AI tools expose sensitive data at 99% of organisations
A report from Varonis has found that 99% of organisations have sensitive data exposed to artificial intelligence tools due to security shortcomings.
The State of Data Security Report: Quantifying AI's Impact on Data Risk examined the data risk landscape in 1,000 real-world IT environments, focusing on how AI-driven technology may amplify the vulnerability of sensitive information. The findings suggest that widespread issues such as misconfigurations, overly permissive access, and other data security gaps are contributing to the exposure of confidential data.
"The productivity gains of AI are real — and so is the data security risk," said Varonis Chief Executive, President, and Co-Founder Yaki Faitelson. "CIOs and CISOs face enormous pressure to adopt AI at warp speed, which is driving the adoption of data security platforms."
"AI runs on data, and taking a data-centric approach to security is critical to avoid an AI-related data breach," Faitelson continued.
Varonis conducted its analysis by assessing data from nearly 10 billion cloud resources, spanning more than 20 petabytes, across commonly used infrastructure-as-a-service and software-as-a-service applications. These included AWS, Microsoft Azure, Google Cloud, Box, Salesforce, Microsoft 365, Okta, Databricks, Slack, Snowflake, and Zoom, among others.
The report found that 99% of organisations surveyed had sensitive data unnecessarily exposed to AI tools. Moreover, 90% of sensitive cloud data, including data used for AI training, was open and accessible to AI-powered tools, raising concerns about the potential for unintended data leakage.
The report also revealed that 98% of organisations had unverified applications, including instances of so-called shadow AI, within their environments. This means that unauthorised or unmanaged AI applications are operating in the background, potentially increasing the risk of data breaches and compliance failures.
Another key finding highlighted that one in seven organisations did not enforce multi-factor authentication across their SaaS and multi-cloud environments. Organisations may be more susceptible to unauthorised access and related risks without multi-factor authentication.
The analysis further noted that 88% of organisations had ghost users—accounts that are no longer in active use but have not been de-provisioned—lingering in their environments. If left unchecked, such accounts can provide an entry point for cybercriminals.
The empirical approach of the study sets it apart, as Varonis stated it was based on the analysis of active organisational environments rather than self-reported surveys about AI readiness. This method provided a more accurate reflection of the current state of cloud and data security risks associated with AI adoption.
The increasing drive for AI-enabled productivity is evident in IT environments, but the report points out that many organisations may not have implemented the necessary controls for safeguarding sensitive information. The findings suggest that a technical and policy focus on closing security gaps and reducing unnecessary data exposure is required to mitigate the potential risks.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Scoop
3 days ago
- Scoop
UNC6040 Hacks Salesforce Via Vishing And Malicious Data Loader Apps, Google Warns
Press Release – Google Threat Intelligence Group – GTIG According to Google, attackers impersonate IT support on live calls, directing users to approve unauthorised Data Loader apps via Salesforce's connected app interface. These apps, often disguised with innocuous names like My Ticket Portal, grant … A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation, attributed to threat cluster UNC6040, leverages modified versions of Salesforce's Data Loader and malicious connected apps to compromise organisations—without exploiting any Salesforce vulnerabilities. According to Google, attackers impersonate IT support on live calls, directing users to approve unauthorised Data Loader apps via Salesforce's connected app interface. These apps, often disguised with innocuous names like 'My Ticket Portal,' grant direct access to sensitive CRM data. No legitimate Salesforce systems are compromised in the attacks, the bad actors exploit end-user trust to infiltrate other systems. Once initial access is secured, attackers use harvested credentials to move laterally into platforms such as Okta and Microsoft 365. In some cases, exfiltration went undetected for months before extortion attempts occurred—sometimes under the banner of groups like ShinyHunters. UNC6040's infrastructure included Okta phishing panels and commercial VPN services such as Mullvad. The group's techniques overlap with those seen in campaigns linked to 'The Com', a loosely affiliated cybercriminal collective. GTIG advises defenders to implement strict access controls, limit API privileges, and use Salesforce Shield for anomaly detection. IP-based restrictions and rigorous app allowlisting are also critical, given the threat actors' reliance on human manipulation rather than technical exploits. 'This campaign demonstrates how modern attackers exploit trust and routine admin functions to bypass even hardened cloud environments,' GTIG noted.
