AI Security Statistics & Benchmarks: The Numbers Behind the AI Security Crisis

Artificial intelligence is quickly becoming an invisible business infrastructure layer that’s woven into daily operations the same way electricity once reshaped commerce and industry. Stanford HAI's 2025 AI Index Report found that 78% of organizations surveyed said they used AI to support at least one business function in 2024. Just one year earlier, 55% of organizations said the same. Worldwide, businesses invested $252.3 billion in AI technology in 2024. Attackers are scaling up just as fast. There were a record 233 AI-related security incidents in 2024, a 56.4% increase over 2023. The average cost of an AI-driven breach has risen to $4.88 million, per Harvard Business Review.

The core problem is a dangerous imbalance between AI adoption and readiness. Attackers are deploying AI to automate phishing campaigns, scan enterprise networks for vulnerabilities faster than ever, and open fake accounts at scale. In fact, fake account creation surged 259% from 2023 to 2024 and has since increased by another 89% in 2025. Meanwhile, Accenture research found that 90% of organizations do not have the maturity required to defend against AI-driven attacks, and only 28% design their AI projects with security in mind from day one. The statistics covered in this guide illustrate the extent of this imbalance and how forward-thinking organizations are bridging the divide. 

‍

The State of AI Security: What’s Really Happening

The numbers are impressive, but the real story is the speed of change. Enterprise AI didn’t slowly inch forward. It gathered speed. Enterprise AI hit the mass market, then it penetrated every facet of the organization, rewriting workflows, generating new value streams, and unleashing an entirely new attack surface. 

That expanded attack surface is already being weaponized. In 2025, Mandy Andress, CISO at Elastic, noted that “We’ve already seen the impact of AI-driven attacks—especially sophisticated phishing and deepfake campaigns that are incredibly convincing and hard to catch.” She explains that these attacks “aren’t just email scams anymore.” Today, these attacks “show up across business communication channels, are tailored to specific individuals, and are designed to fool even well-trained employees.” Andress is direct about the implications: “[i]t’s clear we’re in the early stages of an AI arms race, and right now, the attackers moved first and have the edge.”

On top of that, the stakes are rising on the technology side as well. Dawn Song is a computer scientist at UC Berkeley with a focus on AI and security. But in a recent  interview with IBM Think, Song explained that we’ve hit a point where AI models’ cybersecurity capabilities have reached a tipping point, and newer systems can identify zero-day vulnerabilities “at very low cost.” Song called 2025 “a step change in frontier AI capabilities in cybersecurity,” and warned that “looking ahead, we foresee both expanding defensive potential and rising AI-powered threats, making robust, responsible security research more critical than ever.”

On the enterprise governance front, it’s not just a technical problem, but an organizational one. Leaders in cybersecurity at Deloitte emphasize building safety, security, and compliance into products from the start instead of bolting it on at the end (a concept known as “Trust-By-Design”). But most organizations haven’t gotten there yet. AI risk is the number one security priority for CISOs, topping vulnerability management, data loss prevention, and third-party risk, according to the 2025 CISO Village Survey. Plus, one-quarter of CISOs have already faced an AI-driven attack. 

Deloitte’s CISO Brief sums it up nicely: “CISOs are being asked to move from reactive controls to proactive, business-aligned defense against AI-enabled attacks. The goal is not just better tools — it is stronger decisioning, clearer accountability for high-risk actions, and controls that reduce exposure as AI-driven threats evolve.”

‍

Statistics on AI Adoption & Exposure

Less than 1 in 20 GenAI pilots result in quick wins that directly affect revenue. According to MIT’s NANDA research, only 5% of pilots have demonstrated rapid revenue impact whereas 95% have shown little to no P&L impact. The issue is less about the model itself but more about rapidly learning how to integrate these generic capabilities into the workflow at enterprise scale. (Fortune)

MIT’s research has discovered that betting on external vendors/partnerships leads to success about two-thirds of the time. Building them in-house results in success at about one-third that rate. This speed and success differential has been particularly true in highly regulated industries such as financial services where going it alone on proprietary GenAI pilots in 2026 has resulted in even higher failure rates. (Fortune)

Modern AI agents only succeed at multi-step transactions 30-35% of the time, according to Carnegie Mellon University research. Gartner estimates that by 2027, 40% of deployed agentic AI initiatives will be abandoned. (Jay Cadmus via Medium)

