourthmost

common

Fifthmost

common

FinanciaI

servicesand

insurance

organizations

IT

(department,

professionals)

Dataanalysts,

scientists,

administrators

Finance

teamor

department

Customer

supportor

service

Operations

(frontlinestaff)

Senior

leaders

Government

andpubIic

sector

organizations

IT

(department,

professionals)

Dataanalysts,

scientists,

administrators

Senior

leaders

Operations

(frontlinestaff)

Businessunit

leaders

Developers

HeaIthcare

organizations

IT

(department,

professionals)

Clinical

professionals

(doctor,nurse,

researcher,

pharmacist)

Dataanalysts,

scientists,

administrators

Adminstaff

Customer

supportor

service

Marketing

Developers

Operations

(frontlinestaff)

Finance

teamor

department

Dataconcerns

drivepilotprogramdecisions

Thetwohighestratedreasonsforrunningapilotprogramfocussquarelyondata:

84.4%

saidtestingdatasecurityriskswasveryorextremelyimportant

81.3%saidassessingthereadinessofdata.SeeFigure2.6.

12TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

Figure2.6

ReasonsforrunningapiIotprogramforAI

Percentageofrespondentsindicating“very”or“extremely”important

84.4%

81.3%

81.1%

79.8%

72.2%

Testingdata

securityrisks

withAI

ProvingandunderstandingpotentialROl

Assessingthe

readinessofour

dataforAl

Workingout

howwewould

reportandaudit

theuseofAI

Evaluatingthe

willingnessof

employeesto

adoptAlintheir

work

InadditiontosanctionedAI,shadowAItoolsarewidelyused

SanctionedoptionssuchasMicrosoft365Copilot,ChatGPT,andGoogleGeminiaren’ttheonly

generativeAIassistantsbeingusedbyemployees.ThepercentageofemployeesusingunsanctionedAIisgrowingyear-over-year.SeeFigure2.7.

Figure2.7

UseofunsanctionedgenerativeAItooIs

36.1%

30.2%

22.6%

12monthsagoCurrentlyAnticipatedin12months’time

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue13

WhencorrelatingtheuseofunsanctionedgenerativeAItoolsbyemployeeswiththenumberofsanctionedgenerativeAItools:

?Organizationsthatapproveonlyonegenera-tiveAItoolaretheleastawareofwhatothertoolsemployeesareusing–18.7%admit

theydon’tknow.Incontrast,fororganiza-tionsthatapproveof2-3tools,only10-13%don’tknowwhattheiremployeesareusing.

?Amongorganizationsonlysanctioninga

singlegenerativeAItool,useofunsanctionedgenerativeAItoolsbyemployeesisabout

15%lowercomparedtothosesanctioningtwoormore.Thisislikelyduetogreater

organizationalsupportforthesinglesanc-tionedtoolset,coveringadoptionandpro-cesschangeinvestments,althoughitcouldalsobeduetolowervisibilityintounsanc-tionedusage.

Takeaways

01

Datasecurityisthetop

reasonwhyorganizationsarenotrollingoutAIfasterortomorepeopleintheirorganization.It’snota

questionofcostorROI.

02

AIadoptioniswidespread,butshadowAIuseis

growingwhichhighlightsagovernancegap.

03

Pilotsarethenorm,but

datareadiness–notthe

technology–istherealtest.

14TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

EXPERTPERSPECTIVE

JeremyThake

ChiefArchitect,AvePoint

Manyorganizationsusepilotprogramstofindandfixdatasecurityandgovernancegaps,whichhelpsthemmitigateriskandadjusttheirpolicies.

However,theriseoftask-specificAIagentsintroducesnew,andoften

unanticipated,challenges.Wearenolongerjustconcernedaboutoversharingdata;wearenowfacingthepotentialriskofoversharingagentsthemselves.Infact,

Gartnerpredicts

40%ofenterpriseappswillfeaturetask-specificAIagentsby2026,upfromlessthan5%in2025.Organizationsneedtomovequickertomatchthepaceofinnovationandthespeedatwhichagentswilltransformourworkplaceasweknowit.

EXPERT

PERSPECTIVE

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue15

03

Signsof

strengthening

guardrailsforAI

SIGNSOFSTRENGTHENINGGUARDRAILSFORAI

AIAcceptableUsePoliciesarebecomingstandardpractice

AnAIAcceptableUsepolicyprovidesguidelinesandrulesfortheethicalandresponsibleuseofAIsystemswithinanorganization-98%oforganizationswillhavesuchapolicyinplacewithinthenext12months.