Scoop
3 days ago
- Scoop
UNC6040 Hacks Salesforce Via Vishing And Malicious Data Loader Apps, Google Warns
A new Google Cloud Threat Intelligence report has revealed a sophisticated vishing campaign targeting Salesforce environments, enabling large-scale data theft and extortion. The operation, attributed to threat cluster UNC6040, leverages modified versions of Salesforce's Data Loader and malicious connected apps to compromise organisations—without exploiting any Salesforce vulnerabilities. According to Google, attackers impersonate IT support on live calls, directing users to approve unauthorised Data Loader apps via Salesforce's connected app interface. These apps, often disguised with innocuous names like 'My Ticket Portal,' grant direct access to sensitive CRM data. No legitimate Salesforce systems are compromised in the attacks, the bad actors exploit end-user trust to infiltrate other systems. Once initial access is secured, attackers use harvested credentials to move laterally into platforms such as Okta and Microsoft 365. In some cases, exfiltration went undetected for months before extortion attempts occurred—sometimes under the banner of groups like ShinyHunters. UNC6040's infrastructure included Okta phishing panels and commercial VPN services such as Mullvad. The group's techniques overlap with those seen in campaigns linked to "The Com", a loosely affiliated cybercriminal collective. GTIG advises defenders to implement strict access controls, limit API privileges, and use Salesforce Shield for anomaly detection. IP-based restrictions and rigorous app allowlisting are also critical, given the threat actors' reliance on human manipulation rather than technical exploits. 'This campaign demonstrates how modern attackers exploit trust and routine admin functions to bypass even hardened cloud environments,' GTIG noted.
Scoop
4 days ago
- Scoop
Snowflake Unveils Comprehensive Product Innovations To Empower Enterprises To Achieve Full Potential Through Data And AI
Snowflake Openflow simplifies the process of getting data from where it is created to where it can be used Snowflake Standard Warehouse - Generation 2 and Snowflake Adaptive Compute deliver faster analytics performance to accelerate customer insights, without driving up costs Snowflake Intelligence allows business users to harness AI data agents to analyse, understand, and act on structured and unstructured data Snowflake Cortex AISQL embeds generative AI directly into customers' queries, empowering teams to analyse all types of data and build flexible AI pipelines with familiar SQL syntax With Cortex Knowledge Extensions, enterprises can enrich their AI apps and agents with real-time news and content from trusted third-party providers Snowflake (NYSE: SNOW), the AI Data Cloud company, today announced several product innovations at its annual user conference, Snowflake Summit 2025, designed to revolutionise how enterprises manage, analyse, and activate their data in the AI era. These announcements span data engineering, compute performance, analytics, and agentic AI capabilities, all aimed at helping organisations break down data silos and bridge the gap between enterprise data and business action — without sacrificing control, simplicity, or governance. 'Today's announcements underscore the rapid pace of innovation at Snowflake in our drive to empower every enterprise to unlock its full potential through data and AI,' said Theo Hourmouzis, Senior Vice President, ANZ and ASEAN, Snowflake. 'Organisations across A/NZ are looking to take their AI projects to the next level – from testing, to production, to ultimately providing business value. Today's innovations are focused on providing them with the easiest, most connected, and most trusted data platform to do so.' Snowflake Openflow Unlocks Full Data Interoperability, Accelerating Data Movement for AI Innovation Snowflake unveiled Snowflake Openflow, a multi-modal data ingestion service that allows users to connect to virtually any data source and drive value from any data architecture. Now generally available on AWS, Openflow eliminates fragmented data stacks and manual labor by unifying various types of data and formats, enabling customers to rapidly deploy AI-powered innovations. Snowflake Openflow embraces open standards, so organisations can bring data integrations into a single, unified platform without vendor lock-in and with full support for architecture interoperability. Powered by Apache NiFi™[1], an Apache Software Foundation project built to automate the flow of data between systems, Snowflake Openflow enables data engineers to build custom connectors in minutes and run them seamlessly on Snowflake's managed platform. With Snowflake Openflow, users can harness their data across the entire end-to-end data lifecycle, while adapting to evolving data standards and business demands. Hundreds of ready-to-use connectors and processors simplify and rapidly accelerate data integration from a broad range of data sources including Box, Google