survey-one-third-of-u-s-companies-polled-experienced-an-ai-security-incident-in-the-last-year

Survey: One Third of U.S. Companies Polled Experienced an AI Security Incident in the Last Year

HackerOne Reveals Organizations Feel Confident Fighting AI Threats Despite Incidents

HackerOne, the leader in human-powered security, today revealed that although 95% of IT and security professionals say they are confident they can defend against AI-driven threats, one third admitted their organization experienced an AI-related security incident in the last year. These findings are the results of a research survey that shows a gap between organizational confidence and the reality of growing risks posed by an evolving AI threat landscape.

The research also provided a snapshot of how security teams are prioritizing security investment and solutions to combat AI risk:

  • Organizations are making significant allocations for AI security in budgets this year. Nearly three-quarters of respondents have reserved 20% or more security budget to address AI security risks.
  • Regulatory momentum and GenAI tool adoption are fueling AI security investment. Respondents cited AI-focused regulation (65%), the internal adoption of GenAI tools by employees (63%), and security incidents caused by AI (33%) as core drivers for growing AI security investment.
  • Security teams are using AI red teaming, or adversarial testing of AI systems, as a way to reduce AI risk. 37% of respondents say their organization has implemented AI red teaming initiatives to fortify AI systems against malicious attacks.

“We must all take GenAI threats seriously, but confidence should come with understanding, and none of us fully comprehend what the biggest GenAI security and safety threats are for most organizations quite yet,” said Michiel Prins, co-founder of HackerOne. “It’s clear some have recognized that the fastest way to understand the unique and novel risk to their organizations is through AI red teaming, which means they outrun cybercriminals as the first to identify and define the latest security and safety risks.”

HackerOne works with organizations, including Zoom, Snap, and PayPal, on AI red teaming engagements to improve the security and safety of AI tool and feature deployments. HackerOne offers both AI safety and AI security red teaming, in the form of pentest engagements, security assessments, and bug bounty programs. In February, HackerOne also announced its AI copilot Hai, which uses GenAI to enhance program insights for customers and hackers; Hai is now available to all HackerOne customers through the HackerOne platform.

Methodology

The CensusWide Survey was conducted between April 18-22, 2024. The nationwide online survey gathered insights from 300 U.S. IT and security professionals aged 18 and up at companies with 10 or more employees.