Report Core Findings:
WEF (World Economic Forum) conducted a questionnaire survey of 800 enterprise practitioners globally during August-October 2025, and the results were released in January 2026. The survey revealed that 94% of executives identified AI as the most significant driver of change in the cybersecurity landscape in 2026; 87% of respondents ranked AI-related vulnerabilities as the fastest growing cybersecurity risk. Compared to the 2025 survey, the percentage of organizations evaluating the security of AI tools increased dramatically from 371 TP3T to 641 TP3T.From an offensive and defensive perspective, organizations are both concerned about attackers using AI to accelerate the pace of attacks (721 TP3T concern) and are investing in AI defense tools.
Three core pitfalls of AI security:
The Top 3 risks specifically identified by the CSOs are, in order:
(1) Data Breach and Privacy Exposure (30%) - AI model training data is poisoned or sensitive information is extracted during inference;
(2) Adversary AI Capability Enhancement (28%) - Malicious actors use AI to generate phishing emails, adaptive malware, and false opinions;
(3) AI System Technical Security (15%) - AI-specific vulnerabilities such as model backdoors, privilege obfuscation, and prompt injection.
Meanwhile, the 73% enterprise has shifted from ”ransomware defense first” in 2025 to ”AI-powered fraud and phishing defense” in 2026.
AI Intelligentsia Permission Explosion Problem:
CyberArk and other security vendors report a key trend: non-human identities are about to become the number one cloud violation vector. By 2026, every AI intelligence will be an ”identity” - requiring database credentials, cloud service tokens, code repository keys, and more. As organizations deploy dozens or even hundreds of AI intelligences, these identities accumulate exponentially more privileges, making them a target for attackers. oWASP's new ”tool misuse” attack vector is particularly dangerous: an attacker can inject malicious data through a malicious data injector without modifying the AI's command prefix (system prompt). The new "tool misuse" attack vector in OWASP is particularly dangerous: an attacker can trick the AI into making unintended API calls, elevating privileges, or stealing data without modifying the AI's system prompt.
Forward-looking coping strategies:
Implement AI Identity and Access Governance (IAM): Assign minimum required permissions to each AI intelligence and audit its credentials and API call logs on a regular basis
Deploy expression and hint protection: add command injection detection to the input validation layer of the AI agent to quarantine untrusted external data sources
Establishing an AI supply chain trust system: reviewing the security sources of third-party AI models, plug-ins and data sources to prevent backdoor models from being deployed
Extending AI-aware SIEM: Traditional log analysis has struggled to cope with AI's high level of autonomy, requiring dedicated AI behavioral anomaly detection
Forming an AI security emergency response team: because traditional cybersecurity teams lack experience in emergency response to AI-specific threats
Trend Insights:
The year 2026 will be the turning point from ”AI-enabled security defense” to ”AI security governance systematization”. It is no longer simply ”using AI to combat malicious AI”, but to integrate AI risk awareness into the whole process of identity management, privilege management, audit logs, emergency response and so on. Those enterprises that still remain in the ”AI benefit theory” and ignore privilege management will face the biggest price.
