The findings show widespread AI adoption, but security controls aren’t keeping pace.

Proofpoint released the 2026 AI and Human Risk Landscape report, finding that organizations are deploying AI at scale while struggling to secure it, with security incidents already occurring across email, cloud apps, and AI systems.

Key Takeaways

• 87% of organizations deployed AI assistants beyond pilot, while 76% are rolling out autonomous agents
• 42% report a suspicious or confirmed AI-related incident
• 52% are not confident their controls would detect a compromised AI system
• 50% of organizations with controls in place still experienced an AI-related incident
• AI-related threats are spreading across email, cloud apps, and AI systems, rather than staying in one channel

AI Deployment Outpaces Security

• 87% of organizations have AI assistants deployed beyond pilot
• 76% are piloting or rolling out autonomous AI agents
• 52% say security is at best playing catch-up or worse, purely reactive
• 42% report a suspected or confirmed AI-related incident

AI systems are now the norm. Companies responded that AI assistants are integrated either across their organizations or, at least, up and running in multiple departments. Only 13% are in the piloting stage.

The report warns that with AI assistants now integrated into work tools, everyday collaboration becomes a greater risk surface.

Security Controls Are Widely Deployed, But Many Aren’t Confident They Work

• 63% have AI security controls in place
• 52% are not confident those controls can detect a compromised AI
• 50% of companies with controls experienced an AI-related incident
• 56% say they need multi-channel controls; 52% want AI-specific protections

Businesses report that their top security concerns are AI-driven, yet they still haven’t closed the operational gaps that drive these concerns. For example. Exposure of sensitive data is a top AI security concern for 45.1% of respondents. However, 46.9% report that their organization lacks proper training. 

AI-Related Threats Are Spreading Across Channels

Across all respondents, below are the cyber incidents reported by channel –

• 63% of organizations report threats in email
• 46.9% in SaaS or cloud applications
• 36% in AI assistants or agents
• 35.5% across collaboration tools, messaging platforms, and file-sharing systems

Just looking at the 42% that suspected or confirmed an AI-related incident, all of the above numbers go up. 

• 67% report threats in email
• 57% in SaaS or cloud applications
• 53% in AI assistants or agents
• 49% across collaboration tools, messaging platforms, and file-sharing systems

The fact that all categories go up when an AI-related attack occurs – especially the spike against AI and collaboration tools – is a strong indication that AI threats are not isolated; they move across work channels.

Organizations Don’t Have The Tools to Investigate AI Incidents Across Systems

• 41% cannot correlate threats across multiple systems
• 95% say managing multiple security tools is somewhat challenging
  • 53% say it’s extremely difficult
• Less than 1 in 3 are fully prepared to investigate an AI-related incident

Companies reported that high operational costs (45%), integration and workflow issues (42.3%), and difficulty with threat correlation(41.2%) are the top reasons their current detection systems aren’t working.

Proofpoint surveyed 1,453 security professionals across 20 industries and 12 countries.