Gartner polling in January 2025 revealed organizations' investments into agentic AI are spotty. Some 19% say they've invested significantly; 42% have invested selectively; 8% have not invested; and the remaining 31% are either waiting and watching or haven't formulated a plan. Overall, much of current market development is hype-induced "agent washing" with "fewer than ~130 vendors with true agentic capabilities." Most current deployments provide little to no ROI because today's models are unable to autonomously execute complex long-running business processes. (Gartner)

A significant increase in deployed agentic AI systems is expected in the coming years. Gartner forecasts the percentage of routine work decisions made by agents will grow from basically zero in 2024 to 15% in 2028. Additionally, the percentage of enterprise software containing agentic capabilities is expected to increase to 33% from less than 1% today. (Gartner)

‍

AI Adoption Is Accelerating Faster Than Security Readiness

Enterprise AI adoption is accelerating, but security tactics aren’t keeping pace. AI accelerates productivity but also widens attack surfaces and exposes more data to potential breaches. Nearly 6 in 10 security decision makers (57%) say they’ve experienced increased security incidents as a result of AI usage. (Microsoft)

AI is becoming mainstream in the workplace. In 2024, 78% of organizations said they were currently using AI, up from 55% a year earlier. Private funding into generative AI startups totaled $33.9 billion, up 18.7% year over year and more than 8.5x 2022 levels. (Stanford HAI AI Index Report 2025)

Adoption is accelerating, but trust lags behind. Close to 60% of employees fear that GenAI-generated content could be biased or inaccurate; 73% think the technology will create new security vulnerabilities. Concerns around trustworthiness, data governance, and transparency into model behaviors when handling sensitive information remain. (Master of Code)

AI models are improving rapidly as well. To measure progressively stronger engineering and reasoning skills, new benchmarks were proposed in 2023: MMMU, GPQA, and SWE-bench. By 2024, scores on these benchmarks had risen by 18.8, 48.9, and 67.3 percentage points, respectively. (Stanford HAI AI Index Report 2025)

Faster performance isn’t the only thing accelerating. That growth is driving adoption of AI technology into regulated and mission-critical industries. In these sectors, AI will be part of systems where failures have significant real-world implications. In 2023, the FDA approved 223 AI-enabled medical devices. This is up from only six approvals back in 2015. (Stanford HAI AI Index Report 2025)

At the same time, companies are moving away from standardizing around a single AI solution and adopting multi-model infrastructures. On average, companies deploy 2.6 AI models. Gemini has already achieved 48% enterprise adoption. For security teams, this fragmentation significantly complicates cybersecurity. (Google Cloud)

With wider adoption comes more incidents. AI-specific security incidents rose to 233 total reported incidents in 2024. That’s a 56.4% increase year-over-year and the highest number reported to date. (Stanford HAI AI Index Report 2025)

‍

AI Systems Create New Enterprise Security Risks

‍Unfortunately, traditional controls don’t cleanly map to LLMs or agentic systems, and that comes at a cost. AI-related security incidents cost organizations an average of $4.7 million per breach in 2025. Put simply, these costs mean AI incidents are some of the costliest enterprise security problems. (Obsidian Security)

Companies are also feeling a lot of regulatory pressure, which is expected to accelerate. Fines for non-compliance, under regulations such as the EU AI Act, could reach 4% of worldwide annual revenue for severe infringements. (Master of Code)

Regulatory pressure is rising just as quickly. Under frameworks like the EU AI Act, organizations could face penalties of up to 4% of global annual revenue for serious compliance failures. (Obsidian Security)

One of the biggest concerns is how easily AI safeguards can fail. Even if you have guardrails in place, all AI models are vulnerable, especially to AI-specific risks like prompt injections. When researchers tested 36 different LLM set ups, 56% of attacks were able to evade safety features through prompt injection. (Knostic)

At the same time, employees are feeding sensitive information directly into AI systems at alarming rates. Researchers found that 4% of prompts and more than 20% of uploaded files in GenAI tools contained sensitive corporate data. (Knostic)

