AI Adoption Outpaces Security Controls: 63% of Organizations Deploy Controls Yet 52% Lack Confidence
What Happened — A new Proofpoint “AI and Human Risk Landscape” report surveyed 1,400+ security professionals across 12 countries. While 87% of firms have AI assistants in production and 76% are rolling out autonomous agents, only 48% embedded security from the start. 63% say they have AI‑security controls, but 52% doubt those controls would detect a compromised AI, and half of the respondents with controls have already seen a suspicious AI‑related incident.
Why It Matters for TPRM —
- AI‑driven collaboration tools expand the attack surface across email, SaaS, file‑sharing, and social platforms.
- Existing controls were designed for pre‑AI threat models, creating blind spots that third‑party vendors may inherit.
- Confidence gaps increase the likelihood of supply‑chain exposure when partners integrate AI assistants into shared workflows.
Who Is Affected — Technology‑SaaS providers, cloud‑hosted collaboration platforms, AI‑assistant vendors, and any enterprise relying on third‑party collaboration tools (e.g., finance, healthcare, education).
Recommended Actions —
- Conduct a gap analysis of AI‑related controls in your vendor contracts.
- Verify that security requirements address AI‑specific threats (model poisoning, prompt injection, credential leakage).
- Require vendors to demonstrate AI‑security testing and continuous monitoring across all collaboration channels.
Technical Notes — The report highlights a mismatch between rapid AI deployment (assistants, autonomous agents) and security program maturity. Threats manifest across multiple vectors: phishing, compromised AI prompts, and malicious file‑sharing. No specific CVEs are cited; the risk is systemic and stems from inadequate AI‑security governance. Source: Proofpoint AI & Human Risk Landscape 2026