Gartner warns on GenAI breaches
Gartner forecasts that one in four enterprise GenAI applications will suffer recurring security breaches by 2028, framing these incidents as likely to be ordinary failures like exposed credentials and over‑privileged connectors rather than exotic 'AI‑gone‑rogue' events. The advisory highlights common operational attack surfaces such as insecure file transfer, exposed APIs, and weak service‑account scoping. (cxotoday.com)
Gartner said on April 9 that 25% of enterprise generative artificial intelligence applications will suffer at least five minor security incidents a year by 2028. (gartner.com) The research firm put the 2025 figure at 9%, which means it expects the share of frequently hit applications to nearly triple in three years. Gartner also said 15% of enterprise generative artificial intelligence applications will face at least one major security incident a year by 2029, up from 3% in 2025. (gartner.com) A generative artificial intelligence application is the software layer around a model: the chatbot, assistant, search tool, or agent that connects the model to company files, databases, and outside services. Gartner tied the rising incident count to wider use of agentic artificial intelligence and the Model Context Protocol, a standard for linking models to tools and data sources. (gartner.com) The warning is less about a model suddenly “going rogue” than about ordinary security mistakes in new places. Gartner’s Aaron Lord said the protocol was built for interoperability and ease of use first, which leaves room for security errors if companies do not keep watching how agents are configured and what they can reach. (gartner.com) Those weak points show up where an agent can read sensitive data, take in untrusted content, and send information to outside systems in the same workflow. Gartner said software leaders should treat that three-part combination as a “no-go zone” because it sharply raises the risk of data being pushed out of the company. (gartner.com) Security groups have been mapping the same pattern in more general terms. The Open Worldwide Application Security Project lists prompt injection, sensitive information disclosure, improper output handling, and excessive agency among the top risks for large language model applications in its 2025 guidance. (owasp.org) “Excessive agency” means giving a model too much power to act, like letting a help-desk bot reset accounts or a research agent move files without tight checks. The Open Worldwide Application Security Project says that risk appears when a language-model system can call tools or other systems and take actions from a prompt. (genai.owasp.org) Gartner’s advice was procedural, not exotic: run formal security reviews for Model Context Protocol use cases, keep permissions narrower than a human employee’s default access, and watch third-party components for common flaws. The firm also said teams should start with lower-risk use cases before connecting agents to sensitive systems. (gartner.com) The forecast lands as companies move generative artificial intelligence from pilots into production software that touches payroll records, customer files, code repositories, and internal knowledge bases. If Gartner is right, the first wave of failures will look familiar to security teams: too much access, weak guardrails, and connectors that were trusted too quickly. (gartner.com)
