AI: The New Organization Facing Insider Risk

• As AI systems gain wider access to business data in all environments, organizations must treat data visibility and encryption as primary security measures.
• AI-enabled deepfakes and misinformation increase the effectiveness of identity-based attacks. Today, data theft is the leading form of attack against cloud infrastructure (67%). About 60% of companies report incidents driven by deepfake, and 48% experience damage from AI-generated misinformation.
• Investments in AI security are growing, with 30% of companies allocating a dedicated budget; however, 53% still rely on the existing defense budget

MEUDON, France – According to the Thales 2026 Data Threat Report, organizations in various markets including automotive, energy, finance and retail say the acceleration of AI-driven changes is now their biggest security challenge. Based on the research report, conducted by S&P Global 451 Research, 61% cite AI as their top data security risk. The concern is not just about malicious AI, but about the access it provides as it moves from tool to trusted insider.

“Inside risk is no longer just a human thing. It’s also about automated systems that are quickly trusted. If identity governance, access policies, or encryption are weak, AI can amplify those weaknesses everywhere very quickly.”

As businesses embed AI into workflow, analytics, customer service, and development pipelines, these systems are given broad, automated access to business data, often with fewer controls than those applied to human users in the enterprise environment.

The report reveals a worrying disconnect between AI adoption and data governance. Only 34% of organizations know where all their data resides, regardless of the level of criticality, and only 39% can fully isolate it. Meanwhile, nearly half (47%) of sensitive cloud data remains unencrypted.

As AI systems import and operate on data in cloud environments and SaaS environments, limited visibility makes enforcing less privileged access increasingly difficult, granting only strictly necessary access rights. This increases the level of exposure if credentials are compromised.

Proprietary infrastructure is now a prime attack surface. Data theft remains the leading form of attack against cloud management infrastructure, cited by 67% of organizations experiencing cloud attacks. At the same time, 50% rank privacy management among their top security challenges, reflecting the growing complexity of machine ownership, API keys (interfaces de programmation applicative) and tokens at scale.

As organizations rush to implement AI, attackers are doing the same. Almost 60% of companies report being attacked by deepfake-driven attacks, and 48% report reputational damage related to false information generated by AI or impersonation campaigns.

As AI introduces new risks, it also increases existing ones. Human error already contributes to 28% of breaches, and with automation at the top, small mistakes can quickly escalate and become widespread.

While organizations recognize the need to adapt, investment is not keeping up with the rapid increase in access and automation driven by AI. 30% are now devoting some budget to AI security, indicating a growing awareness. However, the majority (53%) still rely on traditional security systems designed primarily for human users and perimeter-based controls. As machines continue to authenticate, access, and operate independently, many security strategies must still adapt to these changing operating models.

AI does not replace traditional threats; rather, it strengthens them by increasing their speed, scale, and reach. As automated systems gain broader access to enterprise data, organizations must rethink identity, encryption, and visibility of data as core infrastructure. Organizations that embed strong governance into their AI strategies will be better placed to innovate safely and avoid turning AI into their new insider threat.

For more information, please download the full report and join our webinar hosted by Eric Hanselman, Senior Analyst at S&P Global 451 Research.About Thales Thales (Euronext Paris: HO) is a global leader in advanced technology for the Defense, Aerospace, and Cyber ​​& Digital sectors. Its portfolio of innovative products and services addresses several major challenges: sovereignty, security, sustainability and inclusion.

The group invests more than 4 billion dollars a year in Research and Development in key areas, especially in critical areas, such as Artificial Intelligence, cybersecurity, quantum and cloud technologies.

Thales has more than 83,000 employees in 68 countries. In 2024, the Group generated sales of 20.6 billion euros.

https://www.businesswire.com/news/home/20260225599723/en/