The physical backbone of the digital age: server racks humming in a state-of-the-art data center.
Thales 2026 Data Threat Report Highlights AI as a Major AI Data Security Risk
The Thales 2026 Data Threat Report identifies Artificial Intelligence (AI) as a significant data security risk for organizations. This comprehensive AI data security report ranks AI as a new insider threat. The rapid pace of AI adoption grants these systems broad access to enterprise data. This report serves as a key source for understanding emerging AI data security challenges.
What Happened
The Thales 2026 Data Threat Report, based on research by S&P Global 451 Research, found 61% of organizations cite AI as their top data security risk. The concern extends beyond malicious AI. It highlights AI systems being trusted too quickly. These systems act as automated insiders with broad access. They often operate with fewer controls than human users. This finding underscores a critical shift in cybersecurity landscapes.
Details From Sources
Key Findings from the Thales Report
Organizations are embedding AI into various operational areas. These include workflows, analytics, customer service, and development pipelines. These AI systems receive broad, automated access to enterprise data. They frequently operate with fewer controls than human users, according to the Thales 2026 Data Threat Report.
Quotes and Expert Insights
Sebastien Cano, Senior Vice President, Cybersecurity Products at Thales, commented on the evolving threat. “Insider risk is no longer just about people. It is also about automated systems that have been trusted too quickly. When identity governance, access policies, or encryption are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could,” Cano stated.
Eric Hanselman, Chief Analyst at S&P Global 451 Research, emphasized the need for robust security. “As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional. Organizations must treat data security strategy as foundational to innovation, not separate from it,” Hanselman explained.
Visibility Gaps
The report revealed a significant disconnect. There is a gap between AI adoption rates and adequate data control. This presents a considerable challenge for enterprise AI risks.
Why This Matters
AI’s broad access capabilities can amplify existing security weaknesses. This point was highlighted by Sebastien Cano. Limited visibility hinders the enforcement of least-privilege access. AI systems ingest and act on data across cloud and SaaS environments. This increases exposure if credentials are compromised. The operating model is shifting as machines increasingly authenticate, access, and act autonomously.
Background Context
About Thales
Thales is a global leader in advanced technologies. The company operates in Defence, Aerospace, and Cyber & Digital sectors. Its focus areas include Artificial Intelligence and cybersecurity. Thales invests over €4 billion annually in Research & Development.
Report Origin
The Thales 2026 Data Threat Report was commissioned by Thales. S&P Global 451 Research conducted the study on behalf of Thales.
Related Data or Statistics
- 61% of organizations cite AI as their top data security risk.
- Only 34% of organizations know where all their data resides.
- Just 39% of organizations can fully classify their data.
- Nearly half (47%) of sensitive cloud data remains unencrypted.
- Credential theft is the leading attack technique against cloud management infrastructure, cited by 67% of organizations experiencing cloud attacks.
- 50% of organizations rank secrets management among their top application security challenges.
- Nearly 60% of companies report experiencing deepfake-driven attacks.
- 48% report reputational damage tied to AI-generated misinformation or impersonation campaigns.
- Human error contributes to 28% of breaches.
- 30% of companies now dedicate specific budgets to AI security.
- 53% of companies still depend on traditional security programs for AI security.
Future Implications
Organizations must rethink identity, encryption, and data visibility as core infrastructure. This becomes crucial as automated systems gain broader access. Those embedding strong governance into AI strategies will innovate securely. This approach can prevent AI from becoming their newest AI insider threat. Data protection challenges require treating data security strategy as foundational to innovation, not separate from it.
Conclusion
AI presents a significant and evolving AI data security risk. This shift redefines the concept of an “insider threat.” Adapting security strategies is vital to address the unique challenges of AI’s broad data access and automation. Securing AI-driven innovation requires a proactive and integrated approach.
Call-to-Action
For more information, readers can download the full Thales 2026 Data Threat Report and join the webinar hosted by Eric Hanselman, Chief Analyst at S&P Global 451 Research.
FAQ
Q1: What is the main finding of the Thales 2026 Data Threat Report?
A1: The report finds that organizations rank AI as a top data security risk, identifying it as a new type of insider threat due to the broad, automated access AI systems are granted to enterprise data.
Q2: How does AI become an insider threat, according to Thales?
A2: AI becomes an insider threat because as it’s embedded into workflows, it gains broad access to data, often with fewer controls than human users. If identity governance or encryption is weak, AI can amplify those weaknesses rapidly.
Q3: What are some key statistics related to AI data security challenges from the report?
A3: 61% of organizations cite AI as their top data security risk. Only 34% know where all their data resides, and 47% of sensitive cloud data remains unencrypted. Credential theft is a leading attack technique (67%), and nearly 60% of companies report deepfake-driven incidents.
Q4: Are organizations investing in AI security?
A4: While 30% of companies dedicate specific budgets to AI security, the majority (53%) still rely on existing security programs designed primarily for human users and perimeter-based controls.
Q5: Who conducted the research for the Thales 2026 Data Threat Report?
A5: The Thales 2026 Data Threat Report was commissioned by Thales and conducted by S&P Global 451 Research.
