SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
United Kingdom
International Women’s Day
267 opinions Read now

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Moody businessperson faces split deepfake screen ai security threats
#
Data Protection
#
Digital Transformation
#
Encryption

AI tops data security worries as identity risks surge

Fri, 27th Feb 2026
Author image
By Shannon Williams, News Editor

Artificial intelligence is now the leading data security concern for organisations, with 70% ranking it as their top threat, according to the 2026 Thales Data Threat Report.

The report points to a shift in how businesses use automated systems. AI tools have moved beyond narrow tasks and now have broad access to enterprise data across corporate environments. That access has made AI a focal point for security teams already managing persistent identity and cloud risks.

S&P Global 451 Research conducted the research across multiple sectors, including automotive, energy, finance and retail. Respondents said the pace of AI-driven change is increasing pressure on governance and controls. The report frames the risk as less about hostile AI software and more about what organisations allow AI systems to access and do.

"Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly," said Sebastien Cano, Senior Vice President, Cybersecurity Products, Thales.

Visibility gaps

The report highlights gaps in basic data management. Only 34% of organisations said they know where all their data resides, and 39% said they can fully classify it. These limitations make it harder to apply consistent controls as data moves across cloud services and software-as-a-service platforms.

Encryption coverage also remains uneven. Nearly half (47%) of sensitive cloud data is still unencrypted, the findings show. That leaves security teams relying on access controls and monitoring in environments where data can be copied, shared and processed quickly.

Enforcing least-privilege access is also harder when AI systems ingest and act on data across multiple environments. The risk increases if credentials are compromised, because broad access rights can expose more information than a single user account might reach.

Identity under attack

The study places identity infrastructure at the centre of the threat landscape. Credential theft was the leading attack technique against cloud management infrastructure for 67% of organisations that experienced cloud attacks. This reflects a broader shift in cybersecurity, where attackers often target access pathways rather than a single technical weakness.

Machine identity governance is also growing more complex as automation expands. Half of respondents ranked secrets management among their top application security challenges. The report links this to the need to govern machine identities, API keys and tokens across systems and teams.

The data points to a security model that must manage more non-human access. AI tools, automation platforms and integration services often require persistent credentials and broad permissions. That can increase the number of identities to manage and expand the blast radius when something goes wrong.

Deepfakes and misinformation

The report also shows a rise in AI-enabled social and identity-based attacks. Nearly 60% of companies said they have experienced deepfake-driven incidents, while 48% reported reputational damage linked to AI-generated misinformation or impersonation campaigns.

These attacks can span internal and external channels. Deepfakes may be used to manipulate staff or impersonate executives. Misinformation campaigns can spread quickly and complicate incident response, especially when organisations must correct false narratives while investigating a security event.

The report also links AI to the rapid scaling of existing risks. Human error already contributes to 28% of breaches, according to the study. Automation can magnify mistakes when misconfigurations or incorrect permissions are replicated across workflows.

Budgets lag risk

Security investment is shifting, but the report suggests it is not keeping pace with change. Thirty per cent of organisations said they now allocate dedicated budgets to AI security, while 53% still rely on traditional security budgets and programmes. The report describes those approaches as built primarily around human users and perimeter-based controls.

The findings suggest a transition period in which businesses adopt AI quickly while governance models catch up. That can leave organisations with tools that act autonomously under policies designed for staff accounts and legacy network boundaries.

Eric Hanselman, Chief Analyst at S&P Global 451 Research, said organisations need to treat data security as a core part of AI adoption rather than a separate workstream.

"As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional," Hanselman said.

The report argues that AI is intensifying existing threats by increasing speed and scale. It calls for stronger approaches to identity, encryption and data visibility as automated systems gain wider access to enterprise information. It also points to governance as a differentiator between organisations that can manage AI-related risk and those that may face incidents triggered by over-permissioned systems.

Related stories
Bridging the gap: Cybersecurity breakthroughs and imbalances
In a cost-pressured AI race, operational maturity is now the competitive advantage
UK AI budgets shift to data infrastructure & storage
Teramind launches AI governance to tackle shadow AI
AI cyber threats outpace staff readiness, report warns

Top stories

Safe AI needs all voices: Celebrating the women who help drive CSA's AI safety initiative
Autonomous AI 'agentic customers' set to reshape banks
How women in cyber change the conversation at board level
The weight women carry
Preserving our voice: Why women must shape the future of AI and cybersecurity