Taking Operational Risk to Resilience with Emerging AI Systems: Gartner

Enterprises are accelerating the deployment of generative AI to boost productivity, but Gartner’s latest outlook highlights a dark side: a steep climb in security incidents. By 2028, a quarter of GenAI deployments are expected to encounter five or more minor breaches each year, and by 2029, one‑in‑seven will suffer a major incident. These figures underscore the vulnerability of AI models that operate as opaque black boxes, where vendors often deny liability for harmful outputs. The rapid adoption curve, combined with the emergence of agentic AI that can act autonomously, expands the attack surface and forces organizations to confront risk at the point of use rather than relying on vendor safeguards.

The distinction between GenAI and agentic AI is crucial for risk managers. GenAI’s unpredictability stems from its training data and inference mechanisms, making it difficult to audit decisions. Agentic AI, meanwhile, embeds decision‑making logic that can trigger actions without human approval, shifting responsibility squarely onto the deploying organization. Gartner recommends a layered defense: continuous monitoring, failure‑mode design that anticipates erroneous model behavior, and clear guardrails defined by domain experts. Such controls not only mitigate immediate threats but also create a feedback loop for improving model reliability over time.

For CISOs, the challenge is to weave these AI‑specific safeguards into a broader operational resilience strategy. This means treating cyber‑security as a subset of enterprise resilience, ensuring redundancy through DMZ placements, standby VPNs, and diversified cloud connections. It also involves collaborating with third‑party vendors to establish transparent reporting and joint incident‑response drills. By embedding AI risk into existing third‑party risk‑management frameworks, organizations can turn potential disruptions into manageable events, preserving business continuity and protecting brand trust.