The report found that many companies are rushing to adopt AI, but are neglecting AI security and governance. According to IBM research, 13% of all surveyed organizations reported a data breach from their AI models or applications, while 8% were unaware that their AI systems had been compromised.


According to IBM's "2025 Cost of Data Breach Study," while AI adoption is rapidly expanding, security and governance are not keeping pace.

A global survey of 600 organizations found that 13% had experienced a data breach through an AI model or application, and 97% of those had inadequate AI access controls in place.

The report analyzed that 60% of AI system breaches resulted in data leaks, and 31% resulted in operational disruptions.

In particular, many organizations lacked or had inadequate AI security policies, and even among those with AI governance policies, only 34% regularly audited unauthorized AI.

Additionally, the damage caused by the leak caused by Shadow AI was serious.

Twenty percent of all organizations experienced a breach due to Shadow AI, and these organizations reported an average of $670,000 higher breach costs.

In incidents involving Shadow AI, the rate of personal identifiable information (65%) and intellectual property (40%) leaks was higher than in typical incidents.

Attacks leveraging AI are also on the rise. Attackers used AI tools in 16% of all system breaches, primarily for phishing and deepfake impersonation.

Financially, the breach also resulted in enormous costs. The global average cost of a leak in 2025 will be $4.44 million, a decrease for the first time in five years but still high.

The healthcare sector, in particular, recorded the highest breach costs at an average of $7.42 million, with detection and response times averaging 279 days.

The willingness to invest in security has also declined. Following the breach, the number of organizations planning to invest in security dropped from 63% in 2024 to 49% in 2025, and less than half of organizations plan to focus on AI-based security solutions.

“As AI becomes more deeply embedded in businesses, AI security is not an option but a necessity,” said IBM Vice President Suja Viswesan. “A lack of security goes beyond mere financial losses and leads to a loss of trust and control.”