Whenweaskedthisquestionin2024,itwasayesornoquestion-with47%ofrespondentssaying“yes”tohavingapolicyand53%saying“no.”In2025,weassessedforgreaternuanceviafive

options-includingafullydevelopedandimplementedpolicyandapolicyinactivedevelopment.SeeFigure3.1.

Figure3.1

ImpIementationstatusofanAIAcceptabIeUsepoIicy

Percentageofrespondents

43.4%

41.2%

13.4%

1.5%

0.5%

Developedandimplemented

Willdevelopa

policyinthenext

3years

Nocurrentplansforsuchapolicy

Actively

developinga

policy

Willdevelopa

policyinthenext

12months

TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue17

Itispossibletointerprettheyear-over-year

datainoneoftwoways.First,thesafeguardofanacceptableusepolicyforAIhas

declined,assumingthatthe47%in2024is

thesameasthe41.2%in2025thatsaythey

haveafullydevelopedandimplemented

policy.Fromtheperspectiveofcomparingtwodifferentassessmentmethodologies,thisis

unlikelytobethecasebecausethehardlinesofa“yes”or“no”answerpushrespondentsinthemiddle(e.g.,currentlydevelopingapolicy)tooneorotherextreme.

Thisleadstothesecondandlikelymore

accurateinterpretation,thatthesafeguardofanacceptableusepolicyforAIhasincreased,assumingthatthe47%in2024alignswiththe84.5%thathaveapolicyalready(41.2%)or

arecurrentlydevelopingone(43.4%).Thisisayear-over-yearincreaseof79.8%.

Overtime,organizationsarelikelytocyclecontinuouslybetweenhavingadeveloped

andimplementedpolicyforAIandactivelydevelopingone.Especiallynowwiththe

growthofagenticAI,AIpolicieswillneed

tochangeinlockstep-andtechnologycanhelp.Toolscanmonitorusageandraise

risksbecauseweallknowjustbecausea

documentedpolicyexistsdoesnotmean

everyonefollowsit(asevidencedbytheuseofunsanctionedAItools,forexample).

AIguidelinesareateamsport

Mostbelieveinsharedresponsibilityfor

developingguidelinesforthesafeand

effectiveusageofAI.Thehighestresponsibilitysitswiththeorganizationitself(93.2%

indicated“high”or“extreme”responsibility),trailedbyindustrycoalitions(77.8%)and

government(68.4%).SeeFigure3.2.

Figure3.2

ResponsibiIityfordeveIopingguideIinesforsafe

andeffectiveusageofAI

Percentageofrespondentsindicating“high”or“extreme”responsibility

93.2%

77.8%

68.4%

Coalition

Government

Internalteams

18TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

HowAIresponsibilitiesvarybyregion

Acrossthethreeregionsrepresentedinthissurvey,internalteamsarealwaysviewedasholdingprimaryresponsibilityfordevelopingguidelinesforsafeandeffectiveusageofAI.BothEMEAandAPACviewanindustrycoalitionashavinggreaterweightinthedevelopmentprocessthanthe

Americas,andtheimportanceofgovernmentinputintheAPACregionishigherthanintheothertwo.SeeFigure3.3.

Figure3.3

Responsibilityfordevelopingguidelinesforsafeandeffective

usageofAI-byregion

Percentageofrespondentsindicating“high”or“extreme”responsibility

93.9%

92.0%93.5%

85.1%

80.0%

73.3%

67.2%

68.4%

64.6%

InternalteamsCoalitionGovernment

AmericasEMEAAPAC

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue19

ResponsibilityforAIguidelinesvarybyindustry

Whencorrelatedbythethreeindustriesweinvestigatedinthisresearch,internalteamsstillcomeoutwithprimaryresponsibilityfordevelopingsafeandeffectiveusageguidelinesforAI.Acrosstheothertwopossiblegroups–anindustrycoalitionandgovernment–respondentsfromgovernmentorpublicsectororganizationsattributehigherresponsibilitytothesetwogroups.Financialservicesorinsuranceorganizationsaretheleastlikelytowantresponsibilitysittingwithanindustrycoalitionorgovernmentbodies.SeeFigure3.4.

