AI risk report warns of new attack surface

Gartner predicted)) on March 17, 2026 that by 2028 fifty percent of enterprise cybersecurity incident-response efforts will involve custom-built AI applications. A Cybersecurity Insiders survey of 1,253 security and IT professionals in early 2026 found)) that 73% of organizations have deployed AI tools, and the same CSI report found)) only 7% have governance that enforces security and policy in real time. Gartner’s broader guidance expects AI-specific controls to be consolidated via AI security platforms, forecasting majority adoption of such platforms by 2028 to centralize visibility and policy enforcement noted)). Netskope and the Cybersecurity Insiders report both document that local genAI deployments and AI pipelines need end-to-end discovery, data-protection controls, and agent governance to prevent data leakage and rogue-agent actions documented)). Industry telemetry shows enterprise AI traffic exploding: Zscaler’s ThreatLabz analysis recorded a 36x year‑over‑year increase in AI/ML transactions and that enterprises blocked 59.9% of those AI transactions while policies are still being tightened reported)). State and local government coverage in 2026 highlights that CIOs are entering the year prioritizing cybersecurity, AI, and fiscal constraints, with the Public Technology Institute and NASCIO discussion summarized by StateTech on Feb. 2026 as focusing on those three priorities summarized)). Analysts and commentators are urging dedicated adversarial testing for AI—several industry pieces recommend establishing AI red teams and adversarial evaluation programs by mid‑2026/Q3 2026 to find model, prompt‑injection, and agent risks before production rollout argued)).