Proofpoint: half of organizations experience AI incidents

proofpoint-helft-organisaties-treft-ai-incident

Published by

WINMAG Pro Editorial Team

Tue, 28 April 2026, 19:45

Proofpoint, Inc., a leading cybersecurity and compliance company, today releases the 2026 AI & Human Risk Landscape report. This report highlights the growing gap between the speed at which organizations operationalize AI and how prepared they are to secure and investigate the risks that follow. The global research surveyed over 1,400 security professionals across twelve countries. It also examines the extent to which rapid AI adoption is changing collaborations within companies. Additionally, it reveals structural weaknesses in security and incident response.

AI is increasingly penetrating organizations and is now being deployed in most functions. Applications range from customer support and internal messaging services to email workflows and collaboration with external parties. 87% of organizations have implemented AI assistants that have already passed the trial phase. Furthermore, 76% are actively testing or rolling out autonomous agents. Although organizations are investing in AI tools and security measures, many companies cannot confirm that these measures are effective. 52% do not fully trust that their AI security measures would detect a compromised AI. Half of the organizations with such measures have already experienced a confirmed or suspected AI-related incident.

Moreover, most organizations indicate that they are not fully prepared to investigate AI-related incidents that span multiple systems and channels. Only a third claim to be fully prepared to investigate such an incident.

"The gap between the implementation of AI and security readiness is widening, as shown by the findings of this research," says Ryan Kalember, Chief Strategy Officer at Proofpoint. "Organizations are applying AI assistants and autonomous agents on an increasingly larger scale in their core workflows, but many of them cannot guarantee that their security measures are effective. They also cannot fully investigate incidents that occur through collaboration channels. As AI increasingly integrates with the way work is performed, security leaders need to rethink how to secure trusted interactions between people, data, and AI systems."

The key global findings from the 2026 AI and Human Risk Landscape report are:

The implementation of AI is outpacing security readiness. The adoption of AI has entered the production phase faster than the frameworks around regulation have been completed. 87% of organizations have implemented assistants that have passed the trial phase. Furthermore, three-quarters are working on the development of autonomous agents. Yet, more than half describe security as lagging, inconsistent, or reactive. 42% report having experienced a suspicious or confirmed AI-related incident, indicating that risks already exist in live environments.
Collaboration channels represent the primary attack surface for AI. AI increases the attack surface, allowing threats to spread at machine speed and impact interconnected workflows. While email remains the most common threat vector at 63%, exposure is now extending to third-party SaaS and cloud applications (47%), social media and messaging platforms (41%), and AI assistants or agents (36%). Among organizations that have experienced an AI-related incident, exposure via each channel is increasing, including 67% via email and 53% involving AI systems.
Trust outweighs the effectiveness of security measures. Although many organizations have security measures in place, trust is lacking. 63% of organizations report having AI security, but 52% do not fully trust that these measures would detect compromised AI. Moreover, more than half of organizations with security measures still reported an AI-related incident. Gaps remain in training (47%), visibility into AI or agent activities (42%), and alignment of governance policies between teams (41%).
Readiness for investigations lags behind the reality of incidents. When AI-related incidents occur, many organizations struggle to investigate them effectively. Only a third of respondents claim to be fully prepared to investigate an AI or agent-related incident. 41% report that it is difficult to correlate threats across different channels. As AI-related activities span email, collaboration platforms, and cloud systems, the ability to reconstruct events depends on visibility into all interconnected environments. This is something many organizations still lack.
The proliferation of tools presents a structural barrier. Fragmentation within security stacks exacerbates the challenge. This limits visibility and increases response time when incidents spread rapidly across systems. 94% of organizations report that managing multiple security tools poses at least a reasonable challenge, and more than half describe it as very or extremely difficult. Respondents cite pressure on operational costs (45%), integration issues (42%), and difficulties in correlating threats (41%) as causes.
Security architecture becomes a strategic priority as AI is applied at scale. More than half of organizations are actively seeking to consolidate vendors and tools. A majority also believes that a unified platform is more effective than separate solutions. In the next twelve months, 61% plan to expand AI security. Furthermore, 56% want to increase coverage of collaboration channels and 53% expect to adopt a unified platform approach.

"While AI brings new risks, such as prompt engineering, its greatest impact lies in amplifying the risks that have always existed," says Kalember. "Running unreliable code, mishandling sensitive data, and losing credentials are the same challenges that people have faced for decades. AI executes these at the speed and scale of a machine. When organizations give AI the keys to act on their behalf, such as with customers, partners, and internal systems, the impact of each of those failures increases dramatically. The solution is not to treat AI as a new category of threats but to apply rigorous, proven controls to what AI touches, what it executes, and as who it is allowed to authenticate. Organizations that get the basics right early will scale AI with confidence. Those that do not will only automate their own vulnerabilities."

Click here to download the full 2026 AI & Human Risk Landscape report.

Methodology

The 2026 AI & Human Risk Landscape report provides a global overview of how organizations implement AI and manage the associated security risks. The research addresses the maturity of AI implementations, the effectiveness of control measures, experiences with incidents, exposure of collaboration channels, and readiness for investigations, as AI assistants and autonomous agents are increasingly integrated into business workflows. In January 2026, over 1,400 full-time security professionals from organizations of various sizes and sectors were surveyed. The respondents represented twenty sectors and hailed from twelve countries, including the US, UK, France, Germany, Italy, Spain, UAE, Australia, Japan, Singapore, India, and Brazil.

About Proofpoint, Inc.

Proofpoint, Inc. is a global leader in cybersecurity, focused on human-centric and AI-agent centric security. Proofpoint has the trust of 80 percent of Fortune 100 companies and secures the way people, data, and AI agents communicate via email, cloud, and collaboration tools. By countering threats, preventing data loss, and building resilience among people and AI workflows, we provide organizations with the collaboration and data security platform they need to protect and empower their people while safely and productively embracing AI. More information at www.proofpoint.com.