Enterprises Report Widespread AI-Related Security Incidents and Vulnerabilities

For AI/DS practitioners, the report highlights that rapid AI deployment without formal governance increases operational security exposure and forensic complexity. Reported facts: DigiCert's commissioned survey of 1,001 IT and cybersecurity leaders across the US, UK, and Australia, reported by The Register, found 78% of organisations "experiencing AI-related security incidents or identifying AI-related vulnerabilities." The Register quotes a company spokesperson giving a breakdown: 27.7% experienced one incident, 21.9% experienced multiple incidents, and 28.4% identified vulnerabilities only. The Register reports those incidents were caused by unauthorised or misconfigured AI agents rather than flaws in AI-generated code. The Register also quotes DigiCert CEO Amit Sinha: "We wouldn't allow an employee to operate without a verified identity." The survey shows governance gaps: while 90% have discussed governance at board level, only 50% have dedicated AI governance budgets and formal programs, and 53% can trace AI decisions to models and source data, The Register reports.
Editorial analysis
For practitioners, the headline number is a reminder that operational controls and traceability are a practical security priority. Organisations that deploy autonomous or semi-autonomous AI without identity, configuration controls, and traceable decision logs are more likely to surface incidents that are difficult to investigate and mitigate.
What happened - reported facts
The Register reports results from a commissioned survey by DigiCert of 1,001 IT and cybersecurity leaders in the US, UK, and Australia. The survey found 78% of organisations were "experiencing AI-related security incidents or identifying AI-related vulnerabilities," per The Register. The Register quotes a company spokesperson with a break down: 27.7% experienced one incident, 21.9% experienced multiple incidents, and 28.4% identified vulnerabilities only. The Register reports the incidents were attributed to unauthorised or misconfigured AI agents, not to defects in AI-generated code. The Register also includes a direct quote from DigiCert CEO Amit Sinha: "We wouldn't allow an employee to operate without a verified identity."
Editorial analysis - technical context
The Register notes industry efforts toward agent identity and bot badging, and describes those initiatives as work-in-progress. For practitioners, three operational gaps stand out generically: lack of agent identity, insufficient governance budgets or formal programmes, and limited traceability from decisions back to models and source data. These gaps map to common root causes in distributed deployments: weak access controls, unsecured automation pipelines, and absent audit logs.
What to watch
The Register cites additional coverage (a Spacelift PDF) that reported 93% of organisations experienced AI-caused infrastructure incidents while only 19% had a governance plan in place. Observers and security teams should therefore watch for measurable progress on three indicators across vendors and suppliers: adoption of standardised agent identity or token schemes; proportion of organisations with dedicated AI governance budgets; and the percentage of deployments that can produce end-to-end traceability from decision to training data and model version. Public reporting on those metrics will be the clearest signal that the operational deficits highlighted by the DigiCert survey are being addressed.
Note: All numeric findings and quotes above are drawn from The Register's reporting on the DigiCert-commissioned survey.
Key Points
- 1A majority of surveyed enterprises report AI-related incidents, underlining governance and traceability as operational security priorities.
- 2Reported incidents were mainly due to unauthorised or misconfigured AI agents, not AI-generated code, stressing identity and configuration controls.
- 3High-level discussion at board level often outpaces operational delivery: budgets, formal programmes, and auditability lag in many organisations.
Scoring Rationale
The survey's high incidence rates are notable for practitioners because they expose concrete operational gaps-identity, configuration, and traceability-that affect incident response and risk management. The story is important but not frontier-breaking.
Sources
Public references used for this report.
Practice interview problems based on real data
1,625 SQL & Python problems across 15 industry datasets — the exact type of data you work with.
Try 250 free problems
