AI Risk Management Takes Center Stage in Corporate Security Budgets

As Enterprises Integrate AI, Security Budgets Adapt to Emerging Risks

The increasing use of artificial intelligence (AI) in workflows that handle sensitive data across cloud platforms and software-as-a-service (SaaS) applications has led to a growing focus on AI security.

While some companies are allocating specific funds for AI security, many others continue to manage AI risk through existing security budgets, closely tying it to broader cybersecurity programs.

As AI becomes more pervasive, threat modeling now routinely includes deepfake activity and AI-generated misinformation.

• 59% of respondents reported experiencing deepfake attacks
• 48% cited reputational damage linked to AI-generated misinformation

Cloud Assets Remain a Primary Target

Cloud assets remain a primary target for attackers, with cloud-based storage, cloud-delivered applications, and cloud management infrastructure being the top three most targeted resources, at 35%, 34%, and 32%, respectively.

The average organization uses 2.26 cloud providers and 89 SaaS applications, increasing the number of identities, interfaces, and data stores that require oversight.

Credential Abuse and Third-Party Vulnerabilities

Credential abuse is a leading technique in attacks against cloud management infrastructure, with 67% of respondents citing credential theft or compromise, including misappropriated secrets.

Third-party vulnerabilities and API exposures also pose significant risks.

Data Protection and Encryption

Encryption coverage in cloud environments is inconsistent, with 47% of sensitive cloud data encrypted in 2026, down from 51% in 2025.

Data protection programs often involve multiple point solutions, with 77% of respondents using five or more data protection tools.

Misconfiguration and Human Error

Misconfiguration and human error remain the most common causes of data breaches, at 28%.

Configuration governance and access control discipline continue to influence incident frequency across cloud and SaaS deployments.

Data Sovereignty and Quantum Computing Risks

Data sovereignty initiatives are influencing architecture decisions, with 45% of respondents citing portability as the primary driver.

Thirty-four percent cited a desire for full control over software and data, while 49% indicated that the physical location of cloud infrastructure is important for some or all workloads.

As quantum computing risks move from theory to reality, organizations are beginning to prepare for the potential impact on cryptographic systems.

• 61% of respondents cited “harvest now, decrypt later” as their top quantum-related concern
• 59% reported prototyping and evaluating post-quantum cryptographic algorithms