-Content by CyberNewswire-
The 2025 State of AI Data Security Report reveals a widening contradiction in enterprise security: AI adoption is nearly universal, yet oversight remains limited. Eighty-three percent of organisations already use AI in daily operations, but only 13 percent say they have strong visibility into how these systems handle sensitive data.
Produced by Cybersecurity Insiders with research support from Cyera Research Labs, the study reflects responses from 921 cybersecurity and IT professionals across industries and organisation sizes.
The data shows AI increasingly behaving as an ungoverned identity, a non-human user that reads faster, accesses more and operates continuously. Yet most organisations still use human-centric identity models that break down at machine speed. As a result, two-thirds have caught AI tools over-accessing sensitive information, and 23 percent admit they have no controls for prompts or outputs.
Autonomous AI agents stand out as the most exposed frontier. Seventy-six percent of respondents say these agents are the hardest systems to secure, while 57 percent lack the ability to block risky AI actions in real time. Visibility remains thin: nearly half report no visibility into AI usage and another third say they have only minimal insight leaving most enterprises unsure where AI is operating or what data it touches.
More from Artificial Intelligence
- New Report: 100% Of Businesses Now Use AI, But Only 25% Can Actually Scale It
- AI Trends In Photography – Transforming The Workflow
- Introducing Moltbook: The “Reddit” For AI Chatbots
- Is India On Track To Become The World’s Most Powerful AI Hub?
- New Data Centre Launched In Singapore, Reports Find
- Wikipedia, Reddit And YouTube Are Winning The AI Search Game As AI Rethinks The Notion Of Authority
- How Many UK AIM-100 Businesses Include AI In Their Practices?
- Microsoft Reveals How Much AI And Cloud Boosted Its Revenue In 2025
Governance structures lag behind adoption as well. Only 7 percent of organisations have a dedicated AI governance team, and just 11 percent feel prepared to meet emerging regulatory requirements, underscoring how quickly readiness gaps are widening.
The report calls for a shift toward data-centric AI oversight with continuous discovery of AI use, real-time monitoring of prompts and outputs, and identity policies that treat AI as a distinct actor with narrowly scoped access driven by data sensitivity.
“AI is no longer just another tool, it’s acting as a new identity inside the enterprise, one that never sleeps and often ignores boundaries,” said Holger Schulze with Cybersecurity Insiders. “Without visibility and robust governance, enterprises will keep finding their data in places it was never meant to be.”
As the report cautions: “You cannot secure an AI agent you do not identify, and you cannot govern what you cannot see.”
-This is a paid press release published via CyberNewswire-
