AI security issues dominate corporate worries, spending

Dive Brief:

• Security, privacy and related trust issues remain some of businesses’ biggest concerns about generative artificial intelligence, according to a pair of reports.
• As businesses face more pressure to integrate AI into their workflows, they are confronting difficult questions about the technology’s reliability and auditability.
• Many companies are allocating new slices of their budgets to AI investments, including in agentic AI, which uses autonomous systems to perform complex tasks.

Dive Insight:

Two reports — one that KPMG released on Thursday and one that Thales released last month — illustrate how generative AI is raising security concerns for business leaders.

Business leaders surveyed by KPMG reported prioritizing security oversight in their generative AI budgeting decisions, with 67% saying they plan to spend money on cyber and data security protections for their AI models. Fifty-two percent cited risk and compliance as a budgetary priority.

Those spending decisions reflect corporate executives’ growing worries about AI security. In KPMG’s new Q2 2025 report, 69% of leaders cited concerns about AI data privacy, a significant increase from the 43% who cited it in Q4 2024. Regulatory concerns around AI also grew, from 42% to 55%.

Andrew Lohn, senior fellow at Georgetown University’s Center for Security and Emerging Technology, told Cybersecurity Dive that companies’ security spending was “a good sign that they are serious about using AI and not just experimenting with it.”

Thales’ annual data threat report, based on a survey of 3,200 IT and security professionals in 20 countries and 15 industries, echoed similar trends. The top four risks related to generative AI among respondents were the rapid transformation of the ecosystem (which made 69% of respondents’ lists), data integrity issues (64%), trust (57%) and confidentiality (45%).

AI security ranked high on the list of respondents’ biggest security-related expenses. One in 10 respondents said it was their largest expense, 13% ranked it second and 7% ranked it third. Overall, AI security ranked second on Thales’ list of organizations’ top security expenses.

The fact that only 10% of respondents ranked AI security first, despite so many companies citing security as a top AI concern, suggests “a misalignment in how organizations purchase and maintain AI systems,” said Nick Reese, co-founder and COO of the AI company Frontier Foundry.

“To start getting real value from AI investments,” Reese told Cybersecurity Dive, “the market will need to square the lack of trust and confidence in AI with the need to stress test [AI models] in a way that dispels those fears.”

Thales also found that “73% of respondents said they are investing in AI-specific security tools with either new or existing budgets.” More than two-thirds of respondents reported buying AI security tools from their cloud vendors, three in five reported buying them from their security vendors and roughly half reported buying them from new vendors.

As agentic AI grabs the spotlight in the business community, KPMG found that corporate leaders “are showing evolving comfort levels” with the technology. 

In Q4 2025, 63% of respondents told KPMG that they were prioritizing deploying AI agents from “trusted tech providers”; in the firm’s Q2 2025 report, that number dropped to 55%. Similarly, 45% of respondents in Q2 said they were “not allowing AI agents access to sensitive data without human oversight,” down from 52% in Q4 2024. 

On the other hand, the proportion of respondents who said they weren’t yet comfortable fully turning tasks over to AI agents increased from 28% to 45%.