VYPR
advisoryPublished Jul 7, 2026· 1 source

Enterprise AI Adoption Outpaces Security Governance, Survey Finds

A DigiCert survey reveals that 78% of enterprises have experienced AI-related security incidents or vulnerabilities, largely due to poor governance and misconfigured AI agents.

A significant majority of enterprises are encountering security challenges stemming from their adoption of artificial intelligence, according to a recent survey commissioned by DigiCert. The study found that a staggering 78% of organizations reported experiencing AI-related security incidents or identifying AI-related vulnerabilities. These incidents were primarily attributed to unauthorized or improperly configured AI agents rather than flaws in AI-generated code itself.

The findings highlight a critical gap in organizational preparedness, with many businesses adopting AI technologies without establishing robust governance frameworks. While 90% of surveyed companies have discussed AI governance at the board level, only half have allocated dedicated budgets or implemented formal governance programs. This lack of structured oversight creates operational blind spots, making it difficult for organizations to track and understand the decision-making processes of their AI systems.

DigiCert CEO Amit Sinha emphasized the need for treating AI agents with the same security rigor as human employees. "We wouldn’t allow an employee to operate without a verified identity," Sinha stated, drawing a parallel to the necessity of establishing trusted identities for AI agents. This sentiment is echoed by ongoing industry initiatives aimed at creating identifiers for bots, such as Private Access Control Tokens (PACTs) and Estonia's digital IDs for agents, though these solutions are still in development.

The survey's results paint a stark contrast to more optimistic industry reports, such as Nvidia's State of AI 2026 report, which focuses on the revenue and productivity gains driven by AI. DigiCert's research, which polled 1,001 IT and cybersecurity leaders across the US, UK, and Australia, suggests a widespread 'deploy first, ask questions later' mentality regarding AI implementation.

This approach has tangible consequences. The survey revealed that only 53% of respondents could accurately trace AI-driven decisions back to the specific models and source data that generated them. This lack of traceability becomes a significant liability when an AI system produces unexpected or problematic outcomes, leaving organizations ill-equipped to explain or justify its actions to customers, executives, or regulators.

The findings from DigiCert align with similar research, such as a recent report from Spacelift, which indicated that 93% of organizations experienced AI-related infrastructure incidents while a mere 19% had a formal governance plan in place. This pervasive issue underscores the urgent need for organizations to prioritize AI governance and security alongside AI adoption to mitigate risks and ensure responsible deployment.

As AI continues its rapid integration into enterprise operations, the cybersecurity implications are becoming increasingly apparent. The prevalence of AI-related incidents and vulnerabilities points to a critical need for enhanced security measures, including identity verification for AI agents, comprehensive governance policies, and improved traceability of AI decision-making processes. Failure to address these gaps could lead to significant financial losses, reputational damage, and regulatory scrutiny.

Synthesized by Vypr AI