Two-thirds of companies that use AI do not control all their data well, says research

BySimon Rousseau Posted on
Pesquisa mostra descompasso entre a rápida adoção da IA e o controle básico dos dados nas empresas (Foto: Getty Images/Fortune)

As artificial intelligence rapidly transforms corporate environments, a deeply concerning security gap is emerging: Organizations are eagerly welcoming automated systems into their internal networks without knowing where their sensitive information is stored.

According to the recently released Thales 2026 Data Threat Report, only 34% of organizations know where all of their data is, setting the stage for a major security crisis as AI is given carte blanche to roam corporate systems.

Also read: Before clicking, ask a question: ChatGPT is now able to identify scams

The comprehensive research, conducted by S&P Global 451 Research and commissioned by Thales — a global leader in cybersecurity technology — highlights a worrying disconnect between the rapid adoption of AI and basic data control.

In critical markets including the automotive, energy, financial and retail sectors, companies say the rapid pace of AI-driven transformation has become their biggest security challenge.

As companies actively incorporate AI into their development pipelines, analytics, and customer service flows, these automated systems are gaining broad access to corporate data, often with fewer controls than those applied to human workers.

As a result, 61% of organizations now explicitly cite AI as their top data security risk.

The report comes after a week in which a second viral essay about the serious consequences of overly autonomous AI rattled markets. Citrini Research’s essay on a 2028 “phantom GDP” hell scenario in which radical AI-driven deflation would result in 10% unemployment and a 30%-plus correction in stocks came on the heels of AI executive Matt Shumer’s prediction that “something big” was happening in AI and the workforce was unprepared.

Although economists and even industry executives warned that this was overblown, software stocks largely continued their downward trajectory.

The core of the problem identified in the Thales report aligns, at least in part, with these fears. This is not necessarily the threat of runaway, malicious AI created by external actors, but rather the unprecedented level of insider access granted to these systems as they move from being mere external tools to highly trusted insiders.

Organizations are enthusiastically incorporating AI into daily routines, but in doing so, they are granting these automated systems broad access to vast volumes of corporate data, often operating with fewer security controls than those traditionally applied to human employees in a standard corporate environment.

Sébastien Cano, senior vice president of cybersecurity products at Thales, highlighted this alarming change in corporate environments. “Internal risk no longer just involves people. It also involves automated systems that were trusted too quickly,” explained Cano.

He warned that when basic security measures like identity governance, access policies or encryption are weak, “AI can magnify these weaknesses in corporate environments much faster than any human ever could.”

The survey was global and had 3,120 participants among security and IT management professionals, excluding companies with less than US$100 million in annual revenue.

They reported growing gaps in data visibility across cloud infrastructures, with only 39% of companies having the ability to fully protect data and almost half (47%) of all sensitive cloud data remaining completely unencrypted.

Because these AI systems continually ingest and process information across vast cloud and SaaS (Software as a Service) environments, it becomes extremely difficult to enforce “least privilege access” — the practice of granting only the strictly necessary access rights to a system.

If a machine’s credentials are compromised by a malicious actor, the resulting data exposure can be devastating.

Attackers are already exploiting exactly these vulnerabilities. Credential theft is now the leading attack technique against cloud management infrastructure, cited by 67% of organizations that have suffered cloud attacks.

At the same time, 50% of organizations rank secrets management as one of their top application security challenges, illustrating the enormous and growing difficulty of governing machine identities, tokens, and API keys at scale.

Deepfakes, misinformation and human error

As companies struggle to control their own internal AI systems, bad actors are using the same technology to launch increasingly sophisticated external attacks.

Nearly 60% of companies report facing incidents driven by deepfakes, and 48% have suffered reputational damage linked to AI-generated misinformation or impersonation campaigns.

Additionally, human error continues to contribute to 28% of data breaches; By adding rapid automation to the equation, small, everyday mistakes can now scale and become more widespread than ever before.

Despite these escalating automated threats, security investments are struggling to keep pace with AI-driven access. Only 30% of companies surveyed have budgets dedicated to AI security.

The majority of organizations (53%) still rely on traditional security budgets and programs designed primarily for human users and perimeter-based defenses.

Industry experts emphasize that a fundamental paradigm shift is urgently needed.

“As AI becomes deeply integrated into enterprise operations, continuous data visibility and protection are no longer optional,” said Eric Hanselman, chief analyst at S&P Global 451 Research.

For companies to innovate securely and prevent AI from becoming their newest and most dangerous insider threat, they need to structurally rethink identity, encryption, and data visibility as the core foundation of their security infrastructure.

Simon Rousseau
Simon Rousseau

Hello, I'm Simon, a 39-year-old cinema enthusiast. With a passion for storytelling through film, I explore various genres and cultures within the cinematic universe. Join me on my journey as I share insights, reviews, and the magic of movies!