Skip to content
Menu
Menu

Orca Finds Companies Are Expanding AI Faster Than They Can Secure It

Orca Security examined more than 1,200 companies and found that businesses are adopting new AI tools faster than they are securing the data and systems connected to them.

Key Takeaways

  • 64% of companies using AI have deployed vector databases, which help AI systems search company information.
  • 56% have put AI systems capable of performing tasks with limited human direction into production.
  • 57% of companies using Amazon Bedrock agents have not enabled the platform’s built-in safeguards.
  • 29.5% of companies using AI have at least one exposed AI credential. 
  • More than half of organizations use at least four different categories of AI services.

Orca Security’s 2026 State of AI Security Report found that companies are rapidly expanding their use of AI while struggling to apply the same security controls they use elsewhere in their business. The report collected anonymized data from more than 1,200 organizations during the second quarter of 2026.

The findings suggest that AI is moving beyond experimentation and becoming part of day-to-day operations. Companies are deploying a growing mix of AI-powered assistants, coding tools, and systems that can access internal information, often faster than security teams can keep up with.

AI tools spread

One of the report’s clearest findings is how quickly companies are adopting different types of AI technology. Orca found that 55.3% of organizations using AI now rely on at least four different categories of AI services, while nearly one in five use seven or more.

The report also found that 64% of AI adopters have deployed vector databases. These systems help chatbots and other AI tools search company documents and answer questions, but they also create new connections between AI systems and sensitive business information.

At the same time, 56.2% of organizations have deployed AI systems capable of planning and performing tasks with limited human oversight.

Companies are still learning how to secure AI systems

On Amazon Web Services, organizations using Amazon Bedrock run an average of about 15 AI agents that can interact with company systems and data. Yet 57.1% of those organizations did not enable Bedrock’s built-in safeguards, which are meant to limit what the systems can do and reduce harmful outputs.

Orca also warned that vector databases create new ways for attackers to reach company information because they connect AI tools directly to internal data. According to the report, companies are adopting these systems faster than many security teams can monitor and secure them.

More broadly, organizations are deploying AI tools across multiple departments and cloud platforms, often without a clear picture of what is installed or what information those systems can access.

Basic security practices still lag behind

Many of the report’s findings involve familiar AI security problems rather than entirely new threats.

Orca found that 29.5% of companies using AI had at least one exposed AI credential, such as an API key that could provide access to AI systems or company data. According to the report, these credentials can allow attackers to access a business’s sensitive information or run AI services at the company’s expense.

Clayton Rifkind

Clayton Rifkind is the Founder and Senior Editor of AI Risk Today. He also advises on content development for esgtoday.com, a leading source of ESG investment news and research for institutional investors and corporate leaders. He has 20+ years experience in B2B technology marketing, leading strategy and execution of go-to-market plans across software, enterprise platforms, and mobile applications. He also founded two marketing consultancies, advising startups and Fortune 1000 companies, including Autodesk, Intel, and Microsoft. Clayton began his career in the San Francisco advertising scene, working with brands such as Hewlett-Packard, Intel, Microsoft, Symantec, and Wells Fargo.

Essential AI Risk Intelligence

Daily insights on AI governance, regulation, and enterprise risk management. Trusted by Chief Risk Officers and compliance leaders globally.

By subscribing, you agree to receive our daily newsletter. Unsubscribe anytime.

Advertise with AI RIsk Today, Today!