AI linked to 83% of security breaches, Gigamon says

Gigamon has published research showing AI is involved in 83% of reported security breaches. The survey highlights a gap between growing confidence in AI security and the number of organisations still suffering attacks.

The study surveyed 1,023 security and IT leaders across Australia, France, Germany, Singapore, the UK and the US. It found that 65% of organisations experienced a breach in the past year, while one in three reported multiple breaches.

These figures come despite continued spending on security tools and governance. Breach rates have risen by 18% a year and are up 40% over the past three years, suggesting that investment has not translated into stronger outcomes for many companies.

The findings point to a disconnect between how prepared organisations believe they are and what they are experiencing in practice. Nearly two-thirds of respondents, 64%, said their ability to secure new AI technologies was either defined or integrated, even as breach levels remained high.

AI featured on both sides of the security equation. Some 94% of respondents said AI autonomously initiates security functions without human interaction, with alert triage and prioritisation the most common use case at 53%.

At the same time, respondents reported a broad range of AI-related security incidents. External AI attacks were cited by 41%, direct attacks on large language model systems by 33%, and both internal leaks and unsanctioned use of AI by 30%.

Cloud concerns

The research also points to growing caution over where AI workloads should run. A majority of respondents, 72%, said data lakes are more secure for AI workloads, while 70% said they were reluctant to deploy AI in public cloud environments.

That is up from 54% a year earlier, indicating a sharper reassessment of cloud risk as AI use expands. The shift suggests companies are reviewing not only security tools, but also data architecture and deployment choices.

Longer-term concerns are also emerging. The survey found that 87% of leaders fear so-called harvest now, decrypt later attacks, in which encrypted data captured today could be unlocked later as computing techniques improve.

Gigamon argued that visibility remains the main weakness in current defences. Among organisations that had suffered a breach, only 30% said they had the tools needed to respond effectively.

Security teams often lack a full view of data in motion across encrypted traffic, East-West traffic, AI workloads and cloud environments. That leaves defenders working with fragmented information while attackers use AI to move faster and at greater scale.

Respondents also showed strong support for more detailed network data. The survey found that 93% agreed access to packet-level data and application metadata is essential for detecting and understanding modern threats.

Executive warning

Shane Buckley, President and Chief Executive Officer at Gigamon, said the problem is now embedded in the structure of cyber attacks. "AI is embedded in nearly every stage of the attack chain, enabling adversaries to outpace detection and response," Buckley said.

He added that spending alone is not enough if organisations cannot see how information moves across their systems. "While 93 percent of organizations are investing in new security tools, many still lack visibility into how data moves across their environments, creating confidence without control. Closing this gap requires deep observability, giving security teams the clarity needed to detect threats earlier and respond with precision," he said.

The survey also suggested the issue has gained board-level attention. Nine in 10 respondents said their boards support deep observability initiatives, indicating that network visibility is becoming a governance matter as well as an operational one.

For companies weighing how to manage AI risk, the report presents a mixed picture. Businesses are using AI more widely in security operations, but many still face breaches, uncertainty over cloud deployment and concerns about whether their current tools can keep pace with increasingly automated attacks.