AI Issues Will Drive Half of Incident Response Efforts by 2028, Says Gartner

The rapid proliferation of custom‑built AI applications is reshaping the security landscape, as Gartner predicts that by 2028 half of incident‑response effort will focus on AI‑related issues. This shift reflects the inherent complexity of AI systems, which often enter production without thorough testing or built‑in safeguards. Security teams that adopt a shift‑left mindset—embedding controls during design and development—can dramatically shorten remediation cycles and lower operational costs, turning a looming crisis into a manageable risk.

Parallel to the threat surge, AI‑powered security platforms are gaining traction, with Gartner forecasting that 50% of organizations will deploy such tools within two years. These platforms automate policy enforcement, monitor AI usage, and defend against prompt injection and data misuse. Additionally, identity‑visibility and intelligence solutions are emerging to tackle the explosion of machine identities, which now outnumber human users by tens of thousands and present amplified risk. By providing granular insight into both human and machine actors, these tools enhance detection and streamline remediation across hybrid environments.

Beyond AI, geopolitical pressures are driving a third wave of security priorities: cloud sovereignty. Gartner expects one‑third of firms to demand comprehensive sovereign controls by next year, prompting a surge in confidential computing adoption. Secure enclaves at the processor level enable data protection in use without sacrificing performance, offering a pragmatic path for organizations to meet regulatory mandates while maintaining innovation velocity. CISOs must therefore balance AI risk mitigation with sovereignty strategies, leveraging emerging technologies to safeguard data across cloud and edge infrastructures.