As a result, enterprise security teams are rethinking their security strategies. Nearly half of surveyed organizations now rank adversarial GenAI threats, including deepfakes and AI-powered phishing, as their top cybersecurity concern. Separately, Google Cloud’s CSA report found that 52% of organizations consider sensitive data exposure their primary AI security risk. (Google Cloud)

Microsoft’s 2024 Data Security Index found similar results. The percentage of organizations experiencing data security incidents tied to AI applications nearly doubled from 27% in 2023 to 40% in 2024. (Microsoft)

‍

Automated Attacks Are Scaling at Machine Speed

Enterprise work isn’t the only thing getting transformed by AI. Internet traffic itself is evolving. Between January and December 2025, AI-driven traffic grew by 187%. Scrapers and bots also grew much faster than human traffic. Automated website traffic increased 23.51% year-over-year while human traffic grew just 3.10%. (HUMAN Security)

Unfortunately, AI traffic isn’t just from chatbots or agents. They’re also scraping data from websites, apps, and more. The median percentage of global traffic attempting scraping attacks nearly doubled between 2022 and 2025, approaching 20% of all measured traffic. (HUMAN Security)

The majority of AI traffic occurs through just a few AI platforms. As of 2025, OpenAI accounted for about 69% of known AI bot traffic, Meta came in second with approximately 16%, and Anthropic placed third with around 11%. (HUMAN Security)

Traffic is also concentrated in a few industries. Retail/eCommerce, streaming/media, and travel/hospitality make up for more than 95% of AI-driven traffic. (HUMAN Security)

Product and search pages received most of this agentic AI activity, representing 77% of the observed traffic. It’s not just curiosity. Attackers also tested account pages, authentication systems, and checkout flows with this technology. (HUMAN Security)

Attacks are also ramping up. Organizations saw more than four times the year-over-year login-account takeover attempts, averaging 402,000 flagged attacks. (HUMAN Security)

Prompt injection is prevalent. One study showed that 35% of deployed LLM applications were susceptible to injection attacks. Another study demonstrated that 4% of prompts sent to enterprise models leaked sensitive information. Both are examples of attackers tricking models to bypass security controls and steal company data. (SQ Magazine)

Attackers have used AI to generate fraudulent accounts. Overall, AI-generated fake account creation attempts increased 259% between 2023 and 2024 and have increased another 89% in 2025. (HUMAN Security)

‍

Most Organizations Still Aren’t Prepared for AI-Enabled Threats

60% of organizations recognize the need for AI controls but have yet to implement any protective measures. Of the organizations who have started taking AI controls into consideration 61% are putting controls in place that limit AI exposure based on business need. Another 61% of organizations are utilizing just--in-time access for AI apps. (Microsoft)

Though AI adoption is happening quickly, many organizations still fail to understand how cybersecurity will be impacted. Just 36% of technology leaders say that artificial intelligence is outpacing their cybersecurity capabilities today. (Accenture)

That doesn’t mean their organizations are using AI effectively, but that leaders underestimate the threat. According to Accenture, 90% of companies still lack the maturity needed to defend against AI-enabled threats. At the same time, 77% lack foundational AI and data security practices to protect critical models and data pipelines. (Accenture)

Security integrations are behind as well. Only 42% of organizations say they balance AI development with proper investment in security. Only 28% of organizations weave security into their initiatives from the beginning. (Accenture)

There’s also a shortage of skilled workers contributing to gaps in security. Workforce shortages were ranked as the top challenge hindering development by 83% of executives. (Accenture)

Just 10% of organizations are today operating in what Accenture calls the “Reinvention-Ready Zone.” These organizations have both strong security capabilities and an integrated cyber strategy. 27% are in Accenture’s “Progressing Zone” which means they may have strategic alignment or technical controls, but not both. And 63% of organizations find themselves in the “Exposed Zone” where they lack both strategy and operational maturity. (Accenture)

The lack of maturity comes at a cost. Compared to all other organizations, those in the Reinvention-Ready Zone are 69% less likely to be the target of advanced attacks, and 1.5x more likely to block them. (Accenture)

‍

Organizations Are Turning to AI to Defend Against AI

In the age of AI, you have to fight fire with fire. That’s why more companies are using AI to defend against AI-powered threats. More than 90% of security teams are already testing or planning to use AI for threat detection, red teaming, and access control. (Google Cloud)

