
Over one-third of organisations have suffered AI-related breaches as leadership focuses on reactive, outdated security metrics.
A new report from Tenable, developed in collaboration with the Cloud Security Alliance, reveals that the rush to innovate is leaving critical gaps in security strategy.
The State of Cloud and AI Security 2025 report found that 34% of organisations have already suffered an AI-related breach, driven by misplaced confidence, reactive risk management, and a failure to prioritise preventative measures.
Despite widespread adoption, where 55% of organisations now use AI for active business operations, most lack the readiness to secure it effectively. The study, based on a survey of over 1,000 IT and security professionals globally (including Singapore), underscores a growing divide between innovation goals and cyber resilience.
“Leaders are understandably excited about the promise of AI, but they are applying 21st-century technology to a 20th-century security mindset,” said Liat Hayun, VP of Product and Research at Tenable.
“They are measuring the wrong things and worrying about futuristic AI threats while ignoring the foundational weaknesses that attackers are exploiting today. This isn’t a technology problem; it’s a leadership and strategy issue.”
A Culture of Reaction Over Prevention
According to Tenable, many organisations are trapped in a reactive culture of measuring failure instead of preventing it. While respondents reported an average of 2.17 cloud-related breaches in the last 18 months, only 8% classified any as “severe,” suggesting many incidents are being downplayed.
Yet the causes of these breaches are both preventable and persistent.
This over-reliance on backward-looking data creates a false sense of security and allows long-term risks to fester unchecked.
AI Risk: Old Problems in New Forms
Security teams are most anxious about emerging AI-native risks such as model poisoning or manipulation. However, the most frequent causes of AI breaches remain the same traditional vulnerabilities that have long plagued enterprise systems:
- Exploited software vulnerabilities (21%)
- Insider threats (18%)
- Misconfigured settings (16%)
The result is a growing number of AI-related security failures rooted not in cutting-edge exploits but in fundamental oversight.
Tenable warns that organisations must replace outdated metrics with forward-looking resilience measures, invest in unified visibility across multi-cloud environments, and focus on simplifying the security stack.
“The failure lies in strategy, not technology,” said Hayun. “Until leadership commits to proactive security governance, breaches will continue to be treated as isolated incidents instead of symptoms of systemic misalignment.”
Read the report here.
Stay updated on the crypto space by following our socials