Majority of CISOs Fear GenAI Breaches

- The primary concern for 62% of CISOs is the use of GenAI in social engineering schemes, which now include highly convincing deepfake videos and voice cloning for sophisticated phishing attacks. - The use of GenAI in the workplace has led to a significant increase in data policy violations, with the average organization now experiencing 223 such incidents each month. - A major source of data leaks is "Shadow AI," where employees use personal or unapproved AI tools for work; 47% of GenAI users access these tools through unmanaged personal accounts. - Security leaders are increasingly concerned about the digital supply chain, as AI-assisted development tools can introduce hidden vulnerabilities; pentests of applications using third-party Large Language Models (LLMs) show the highest proportion of serious vulnerabilities (32%) of any asset type. - In response to these risks, 9 out of 10 organizations now actively block at least one GenAI application, with the average company blocking ten different tools. - Some brands are using educational video content to address these fears; for instance, Vodafone Business launched an e-learning video series hosted by ethical hacker Katie Paxton-Fear to train small businesses to identify AI-driven phishing scams like whaling and clone phishing. - For companies creating software, a key risk is AI-generated code, which can contain insecure patterns or malicious logic introduced through poisoned training data, creating a blind trust issue in a core part of the development workflow. - For creative leaders, the challenge is that innovation is outpacing governance, requiring them to balance the drive for AI-assisted productivity with the need for security frameworks that account for unpredictable model behavior and decentralized tool adoption.