Figure3.4

ResponsibiIitybyindustryfordeveIopingguideIinesforsafe

andeffectiveAIusage

Percentageofrespondentsindicating“high”or“extreme”responsibility

92.4%

96.0%

91.2%88.4%

76.0%

76.1%

69.5%

63%

66.4%

InternalteamsCoalitionGovernment

FinancialservicesorinsuranceGovernmentorpublicsectorHealthcare

Takeaways

02

Governanceisasharedresponsibility,butorganizationsleadtheway.Internalteamsholdthegreatestaccountability,though

industrycoalitionsandgovernmentsplayrisingroles,especiallyinthepublicsectorandAPAC

01

AIpoliciesmustevolvecontinuously:

OrganizationsrecognizethatAIpoliciesarenotstaticdocuments.Theyrequireongoingiterationtokeeppacewithtechnological

change.

20TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

04

Implementationstatusand

impediments

IMPLEMENTATIONSTATUSANDIMPEDIMENTS

Accesstocorporate-approvedgenerativeAIassistantsisincreasingyear-over-year

Moreemployeesyear-over-yeararebeinggivenaccesstocorporate-approvedgenerativeAI

assistants,with40%currentlyhavingaccessandtheexpectationofthisincreasingto54.6%in12months’time.SeeFigure4.1.

Figure4.1

Accesstocorporate-approvedgenerativeAIassistants

Averagepercentageofemployeeshavingaccess

54.6%

40.0%

25.5%

12monthsagoCurrentlyAnticipatedin12months’time

22TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

Inlookingatthedata:

?81.3%oforganizationsseeyear-over-yearincreasesinthe

percentageofemployeeshavingaccesstocorporate-approvedgenerativeAIassistants.

?AmongorganizationsthathavecompletedtheirproductionrolloutofAI(10%oforganizationssurveyed),theaveragepercentage

ofemployeeswithaccesstocorporate-approvedgenerativeAI

assistantsis43.7%thisyear.Onlyoneorganizationinthisgroup

hasmadegenerativeAIassistantsavailableto100%ofemployees,indicatingthatformostdeployments,a“completedrollout”doesnotcurrentlymean100%employeecoverage.

?AmongorganizationscurrentlyrollingoutAItoeveryoneintheir

organization,theaveragepercentageofemployeeswithaccess

togenerativeAIassistantsatthispointis45.1%,althoughthisis

anticipatedtogrowto61%in12months’time.Whilelessthan1%ofthisgrouphavemadegenerativeAIassistantsavailableto100%ofemployeesalready,thisisanticipatedtogrowto8.7%in12months.

Irrespectiveofincreasingadoption,significantdataconcernsremain

Mostorganizations(85.7%)arehittingthebrakesonrollingout

generativeAItoolsbecauseoftwomainproblems:baddataanddatasecurityworries.

1.InaccurateAIoutputduetooutdateddata,irrelevantdata,andhallucinationsisbiggestrisk(68.7%).Thisreinforcesthefunda-mentalargumentwemadeinour

2024research

–thatwithoutstronggovernanceandinformationmanagementdisciplines,AIwouldbehamperedfromthestart.

2.DatasecurityconcernslikeunauthorizedexposureofsensitivedataduetoAIarethesecondhighestconcern(68.5%).

OfleastconcernisthelackofaframeworkforchangemanagementwithAI(61.4%),whichmeansthatmoreorganizationsthinktheyknowhowtomanagethepeoplesideofAI-enabledchangebutaremoresignificantlyhinderedbythetechnicalconsiderationsofoutdatedandill-protected

data.SeeFigure4.2.

TheStateofAI:GoBeyondtheHypeto

23

Figure4.2

ReasonsforsIowingdowntheroIIoutofgenerativeAIassistants(n=664)

Percentageofemployeesindicating“highly”or“extremely”impactful

IncomparisontothelistofconcernswithAIimplementationinour2024research,concernsarounddataprivacyandsecurityhavedeclinedslightly(from71%lastyear),whileconcernsduetothequalityandcategorizationofinternaldatahasincreasedsignificantly(from61%).

68.7%

InaccurateAloutput,e.g.,outdateddata,irrelevantinformation,hallucinations

68.5%

Datasecurityconcerns,e.g.,unauthorizedexposureofsensitivedataduetoAl

64.2%

Employeesdon’tseethevalueofusing

Alintheirwork

63.4%

BarriersfromemployeesforadoptingAl

61.9%

intheirwork

Costoflicenses

61.4%

LackofaframeworkforchangemanagementwithAl

Takeaways

02

Dataqualityandsecurity

concerns–notchange

management–arethe

biggestblockerstorollingoutgenerativeAIassistants.

03

85.7%oforganizations

slowedgenerativeAI

rolloutsduetodataqualityanddatasecurityconcerns.

01

MostorganizationsareinproductionwithgenerativeAI,butfewhavefull

employeecoverage.

24TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

05

Addressingdata

securityanddata

managementissueswithgenerativeAI

ADDRESSINGDATASECURITYANDDATAMANAGEMENT

ISSUESWITHGENERATIVEAI

Mostrolloutsdelayeduptoayearduetodatasecurityanddatamanagementissues

81.3%oforganizationsdelayedtheirdeploymentofgenerativeAIassistantsduetodatasecurity

and/ordatamanagementissues.Threetosixmonthswasthemostcommontimeframeforadelaytoaddresssuchissues(34.8%),followedbyanalmostequalsplitbetweenthreemonthsorless

(20.5%)andsevento12months(21%).Theaveragedelaywas5.8months.SeeFigure5.1.

Figure5.1

DeIaytimeframeforgenerativeAIassistants

Percentageofrespondents

34.8%

20.5%

18.7%

21.0%

0.5%

4.4%

3monthsorless

Morethan24

months

3to6months

7to12months

13to24months

Wedidnotdelay

deploymentdue

todatasecurity

and/ordata

managementrisks

Fororganizationsthatdelayedrollouts,67%providedtrainingforemployeesonhowtosafelyusegenerativeAIassistantsintheirworkand55%deployedthird-partygovernancetoolstoassess

generativeAIassistants’outputforaccuracyandalignmentwithdatagovernancepolicies.

26TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

AI-relatedsecuritybreaches

75.1%

oforganizationsexperiencedoneormoreAI-relatedsecuritybreachesovertheprevious12months.

Breachesattributedtoexternalthreatactorsweremostcommon,affectingbothsensitiveemployeedata(occurringat65.8%oforganizationsthatwerebreached)andsensitivecustomerdata(58.2%).Followingclosebehindwerethesesamebreachtypescausedbyemployees.SeeFigure5.2.

Figure5.2

FrequencyofAI-reIatedsecuritybreachesovertheprevious12months

Percentageofrespondentswhoexperiencedoneormorebreaches(n=582)

65.8%

Anexternalthreatactorbreachedsensitiveemployeedata,e.g.salaryinformation,contactdetails

58.2%

Anexternalthreatactorbreachedsensitivecustomerdata,e.g.purchasehistory,contactdetails

57.9%

Anemployeestolesensitiveemployeedata,e.g.salaryinformation,contactdetails

46.4%

Anemployeestolesensitivecustomerdata,e.g.purchasehistory,contactdetails

34.0%

AnemployeegainedunauthorizedaccesstosensitivedatausedtotrainourAlmodels

29.9%

AnexternalthreatactorgainedaccesstosensitivedatausedtotrainourAlmodels

Increasedinvestmentsinthird-partytoolsplanned

Anaverageof52.7%oforganizationsplanonincreasingtheirinvestmentlevelacrossarangeofthird-partytools,withthird-partygovernancetoolstoassessAIoutputforaccuracyandalignmentwithdatagovernancepoliciesinleadingtheway(64.4%).Third-partydatasecuritytoolsarein

secondplace(54.5%).SeeFigure5.3.

TheStateofAI:Go

BeyondtheHypetoNavigateTrust,SecurityandValue27

Figure5.3

Investmentpatternsforthird-partytooIs

overthenext12months

Percentageofrespondents

64.4%18.8%16.8%

Third-partydatasecuritytoolstoprotectAlmodelsandsystems

Third-partyanalyticstools

Third-partyAlliteracytools

Third-partybackuptools

Third-partygovernancetoolsthatassessAloutputforaccuracyandalignmentwithdatagovernancepolicies

54.5%29.9%15.6%

51.1%29.7%19.2%

47.2%34.2%18.6%

46.3%35.2%18.5%

IncreaseSameDecrease

Takeaways

02

AI-relatedbreachesare

widespread:75.1%of

organizationsexperiencedatleastoneAI-relatedsecuritybreachinthepastyear,

underscoringtheurgencyofproactivegovernance.

03

With85%relyingsolely

onnativesecuritytools,

manyorganizationsare

vulnerabletorisingdata

incidents–promptinga

surgeininvestmentin

third-partygovernanceandsecuritytools.

01

Securityconcernsare

delayingAIrollouts.81.3%

oforganizationsdelayed

deploymentduetodata

risks,byanaverageofnearlysixmonths.

28TheStateofAI:GoBeyondtheHypetoNavigateTrust,SecurityandValue

EXPERTPERSPECTIVE

Dana

Simberkoff

ChiefRisk,Privacyand

InformationSec