AI and ML

Majority report AI-related security incidents or vulnerabilities

The majority of companies that deploy AI systems end up shooting themselves in the foot with security, according to DigiCert.Seventy-eight percent of enterprises report "experiencing AI-related security incidents or identifying AI-related vulnerabilities," the digital identity biz said in a commissioned survey.Among respondents, 27.7 percent experienced one incident, 21.9 percent experienced multiple incidents, and 28.4 percent had no incidents but identified vulnerabilities, a company spokesperson told The Register. Incident details were not disclosed, but they were caused by AI agents that were unauthorized or misconfigured rather than flaws arising from AI-generated code.

Consistent with its business focus, DigiCert attributes the survey's findings to lack of AI governance.

"We wouldn’t allow an employee to operate without a verified identity," said DigiCert CEO Amit Sinha in a statement. "AI agents should be no different."That's become a common refrain. There are several initiatives underway to establish identifiers for bots, such as Private Access Control Tokens (PACTs), Estonia's digital IDs for agents, and Microsoft's Agent ID. But bot badging infrastructure remains a work-in-progress, leaving AI agents to run amok in many organizations.DigiCert's findings [PDF] echo a similar report two weeks ago from Spacelift that found 93 percent of organizations experienced AI-caused infrastructure incidents while only 19 percent had a governance plan in place.