Four in 10 enterprise applications will feature task-specific AI agents this year. Yet, research from Stanford University’s 2025 Index Report shows that a mere 6% of organizations have an advanced AI security strategy in place.Palo Alto Networks predicts 2026 will bring the first major lawsuits holding executives personally liable for rogue AI actions. Many organizations are grappling with how to contain the accelerating and unpredictable nature of AI threats. Governance doesn’t respond to quick fixes like bigger budgets or more headcount.There’s a visibility gap when it comes to how, where, when, and through which workflows and tools LLMs are being used or modified. One CISO told VentureBeat that model SBOMs are the Wild West of governance today. Without visibility into which models are running where, AI security collapses into guesswork — and incident response becomes impossible.Over the last several years, the U.S. government has pursued a policy of mandating SBOMs for all software acquired for use. AI models need them more, and the lack of consistent improvement in this area is one of AI’s most significant risks.The visibility gap is the vulnerability Harness surveyed 500 security practitioners across the U.S., U.K., France, and Germany. The findings should alarm every CISO: 62% of their peers have no way to tell where LLMs are in use across their organization. There’s a need for more rigor and transparency at the SBOM level to improve model traceability, data use, integration points, and use patterns by department.Enterprises continue to experience increasing levels of prompt injection (76%), vulnerable LLM code (66%), and jailbreaking (65%). These are among the most lethal risks and attack methods adversaries use to exfiltrate anything they can from an organization’s AI modeling and LLM efforts. Despite spending millions on cybersecurity software, many organizations aren’t seeing these adversaries’ intrusion efforts, as they’re cloaked in living-off-the-land techniques and comparable attack tradecraft not traceable by legacy perimeter systems. “Shadow AI has beco …
