Dive Brief:
- Most companies worry their networks aren’t safe against cyberattacks powered by artificial intelligence.
- Only 31% of IT leaders are at least somewhat confident that they can defend their organizations against AI-powered attacks, according to a Lenovo report published on Thursday.
- The report delves into why IT and security leaders are worried about hackers’ use of AI — and why they see their companies’ own use of AI systems as vulnerable.
Dive Insight:
Lenovo’s report found widespread fears about AI, with only 10% of surveyed IT leaders saying they were very confident in their ability to address the risks of offensive AI. These respondents are right to be concerned, Lenovo said, because AI can help attacks “evolve in response to the defense mechanisms they encounter,” including by bypassing traditional security platforms.
Offensive AI isn’t the only source of cybersecurity risk that IT leaders have identified, but it does lead the pack. Nearly two-thirds (61%) of respondents cited it as an area of increasing risk, with only 31% saying they were very or somewhat confident that they could handle it. But IT leaders are also worried about their employees’ use of public AI tools — nearly half cited this practice as a growing concern, and only 36% expressed confidence that they could mitigate its risks. Meanwhile, 42% of respondents said their organizations’ adoption of AI agents posed an increasing cybersecurity risk, and only 37% said they felt confident they could mitigate potential harms.
AI agents represent “a new kind of insider threat” that more than 60% of IT leaders said they don’t feel prepared to face, according to the survey. This concern highlights the need to protect AI models from tampering and subversion, tactics that are likely to become increasingly popular among hackers as AI proliferates.
Companies’ rush to adopt AI platforms “can cause them to overlook the potential threat vectors arising from their deployment,” Tiago Da Costa Silva, security services director in Lenovo’s Digital Workplace Solutions division, said in the report.
Traditional defensive products remain important, but not all of them are equally well-adapted to AI-related risks. More than half of IT leaders said their endpoint security solutions were sufficient to confront AI-powered attacks, but only one-third said the same about their vulnerability and threat analysis capabilities. Respondents voiced similar levels of concern about the preparedness of their incident-response and identity-management tools — two key components of cyber defense.
