“GenAI’s Rapid Pace Poses Security Risk”

The 2025 Thales Data Threat Report highlights that nearly 70% of organizations are concerned about the rapid advancement of AI, especially in generative AI, as the primary security issue related to its adoption. This concern is closely followed by worries about integrity (64%) and trustworthiness (57%). The report, based on a survey by S&P Global Market Intelligence 451 Research, gathered insights from over 3,100 IT and security professionals in 20 countries across 15 industries.

GenAI has emerged as a game-changer across various sectors, with businesses harnessing its capabilities for tasks like improving efficiency, driving product innovation, reshaping customer interactions, upskilling employees, expediting drug discovery, and enhancing customer support.

The impact of AI on enterprises, particularly GenAI, which heavily relies on high-quality, sensitive data, is profound. As agentic AI gains prominence, ensuring data quality becomes even more crucial for enabling informed decision-making and actions by AI systems. A significant portion of respondents indicated that GenAI is either being integrated into their operations or actively transforming them.

However, the integration of GenAI poses intricate data security challenges. While many respondents express concerns about the swift adoption of GenAI, the report reveals that organizations in advanced stages of AI implementation are not always prioritizing full system security or optimizing their technology stacks before moving forward. This rush to achieve rapid transformation can sometimes lead to the unintentional creation of significant security vulnerabilities.

Eric Hanselman, Chief Analyst at S&P Global Market Intelligence 451 Research, notes, “The rapidly evolving GenAI landscape is pushing companies to act swiftly, sometimes at the expense of caution, as they strive to stay ahead in the adoption race. Many enterprises are deploying GenAI faster than they can comprehend their application architectures, compounded by the rapid proliferation of SaaS tools embedding GenAI capabilities, which adds layers of complexity and risk.”

GenAI Drives Security Spending

According to the report, 73% of respondents are investing in AI-specific security tools, either through new budget allocations or by reallocating existing resources. Organizations focusing on AI security are diversifying their approaches, with over two-thirds acquiring tools from their cloud providers, three in five leveraging established security vendors, and nearly half turning to new or emerging startups.

Security for GenAI has swiftly climbed the ranks as a top spending priority, securing the second position in ranked-choice voting, just behind cloud security. The report also indicates that while data breaches remain a significant concern, their frequency has slightly decreased in recent years. Malware continues to be the most prevalent threat, maintaining its top position since 2021, while phishing has moved up to second place, surpassing ransomware, which now ranks third. External sources, particularly hacktivists, are seen as the most concerning threat actors, followed by nation-state actors. Human error, though still significant, has dropped to third place from the previous year.

Quantum-Related Security Risks

The report underscores a growing apprehension among organizations regarding quantum-related security risks. The primary threat, identified by 63% of respondents, is the potential compromise of encryption in the future, where quantum computers could potentially break current or future encryption algorithms, exposing previously secure data. Key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys, were highlighted by 61% of respondents. Additionally, 58% expressed concerns about the “harvest now, decrypt later” (HNDL) threat, where encrypted data intercepted today could be decrypted in the future.

In response to these risks, half of the organizations are evaluating their encryption strategies, and 60% are actively prototyping or assessing post-quantum cryptography (PQC) solutions. However, only a third of organizations are entrusting telecom or cloud providers to manage the transition. Todd Moore, Global Vice President, Data Security Products at Thales, emphasized the urgency of post-quantum readiness, noting that while many organizations are exploring new cyphers, deployment timelines are tight, and falling behind could leave critical data vulnerable.