If you asked your CISO right now whether AI had contributed to a security breach in the past year, what would they say? More to the point — could they actually answer that with confidence?
According to data from multiple threat reports published this month, over a third of organisations genuinely don't know. Not "we don't think so." Not "probably not." Literally: no idea.
That number stopped me in my tracks. Because it tells you something important about the state of enterprise AI security — not about the attacks themselves, but about the visibility gap sitting underneath everything else.
The Problem Isn't the Breach. It's the Blindspot.
There's been no shortage of alarming AI security statistics lately. IBM's 2026 X-Force Threat Index flagged a measurable escalation in AI-driven attacks. HiddenLayer's AI Threat Landscape report highlighted agentic AI as a rapidly expanding attack surface. Researchers found malicious Chromium extensions disguised as AI assistants quietly exfiltrating internal prompts and code from enterprise environments.
All of that is genuinely concerning. But the statistic that keeps coming back to me is simpler and, frankly, more damning: more than one in three organisations cannot confirm whether they've experienced an AI security breach in the last year.
Think about what that means operationally. If you can't detect it, you can't respond to it. If you can't see which AI tools your employees are using, you can't know which of them are quietly transmitting sensitive data to external servers. If you have no audit trail of what your AI agents are doing, you have no way to trace an incident back to its source.
The breach is almost secondary. The real problem is that most enterprises are flying blind.
Shadow AI Is Bigger Than Anyone Thought
Three out of four organisations now consider shadow AI a definite or probable problem — a 15-point jump from just a year ago. And yet, most security teams still don't have a systematic way to discover it.
Here's the typical pattern: an employee finds a useful AI tool. Maybe it's a Chrome extension that summarises meetings, or a browser-based code assistant, or one of the dozens of AI productivity apps that have exploded onto the market. They start using it. Their colleagues see it and start using it too. Within weeks, sensitive business data — meeting transcripts, internal code, customer information, legal documents — is being processed by a third-party service that IT has never heard of, let alone approved.
Nobody is being malicious. That's what makes shadow AI so persistent. The intent is productivity, not negligence. But the exposure is real.
And now the stakes are rising. Researchers have documented cases where those same unsanctioned tools were the entry point for credential theft — stolen session tokens, exfiltrated API keys, compromised non-human identities that give attackers persistent access long after the initial breach. One malicious AI extension can quietly harvest months of internal prompts before anyone notices.
The Agentic Shift Changes Everything
There's another layer here that security teams are only beginning to grapple with: autonomous AI agents.
A significant number of enterprises are now deploying AI agents — tools that don't just answer questions but take actions. They browse the web, query databases, send emails, trigger workflows. And according to recent data, one in eight companies has already linked an AI breach to an agentic system.
The problem is architectural. Most organisations treat AI agents like extensions of human users, giving them shared service accounts or overly broad permissions. When something goes wrong, there's no audit trail. There's no way to attribute an action to a specific agent. And because many of these agents were spun up by individual teams without IT review, they're not even on the security team's radar.
This is the execution layer problem. Attackers aren't just targeting AI models anymore — they're targeting the layer where AI agents connect to production infrastructure. And most enterprises have essentially zero governance at that intersection.
The Confidence Gap Is a Strategy Problem, Not Just a Tech Problem
Here's what's striking about the research: there's a significant gap between what executives believe about their AI security posture and what the operational data actually shows.
A large share of executives express confidence that their existing security policies can handle unauthorised agent actions. Meanwhile, the data shows that over half of all AI agents operate without consistent security oversight.
That gap is dangerous. Not because executives are being dishonest — but because the tools they've historically used to assess risk (security policies, vendor reviews, compliance audits) weren't designed for this problem. They were built for a world where the attack surface was defined by your network perimeter and your software vendors. Neither of those constructs maps cleanly to an environment where employees are freely adopting AI tools, AI agents are taking autonomous actions, and the boundary between "your infrastructure" and "someone else's servers" is increasingly blurry.
What Visibility Actually Looks Like
The organisations that are getting this right aren't necessarily the ones with the most sophisticated AI security tooling. They're the ones that started with a simple question: what AI is actually being used, by whom, and for what?
That sounds obvious. It's harder than it sounds. Most network monitoring tools weren't built to distinguish AI tool traffic from general web traffic. Most DLP solutions don't understand the semantics of what's being sent to an LLM. And most IT teams are already stretched thin, without bandwidth to manually audit every new AI tool that appears on the market.
The practical approach is to build visibility into the workflow layer — the place where employees actually interact with AI tools — rather than trying to bolt it on at the network edge after the fact. That means understanding not just that a tool is being used, but how it's being used: what data is flowing through it, whether sensitive content is being shared, and whether the usage aligns with policy.
From there, you can have a real conversation about which tools to approve, which to block, and which fall into the grey zone that requires a different kind of guidance. And critically — you can start building the audit trail that lets you answer the question your CISO couldn't: has AI contributed to a breach, and if so, how?
The Window Is Closing
There's a reason this is getting more urgent in March 2026 specifically. Regulatory pressure is building — the EU AI Act is in force, Australia's AI regulation roadmap is taking shape, and financial services regulators in multiple jurisdictions are actively asking questions about AI governance. Organisations that can't demonstrate oversight of their AI tools are going to find that gap increasingly costly, and not just in breach costs.
The organisations that wait for a significant incident to motivate action are going to pay a premium — in remediation, in regulatory scrutiny, and in the trust they've built with customers and partners.
The ones that act now get to shape their own AI governance story, rather than having it written for them by a breach notification.
Start with visibility. The rest follows from there.