A in companies rapid adoption and low visibility an urgent call for safety

The adoption of artificial intelligence in companies is no longer a distant promise: it is integrated into applications, data pipes, cloud platforms and even identity systems. But according to a recent study based on 300 interviews with CISUS and US security leaders, this expansion is taking place faster than the ability of organizations to see and protect it properly. The report AI and Adversarial Testing Benchmark Report 2026 of Pentera serves as an X-ray of this tension: intense adoption, weak supervision and tools that, in many cases, were not designed for the unique behaviors of the IA systems.

One of the most disturbing conclusions is the lack of visibility. More than two thirds of respondents recognize having a limited vision of how and where IA capabilities are used within their organization. This is not just a theoretical concern: when you do not know what identities models use, what data can be consulted or how they react to control failures, it becomes practically impossible to assess risk rigorously.

Much of the problem arises from the distributed nature of IA projects. Unlike a traditional application with a clear team and owner, IA capabilities are often born in product teams, data departments or even local initiatives within the company. The result is central, diluted monitoring and governance processes that do not reach all exposure vectors.

Contrary to what many might think, the study shows that money is not the main obstacle: organizations seem willing to invest. The biggest brake identified has to do with the shortage of specialized internal skills to evaluate and protect environments where the IA operates. In other words, there is financial will, but there is a lack of practical knowledge to translate this investment into effective defence.

This lack of experience explains why most companies are using inherited controls: firewalls, endpoints protection tools, cloud security or APIs defense. These controls offer some initial coverage, but do not fully capture how the IA introduces new access patterns, autonomous decisions or indirect channels between systems. The report notes that only a small fraction of organizations already have solutions specifically designed to ensure IA infrastructure.

The good news is that there are frameworks and resources to guide the response. Initiatives such as NIST AI Risk Management Framework propose principles and practices for managing IA risks, while projects such as OWASP AI Top 10 start mapping specific threats to the life cycle of models. At European level, bodies like ENISA have published work on the picture of threats associated with the IA that are useful for understanding emerging vectors.

Practical recommendations are not surprising, but urgent: create real inventories of where and how the IA is used, articulate clear responsibilities between teams, and establish monitoring capabilities that follow the trail of models, data and credentials. All of this should be complemented by active tests: adverse tests, network teaching and simulations that show whether the controls work against actual attacks or design failures.

Forming internal talent and attracting specialized profiles will be key. Studies on the skills gap in cybersecurity show that the demand for qualified professionals continues to exceed the supply, and the massive arrival of IA projects only amplifies that tension. Organizations can accelerate the process by combining in-house targeted training, partnerships with specialized suppliers and external support in the first testing and validation programmes.

It is not right to think of the safety of the IA as an isolated layer: it is a systemic challenge. Models can act as privileged actors in an architecture, can trigger dependencies and create unintended access roads. Therefore, adapting existing controls without understanding new behaviors can give a false sense of safety. The evidence suggests that, on a temporary basis, many companies do precisely that: adapt what they already have while waiting for them to mature specific tools and practices.

For technical managers and risk teams, the road map should include both governance and engineering: governance to decide which IA is authorized, what data can be touched and what behavior metrics should be monitored; engineering to implement detection, traceability and adverse tests that validate assumptions under real conditions. Public resources of agencies such as the CISA and the frameworks of standardisation bodies help to prioritize actions and coordinate efforts between safety, data and product.

Pentera's report does not deceive: concern exists and there is awareness of the problem, but fundamental gaps remain to be closed. The task is not only technological; it is organizational and cultural. Building visibility, developing experience and mapping risks in environments where IA already operates are steps that do not allow delay if companies want automation and innovation not to end up generating avoidable vulnerabilities.

If you want to deepen the full data and recommendations, you can download the Pentera report in this link: AI and Adversarial Testing Benchmark Report 2026. To complement reading with frameworks and practical guides, see the NIST TO RMF recommendations OWASP on the risks of IA and CISA on security in intelligent environments.