Firms Added AI to Core Systems Before Setting Governance Rules

70% of organizations are now running GenAI in live environments, and nearly two-thirds have AI agents in pilot or production deployments. Some of those agents hold privileged access to core systems, according to the Check Point 2026 Cloud Security Report.

Production AI is expanding the enterprise attack surface in ways security teams are struggling to manage. Architectures built around human users and predictable application behavior are buckling under the pressure of AI systems that rely on APIs, automation, and autonomous actions.

More than half of companies have experienced at least one AI-related security incident. The most frequent issues include unauthorized or shadow AI use, AI-generated phishing and deepfake content, and sensitive data leaks tied to AI services.

“AI adoption has outpaced the architecture built to govern it,” said Paul Barbosa, VP of Cloud Security and SASE at Check Point Software Technologies. “Agents are acting inside live systems; data is moving through external AI services, and most enterprises still lack the visibility and enforcement to keep pace. Visibility, control, and security need to be present at all layers in the stack AI workloads will operate in.”

Security teams still lack visibility into AI use. Companies are rewriting acceptable use policies, launching AI governance programs, and increasing investment in AI-specific controls. Yet the infrastructure needed to enforce those policies consistently remains absent.

Only 5% of organizations report visibility into the AI tools and services used inside their environments. Security teams often have no insight into which tools employees use, what data enters AI workflows, or where that data moves afterward. A small fraction can reliably distinguish legitimate AI activity from suspicious or unauthorized usage.

AI traffic is reshaping enterprise network patterns. Companies report increases in API-driven traffic, connections to external AI services, and east-west traffic inside hybrid environments. Inspection gaps remain a problem. Existing network security tools often struggle to inspect AI-related traffic without affecting application performance.

AI infrastructure is moving closer to internal systems and regulated data. Some firms are shifting AI training and inference workloads into private cloud and on-premises environments, placing more emphasis on datacenter perimeter security and internal traffic inspection.

Organizations use different models for AI access control, with approaches varying widely. Some rely on endpoint security tools. Others apply separate rules for on-network and off-network access. A few block external AI tools entirely. Only a small percentage enforce consistent AI access controls regardless of location.

Coverage gaps extend into SaaS traffic inspection, browser-based AI tools, and endpoint monitoring. Many firms report partial visibility into AI SaaS traffic and limited ability to control unauthorized AI applications. Application-layer protections are under pressure. WAF and WAAP tools struggle with AI-specific attacks such as prompt injection, and increased false positives are becoming a problem in AI environments.

Runtime security and data controls remain limited. Runtime protection inside AI applications is still immature. Few firms have broadly deployed controls for LLM inputs, outputs, and tool authorization. Many still rely on ad hoc testing for GenAI applications.

Data governance is another weak point. Some companies permit source code in GenAI tools, and many cannot trace the flow of sensitive data through AI processing environments. AI-specific DLP deployment remains low. Prevention capabilities remain limited across prompts, data flows, and AI-generated outputs. Most organizations detect AI-related risks more easily than they stop them in real time.