AI tools expose sensitive data at 99% of organisations
The State of Data Security Report: Quantifying AI's Impact on Data Risk examined the data risk landscape in 1,000 real-world IT environments, focusing on how AI-driven technology may amplify the vulnerability of sensitive information. The findings suggest that widespread issues such as misconfigurations, overly permissive access, and other data security gaps are contributing to the exposure of confidential data.
"The productivity gains of AI are real — and so is the data security risk," said Varonis Chief Executive, President, and Co-Founder Yaki Faitelson. "CIOs and CISOs face enormous pressure to adopt AI at warp speed, which is driving the adoption of data security platforms."
"AI runs on data, and taking a data-centric approach to security is critical to avoid an AI-related data breach," Faitelson continued.
Varonis conducted its analysis by assessing data from nearly 10 billion cloud resources, spanning more than 20 petabytes, across commonly used infrastructure-as-a-service and software-as-a-service applications. These included AWS, Microsoft Azure, Google Cloud, Box, Salesforce, Microsoft 365, Okta, Databricks, Slack, Snowflake, and Zoom, among others.
The report found that 99% of organisations surveyed had sensitive data unnecessarily exposed to AI tools. Moreover, 90% of sensitive cloud data, including data used for AI training, was open and accessible to AI-powered tools, raising concerns about the potential for unintended data leakage.
The report also revealed that 98% of organisations had unverified applications, including instances of so-called shadow AI, within their environments. This means that unauthorised or unmanaged AI applications are operating in the background, potentially increasing the risk of data breaches and compliance failures.
Another key finding highlighted that one in seven organisations did not enforce multi-factor authentication across their SaaS and multi-cloud environments. Organisations may be more susceptible to unauthorised access and related risks without multi-factor authentication.
The analysis further noted that 88% of organisations had ghost users—accounts that are no longer in active use but have not been de-provisioned—lingering in their environments. If left unchecked, such accounts can provide an entry point for cybercriminals.
The empirical approach of the study sets it apart, as Varonis stated it was based on the analysis of active organisational environments rather than self-reported surveys about AI readiness. This method provided a more accurate reflection of the current state of cloud and data security risks associated with AI adoption.
The increasing drive for AI-enabled productivity is evident in IT environments, but the report points out that many organisations may not have implemented the necessary controls for safeguarding sensitive information. The findings suggest that a technical and policy focus on closing security gaps and reducing unnecessary data exposure is required to mitigate the potential risks.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
3 days ago
- Techday NZ
Chainguard launches partner programme after $356 million raise
Chainguard has announced the launch of its Global Partner Program aimed at helping channel partners deliver trusted open source software to customers. The new initiative intends to bridge the gap between traditional channel models and increasingly complex cloud ecosystems. Chainguard will be working alongside several major cloud service providers, including AWS, Google Cloud Platform, and Microsoft Azure, to offer more cohesive and scalable security solutions through its channel partners. Key programme features The Chainguard Partner Program introduces a two-tier structure with increasing benefits based on partner engagement and impact. Among the main features are incentives via sourced deals, co-sell influence, and customer referrals. Technical enablement is a significant component, with partner-exclusive training, onboarding, deal registration, lead creation tools, and access to both Partner and Technical Advisory Councils. The programme also offers joint go-to-market support, including account mapping, sales enablement, marketing support, and co-branded initiatives. Early adopters are given a first-mover advantage in delivering a new solution category before competitors can enter the space. The launch and expansion of this programme are being supported by Chainguard's recent Series D funding round, which saw the company raise $356 million at a valuation of $3.5 billion, intended to drive the company's next stage of growth. The need for secure OSS Open source software now accounts for more than 90% of the code in modern applications, significantly increasing the importance of robust software supply chain security. Recent high-profile incidents such as attacks targeting SolarWinds, Log4Shell, and xz-utils have elevated concerns among organisations, which now face stricter regulatory requirements and compliance mandates from frameworks such as FedRAMP, PCI, NIST SSDF, DORA, CRA, and HIPAA. The proliferation of sovereign cloud initiatives has added further complexity to compliance and risk management. "We're at a tipping point in software security. The growing reliance on open source, coupled with the rise in sophisticated supply chain attacks, has made it clear that reactive security models are