Governance maturity influences how effectively organizations operationalize AI security. Companies with formal governance programs are twice as likely to adopt agentic AI and three times more likely to train employees on AI security tools. (Google Cloud)

AI can also help reduce alert fatigue. Organizations using AI security tools saw an average of 47 alerts per day, compared with 79 among those lacking similar AI protections. (Microsoft)

Security teams are slowly gaining confidence in their ability to use AI to protect their infrastructure. 77% of organizations say AI will help them better identify unprotected sensitive data and anomalies. Independently, 76% say the same about the accuracy of security. (Microsoft)

Organizations are also planning to put that confidence into action. According to Microsoft, 93% of organizations are planning to use AI to protect their data. (Microsoft)

‍

Frontier AI Benchmarks Indicate Bigger Stakes

‍It’s more difficult to evaluate and secure AI systems as they become more capable. As a result, security teams need to monitor additional benchmarks to stay on top of AI-related risks. The Future of Life Institute’s AI Safety Index suggests measuring Attack Success Rate (ASR) which = Total Breaks / Total Chats to track how frequently adversarial prompts defeat controls. (Future of Life Institute)

But the benchmarks themselves are also targets. NIST discovered specific, quantifiable benchmark manipulation threats such as cheating against lower bounds of 0.3% for Cybench solution contamination. (NIST)

OpenAI’s GPT-5.3- Codex showcased continued growth in offensive security skills. Testing saw it reach completion rates of 86% for network attack scenarios, 72% for vulnerability discovery and exploitation and 53% for evasion tasks. (OpenAI)

However, even robust monitoring can have large blind spots. OpenAI’s research on self-incrimination found that with a 5% false positive rate, aggressive monitoring still failed to detect between 38% and 46% of attacks that could have been detected with self-incrimination detection techniques. (OpenAI)

‍

The Bottom Line (and What to Do About It)

Here's what the data tells us: AI security isn’t advancing at the same rate as AI proliferation. The average cost of an AI breach is now $4.88 million. Prompt injections are evading protections half of the time. Fraudsters using large language models to generate fake accounts are doubling down, as attempts have increased by nearly 3x in just two years. And a staggering 90% of organizations remain immature in their ability to defend against the threats they already know about.

Traditional security solutions just weren’t built for this. Agents and models operate differently than standard applications in ways your perimeter defenses won’t detect. Every time you plug another AI system into your data, workflows, or APIs, you’re expanding your attack surface. And much like everywhere else in security, protection isn’t a set-it-and-forget-it activity. It’s identifying vulnerabilities before hackers do, then doing it again the next day.

Mindgard was designed to address this challenge. Created through 10+ years of academic AI security research at Lancaster University, Mindgard’s Offensive Security platform acts as a self-directed red team that tirelessly identifies shadow AIs and agents, mapping your attack surface and performing advanced adversarial tests that replicate real attacker behavior. Whether it’s automated reconnaissance, AI security scoring, runtime threat detection, or governance reporting, Mindgard empowers security teams to secure AI across the entire lifecycle.

Book a demo with us today and learn how Mindgard uncovers and remediates exploitable AI risk across your AI agents and applications.

‍

Frequently Asked Questions

What industries are most vulnerable to AI-enabled cyberattacks?

All businesses are at risk of AI-enabled cyberattacks, but some are more at risk than others. You’re more likely to experience AI cyberattacks if you:

• Handle large volumes of customer data
• Work in a regulated industry
• Process high volumes of financial data
• Offer a public-facing digital platform

Businesses in retail, financial services, healthcare, travel, and media are also attractive targets. 

How does agentic AI change cybersecurity risks?

Agents can decide what to do and complete actions on their own with little to no supervision. That’s great for productivity, but it also expands your attack surface because a hacked agent can divulge your data or follow malicious commands much more rapidly than a typical chatbot.

Why are AI benchmarks controversial?

AI is in flux right now, and as models change, it’s actually becoming easier to contaminate benchmarks. Researchers have found that benchmark scores aren’t always useful for measuring real-world safety. AI models can accidentally train on evaluation datasets or exploit weaknesses in grading systems. 

That doesn’t mean you should stop benchmarking AI performance, but you do need to take all of the numbers in context. It’s also the reason why more organizations are investing in AI red teaming, which probes your model with creative threats, just like real-world attackers.