Shadow AI and poor governance fuel growing cyber risks, IBM warns

Many organisations racing to adopt AI are failing to implement adequate security and governance controls, according to IBM’s Cost of a Data Breach Report 2025. The report warns that attackers are already exploiting these weaknesses, targeting AI models and applications with increasing frequency.

Although AI-related breaches still represent a minority of overall security incidents, IBM anticipates that such cases will rise as enterprise AI usage grows. The findings are based on reported data from 600 organisations worldwide, covering incidents that occurred between March 2024 and February 2025.

Of those surveyed, 13 percent confirmed experiencing a breach involving either an AI model or an AI-powered application. Almost all of these organisations – a striking 97 percent – admitted they lacked appropriate access controls for their AI systems at the time of the incident.

The consequences were significant. Around one-third of affected organisations reported operational disruption and unauthorised…