Survey Finds Most Enterprises Report AI Security Issues as Governance Lags
A new survey from DigiCert suggests that many organizations are moving ahead with enterprise AI deployments faster than they are putting controls around them.According to the digital identity company,...
A new survey from DigiCert suggests that many organizations are moving ahead with enterprise AI deployments faster than they are putting controls around them.
According to the digital identity company, 78% of the 1,001 IT and cybersecurity leaders it surveyed in the United States, the United Kingdom, and Australia said they had either experienced an AI-related security incident or identified an AI-related vulnerability. The company said the findings point to a broader governance problem rather than a flaw in AI-generated code.
Of the respondents, 27.7% reported a single incident, 21.9% said they had faced multiple incidents, and 28.4% had not seen a direct incident but had identified weaknesses. DigiCert said the problems were linked to AI agents that were not properly authorized or were misconfigured.
Governance still catching up
The survey shows strong awareness at the leadership level, but weaker execution in day-to-day controls. DigiCert said 90% of organizations have discussed AI governance at the board level, yet only half have dedicated budgets and formal governance programs in place.
That gap appears to be creating visibility problems. Just 53% of respondents said their organizations could trace AI decisions back to the models and source data behind them. DigiCert said that becomes especially risky when an AI system produces an unexpected or disputed result and stakeholders demand an explanation.
CEO Amit Sinha said AI agents should be treated with the same identity and verification standards as human workers. The company argued that organizations would not allow employees to operate without verified identities, and that AI systems should not be allowed to do so either.
A recurring theme in recent research
The report lines up with other recent survey results suggesting that enterprises are adopting AI before they have established clear safeguards. A separate study from Spacelift, published two weeks earlier, found that 93% of organizations had experienced AI-related infrastructure incidents, while only 19% had a governance plan in place.
At the same time, vendors continue to emphasize AI’s business benefits. DigiCert’s data paints a more cautious picture: companies are seeing operational value from AI, but many are also discovering that security, oversight, and accountability have not kept pace.
For now, the message from the survey is straightforward: enterprise AI is spreading quickly, but the controls around identity, authorization, and traceability are still incomplete.
