Quick note

The hard truth – AI expands opportunity and attack surface

AI with security is like a race car with controls

Generative AI and agentic systems create whole new runtime surfaces - models, agents, APIs, and developer and employee workflows. Enterprises are seeing attacks accelerate.

13% of organizations reported breaches of AI models/applications. An additional 8% didn’t know if they’d been compromised and 97% of those breached lacked proper AI access controls (IBM).

62% of enterprises say their developers don't have the training to implement security for AI apps (Harness).

Breaches involving shadow AI cost materially more on average (~$670k extra) and increase exposure scope because data flows are untracked (Kiteworks).

83% of security teams report being “flying blind” on automated AI controls and increased API and identity attack vectors (Kiteworks).

Gartner projects information-security spending growth and flags AI-driven risk as a major driver of that investment. Security budgets will continue to expand where business leaders demand safe AI at scale (Gartner).

What that means for security teams and AI app owners

If you don’t know the state of your AI risk, you can’t safely expand AI use. Lack of visibility will either lead to risky implementations — with costs like those above — or force risk-averse decisions: slower launches, limited automation, and missed revenue or opportunity windows.

AI systems are like high-performance race cars. You can either drive blind and pray, or instrument them with sensors and boundaries so you can drive harder, faster, recover from skids — and most importantly — win.