no longer enough," said Ryan Carlson, President, Chainguard. "Organisations need to build fast, but they also need to do so securely – and that starts with trusted open source. With partners across the channel ecosystem, we're making it easier for the world's most innovative companies to build, deploy, and innovate on a foundation that's secure from the start." Chainguard's approach is to provide trusted open source software that is rebuilt from source in hardened environments, thereby supporting engineering teams in securely developing and deploying new code without additional burdens. Early engagement with channel partners The first members of the Global Partner Program include Bytes, Defy, DevOps1, and EVOTEK. These partners will use Chainguard to speed up developer productivity, facilitate compliance processes, and raise security standards for their clients. "At Bytes, we actively seek out vendors who disrupt conventional thinking and bring innovative perspectives to the cyber security landscape," said Luke Kiernan, Head of Cyber Security, Bytes. "From our first interaction with Chainguard, it was evident they embodied this mindset, delivering a forward-thinking, developer-first approach to securing the software supply chain. We look forward to developing our partnership and driving greater value for our customers through modern, resilient, and secure software practices." "Chainguard is solving one of the most urgent problems in enterprise technology today – securing the software supply chain without slowing down development," said Rich Douros, Chief Revenue Officer, Defy. "Their secure-by-default approach is exactly what our customers need to build with confidence and speed." "At DevOps1, our mission is to help our customers build secure, scalable systems that empower our clients to move fast without compromising security," said Alex Rea, CEO, DevOps1. "Partnering with Chainguard, the market-leading solution for software supply chain security, enables us to embed robust, verifiable security ensuring a 'Start Left' posture in the development lifecycle. This collaboration reinforces our commitment to delivering modern DevSecOps practices with confidence, integrity, and speed." "All organizations want to accelerate their software development, but they can't do that without having a way to secure the applications they're building," said Jason Myers, Chief Revenue Officer, EVOTEK. "Chainguard's approach to delivering continuously verified open source software aligns perfectly with our mission to help enterprises build secure, scalable infrastructure." Enhancing OSS integrity Chainguard's offerings centre around delivering open source components that are rebuilt from source within secure infrastructure and with verified end-to-end integrity. This is exemplified by Chainguard Containers, a catalogue featuring over 1,500 zero-CVE (common vulnerabilities and exposures) container images. The containers offer customisation, a reduced attack surface, and continuous daily updates, thereby ensuring supply chain integrity for containerised applications. Powered by Chainguard OS, the service includes transparent provenance, enforcement of FIPS cryptography, signed software bill of materials and attestations, and secure system hardening. For partners in the programme, this portfolio is designed to accelerate client compliance efforts, strengthen security postures, and enable engineering teams to focus on secure product development.
Techday NZ
3 days ago
- Techday NZ
SuperOps & AWS unveil AI marketplace with $100,000 contest
SuperOps has announced the launch of an agentic AI marketplace for managed service providers (MSPs) and IT teams in collaboration with Amazon Web Services (AWS). Marketplace details The AI Agent Marketplace, developed and operated in partnership with AWS, is set to enter a beta phase in September. The platform will allow MSPs to procure ready-to-use AI agents designed for IT workflows such as ticket triage, alert remediation, and employee onboarding. Developers will also have the opportunity to publish their AI agents and generate revenue through the marketplace. SuperOps stated that the marketplace is intended to accelerate the adoption of autonomous AI in daily IT operations. Companies in the sector will be able to integrate agents that automate routine tasks, aiming to bridge the gap between AI experimentation and practical deployment across organisations. Supporting initiatives To support the launch, SuperOps revealed two additional initiatives targeted at building understanding and innovation within the IT and MSP communities. The first is the creation of the SuperOps Agentic AI Community, designed as a resource and collaboration hub for MSPs, IT professionals and developers. The second is the SuperHack Hackathon, an event powered by AWS, which challenges developers globally to create autonomous AI agents designed for real IT industry scenarios. Winning entries from the hackathon will be included in the marketplace, and participants compete for a combined $100,000 prize fund. Discussing the significance of the launch, Arvind Parthiban, Chief Executive Officer and Co-founder of SuperOps, said: "This launch marks a significant turning point for the IT industry. We're giving MSPs a way to tap into real, autonomous AI that can solve their day-to-day challenges and help them stay ahead. Partnering with AWS makes it possible to scale this