Key Takeaways

- 78% of enterprises experienced AI-related security incidents or identified vulnerabilities
- Only 50% of organizations have dedicated AI governance budgets despite 90% discussing it at board level
- Just 53% can trace AI decisions back to the models and data that produced them
Nearly four in five enterprises that deploy AI systems have experienced security incidents or uncovered vulnerabilities, according to a new DigiCert survey. The digital identity company surveyed 1,001 IT and cybersecurity leaders across the US, UK, and Australia. The finding points to a widening gap between AI adoption speed and security readiness.
The breakdown: 27.7% of respondents experienced at least one AI-related incident, 21.9% suffered multiple incidents, and 28.4% found vulnerabilities but avoided actual breaches. DigiCert did not disclose specific incident details, but a company spokesperson told The Register the problems stemmed from AI agents that were unauthorized or misconfigured, not from flaws in AI-generated code.
What's causing these AI security failures?
The root cause is governance, or the lack of it. DigiCert CEO Amit Sinha put it bluntly: "We wouldn't allow an employee to operate without a verified identity. AI agents should be no different."
That statement captures the central problem. Companies treat AI agents as tools, not as actors that need identity verification, access controls, and audit trails. When an AI agent operates with misconfigured permissions or without proper authorization, it becomes a security liability.
Several initiatives aim to fix this. Private Access Control Tokens (PACTs) offer one approach. Estonia has developed digital IDs specifically for agents. Microsoft is building Agent ID. But these remain works in progress. For now, AI agents run largely unchecked in many organizations.
The governance gap is worse than the headline
The survey reveals a stark disconnect between talking about AI governance and actually implementing it. Ninety percent of organizations have discussed AI governance at the board level. That sounds encouraging until you see the next number: only 50% have dedicated AI governance budgets or formal programs in place.
The operational consequences are real. Just 53% of respondents said their organization could trace AI decisions back to the models and source data that produced them. When an AI system makes a controversial decision or produces an unexpected result, nearly half of enterprises cannot explain why.
“That becomes a problem the moment an AI system produces an unexpected or controversial result. Customers, executives, and regulators will all ask, 'Why did it do that?”
— DigiCert report
A separate Spacelift report from two weeks prior found even starker numbers. That survey showed 93% of organizations experienced AI-caused infrastructure incidents, while only 19% had any governance plan in place.
The vendor narrative vs. reality
These findings clash with the optimistic messaging from AI infrastructure vendors. Nvidia's State of AI 2026 report claims AI is "helping increase annual revenue and drive down annual costs while boosting productivity" across every industry. Both statements can be true simultaneously: AI delivers business value and creates security exposure.
The problem is that many companies optimized for the first outcome without preparing for the second. They deployed AI to capture competitive advantage. Security and governance became afterthoughts.
This pattern repeats across technology cycles. Cloud adoption ran ahead of cloud security practices. Mobile deployments outpaced mobile device management. Now AI agents proliferate faster than AI governance frameworks can mature.
What practical steps can enterprises take now?
The survey implies three immediate priorities. First, inventory your AI agents. Many organizations cannot list every AI system operating in their environment, much less track their permissions and data access. You cannot secure what you cannot see.
Second, apply identity principles to AI agents. The same access controls, authentication requirements, and audit logging that govern human employees should extend to AI systems. This is the core of Sinha's argument.
Third, build traceability into AI pipelines. If you cannot explain an AI decision after the fact, you have a compliance risk, a legal liability, and a debugging nightmare. Model versioning, data lineage tracking, and decision logging are not optional for production AI.
Organizations managing complex AI workflows alongside other business processes often rely on automation platforms like Zapier, Make, or n8n to orchestrate integrations. These tools can help enforce consistent data flows and audit trails, though they require deliberate configuration to maintain security standards.
Disclosure
Some links in this post are affiliate links — Logicity earns a commission if you sign up, at no extra cost to you. We only link products we have used or actively recommend.
Logicity's Take
The 78% incident rate should not surprise anyone who watched enterprise AI deployments over the past two years. The race to ship AI features meant security reviews happened post-launch, if at all. What is surprising is the 47% of organizations that still cannot trace AI decisions to their source. That is not a security problem; that is an operational blindspot that makes debugging, compliance, and incident response nearly impossible. Companies that treated AI governance as a checkbox exercise are now paying the price. The fix is not more AI; it is the same boring discipline that secures any IT system: identity management, access controls, logging, and the willingness to slow down deployment until those foundations exist.
Frequently Asked Questions
What percentage of enterprises have experienced AI security incidents?
According to DigiCert's survey, 78% of enterprises have experienced AI-related security incidents or identified AI-related vulnerabilities. About half of those actually experienced incidents, while the remainder found vulnerabilities without suffering breaches.
What causes most enterprise AI security incidents?
DigiCert reports that incidents stemmed from AI agents that were unauthorized or misconfigured, not from flaws in AI-generated code. Lack of proper identity management and governance for AI agents is the primary driver.
How many companies have formal AI governance programs?
Only 50% of surveyed organizations have dedicated AI governance budgets and formal governance programs, despite 90% having discussed AI governance at the board level.
Can enterprises trace AI decisions back to their source?
Just 53% of respondents said their organization could trace AI decisions back to the models and source data that produced those results. This creates significant compliance and debugging challenges.
What initiatives exist to improve AI agent identity?
Several projects are underway including Private Access Control Tokens (PACTs), Estonia's digital IDs for agents, and Microsoft's Agent ID. However, these remain works in progress without widespread adoption.
Another example of AI systems accessing sensitive data, raising similar governance questions
Need Help Implementing This?
Building AI governance frameworks or securing your AI deployments? Contact us at Logicity to connect with specialists who can audit your current AI estate and implement proper identity and access controls.
Source: www.theregister.com
Manaal Khan
Tech & Innovation Writer
Produced with AI assistance and reviewed by the Logicity editorial team. Learn more in our Editorial Policy.
Related Articles
Browse all
AI Revolution: How Tech is Transforming the World, One Industry at a Time
From desalination plants in Iran to AI-powered manufacturing, the tech world is abuzz with innovation. Discover how AI is changing the game for small entrepreneurs and what it means for the future of industry. Explore the latest developments in cybersecurity, robotics, and more.

Revolutionizing AI: The Game-Changing Tech That's Making Agents Smarter
A new technology is set to revolutionize the way AI agents learn and adapt, enabling them to accumulate wisdom and apply it to new situations. This innovation has the potential to significantly boost the reliability of AI agents, especially in complex tasks. By converting raw agent trajectories into reusable guidelines, this tech is poised to transform the AI landscape.

The Dark Side of AI: How Bots Are Fueling a Monetized Abuse Ecosystem
A recent analysis of 2.8 million Telegram messages reveals a shocking truth: AI-powered bots are being used to create and sell non-consensual intimate images. These bots can turn ordinary photos into synthetic nude images, and the abuse is being monetized through affiliate programs and subscription-based archives. The researchers behind the study are calling for stricter regulations to combat this growing problem.

AI's Secret Sauce: How Journalism Became the Unlikely Ingredient
A recent study reveals that AI chatbots rely heavily on journalistic sources for their quotes, with one in four coming from news outlets. This shocking discovery has significant implications for the media industry and our understanding of AI's information gathering processes. As AI technology continues to evolve, it's essential to consider the role of journalism in shaping its responses.