Ads, Microsoft Dataverse, Microsoft SharePoint, Oracle, Proofpoint, ServiceNow, Workday, Zendesk, and more, to a wide array of destinations including cloud object stores and messaging platforms, not just Snowflake. Snowflake Unveils Next Wave of Compute Innovations For Faster, More Efficient Warehouses and AI-Driven Data Governance Snowflake announced the next evolution of compute innovations that deliver faster performance, enhanced usability, and stronger price-performance value — raising the bar for modern data infrastructure. This includes Standard Warehouse – Generation 2 (Gen2) (now generally available), an enhanced version of Snowflake's virtual Standard Warehouse with next-generation hardware and additional enhancements to deliver 2.1x[2] faster analytics performance and 1.9x faster analytics performance than Managed Spark. Snowflake also introduced Snowflake Adaptive Compute (now in private preview), a new compute service that lowers the burden of resource management by maximising efficiency through automatic resource sizing and sharing. Warehouses created using Adaptive Compute, known as Adaptive Warehouses, accelerate performance for users without driving up costs, ultimately redefining data management in the evolving AI landscape. Snowflake Intelligence and Data Science Agent Deliver The Next Frontier of Data Agents for Enterprise AI and ML Snowflake announced Snowflake Intelligence (public preview soon), which enables technical and non-technical users alike to ask natural language questions and instantly uncover actionable insights from both structured tables and unstructured documents. Snowflake Intelligence is powered by state-of-the-art large language models from Anthropic and OpenAI, running inside the secure Snowflake perimeter, and is powered by Cortex Agents (public preview) under the hood — all delivered through an intuitive, no-code interface that helps provide transparency and explainability. Snowflake also unveiled Data Science Agent (private preview soon), an agentic companion that boosts data scientists' productivity by automating routine ML model development tasks. Data Science Agent uses Anthropic's Claude to break down problems associated with ML workflows into distinct steps, such as data analysis, data preparation, feature engineering, and training. Today, over 5,200[3] customers from companies like BlackRock, Luminate, and Penske Logistics are using Snowflake Cortex AI to transform their businesses. Snowflake Introduces Cortex AISQL and SnowConvert AI: Analytics Rebuilt for the AI Era Snowflake announced major innovations that expand on Snowflake Cortex AI, Snowflake's suite of enterprise-grade AI capabilities, empowering global organisations to modernise their data analytics for today's AI landscape. This includes SnowConvert AI, an agentic automation solution that accelerates migrations from legacy platforms to Snowflake. With SnowConvert AI, data professionals can modernise their data infrastructure faster, more cost-effectively, and with less manual effort. Once data lands in Snowflake, Cortex AISQL (now in public preview) then brings generative AI directly into customers' query engines, enabling teams to extract insights across multi-modal data and build flexible AI pipelines using SQL — all while providing bestinclass performance and cost efficiency. Snowflake Marketplace Adds Agentic Products and AI-Ready Data from Leading News, Research, and Market Data Providers Snowflake announced new agentic products on Snowflake Marketplace that accelerate agentic AI adoption across the enterprise. This includes Cortex Knowledge Extensions (generally available soon) on Snowflake Marketplace, which enables enterprises to enrich their AI apps and agents with proprietary unstructured data from third-party providers — all while allowing providers to protect their intellectual property and ensure proper attribution. Users can tap into a selection of business articles and content from The Associated Press, which will help users further enhance the usefulness of results in their AI systems. In addition, Snowflake unveiled sharing of Semantic Models (now in private preview), which allows users to easily integrate AI-ready structured data within their Snowflake Cortex AI apps and agents — both from internal teams or third-party providers like CARTO, CB Insights, Cotality™ powered by Bobsled, Deutsche Börse, IPinfo, and truestar. Learn More: Check out all the innovations and announcements coming out of Snowflake Summit 2025 on Snowflake's Newsroom. Stay on top of the latest news and announcements from Snowflake on LinkedIn and X, and follow along at #SnowflakeSummit. About Snowflake Snowflake is the platform for the AI era, making it easy for enterprises to innovate faster and get more value from data. More than 11,000 companies around the globe, including hundreds of the world's largest, use Snowflake's AI Data Cloud to build, use, and share data, apps and AI. With Snowflake, data and AI are transformative for everyone. Learn more at (NYSE: SNOW).
