Survey: Rapid AI Adoption Causes Major Cyber Risk Visibility Gaps

The surge in generative AI adoption has reshaped how employees access information, but it also widens the attack surface for enterprises. Unlike conventional software, many AI services are closed‑source, making it difficult for security teams to audit model behavior or data handling practices. This opacity, combined with the ease of prompting sensitive information, creates a blind spot that traditional third‑party risk tools are ill‑equipped to address, prompting a reevaluation of supply‑chain security strategies.

Panorays’ latest CISO survey underscores the gap between adoption speed and governance maturity. While 60% of security leaders flag AI vendors as uniquely risky, a mere 22% have instituted dedicated vetting policies, and 52% still rely on generic onboarding processes. The disparity is stark across organization sizes: firms with more than 10,000 staff are twice as likely to have AI‑specific policies compared with midsize companies, yet 83% of all respondents admit to lacking full visibility into AI‑related third‑party risks. This lack of insight correlates with a reported 60% increase in incidents tied to third‑party vulnerabilities over the past year.

To close the visibility gap, CISOs must adopt AI‑focused risk frameworks that go beyond traditional checklists. This includes continuous monitoring of model outputs, strict data‑injection controls, and contractual clauses that enforce data‑privacy safeguards from AI providers. Investing in specialized assessment tools and fostering security awareness among end‑users can mitigate inadvertent data leaks. As AI becomes integral to productivity, aligning rapid adoption with robust governance will be essential for maintaining enterprise resilience and regulatory compliance.