across the industry and bring powerful, usable agents into the hands of teams that need them now." Industry landscape SuperOps' new offerings come at a time when AI interest in the IT sector remains high, but widespread adoption continues to encounter challenges. According to a recent poll by Canalys cited by SuperOps, 61% of partners indicated they have difficulty moving AI initiatives beyond proof-of-concept with their customers. SuperOps said that the combination of a curated marketplace, a collaborative community, and an innovation-driven competition is intended to address the obstacles hindering broader AI deployment in IT environments. The company's ecosystem intends to advance the sector beyond experimentation through several means: providing a platform for collaboration and learning, running the SuperHack Hackathon to incentivise the development of new solutions, and offering a marketplace for the secure and effective deployment and monetisation of AI applications. Role of AWS AWS is supplying the technological framework underpinning the marketplace, supporting its scalability, reliability, and performance. This infrastructure is expected to assist SuperOps and its users as agentic AI solutions are brought to production within the global MSP community at a larger scale. Developers, managed service providers, IT professionals, and leaders are being invited by SuperOps to engage with the Agentic AI Community, with opportunities to either participate actively in the SuperHack Hackathon or mentor others taking part. Follow us on: Share on:
Techday NZ
3 days ago
- Techday NZ
Oracle & Google Cloud boost AI with Gemini model access
Oracle and Google Cloud have expanded their partnership to provide Oracle customers with direct access to Google's Gemini AI models through the Oracle Cloud Infrastructure Generative AI service. The collaboration gives Oracle customers the ability to leverage Gemini 2.5 and its upcoming model family for enterprise-grade applications, including advanced coding, workflow automation, and domain-specific solutions such as MedLM for healthcare. Expanded AI offerings Through the integration, enterprises will have the opportunity to use Gemini's multimodal capabilities, enabling applications that can handle text, code, and industry-specific tasks. Oracle plans further integrations with Google Cloud's Vertex AI, which will make the entire Gemini model suite - including video, image, speech, and music generation - accessible within Oracle Fusion Cloud Applications across various departments such as finance, HR, supply chain, sales, service, and marketing. Oracle customers will also be able to deploy Gemini models using their existing Oracle Universal Credits, potentially simplifying adoption and controlling costs. Use cases and industry impact Gemini models are designed to provide accuracy and performance for enterprise use cases, partly due to their grounding in up-to-date Google Search data, large context windows, and data privacy features. The models can be used for knowledge retrieval, productivity tools, advanced software development, and sector-specific solutions. Specialised industry models like MedLM for healthcare are among the offerings expected for future integration. The presence of these models within existing Oracle platforms aims to streamline the adoption of AI across industries, supporting teams in tasks that range from automating business processes to building AI-powered agents. Customer access and integration With the expanded partnership, Oracle states customers will have more flexibility and choice over the models they use. As future integrations are developed, customers will be able to select from a range of Gemini models via Vertex AI, directly within Oracle's cloud applications ecosystem. "Today, leading enterprises are using Gemini to power AI agents across a range of use cases and industries," said Thomas Kurian, CEO, Google Cloud. "Now, Oracle customers can access our leading models from within their Oracle environments, making it even easier for them to begin deploying powerful AI agents that can support developers, streamline data integration tasks, and much more." Google's Gemini models have been cited for their enterprise suitability due to features such as encryption, privacy controls, and reasoning abilities. Clay Magouyrk, President, Oracle Cloud Infrastructure, stated, "Oracle has been intentional in offering model choice curated for the enterprise, spanning open and proprietary models. The availability of Gemini on OCI Generative AI service highlights our focus on delivering powerful, secure, and cost-effective AI solutions that help customers drive innovation and achieve their business goals." Performance and scalability Oracle continues to position its infrastructure as a foundation for running intensive AI workloads. According to the companies, Oracle Cloud Infrastructure offers specialised, cost-effective GPU instances suitable for applications in generative AI, natural language processing, computer vision, and recommender systems. The collaboration is described as a means for customers to apply generative and agentic AI to business needs, with a focus on meeting enterprise requirements for security, adaptability, and performance. Through this partnership, both companies aim to facilitate the deployment of multimodal and AI agent technologies in a broad range of enterprise scenarios.
