faCINg The New RealITIes Of seCURITy fOR aI 12 Security leaders’ top concerns about GenAI Top concerns of companies developing GenAI 60% Data leak/exfiltration Security and risk leaders at companies using GenAI said Top concerns of companies using GenAI Inappropriate use of personal data 50% their top concerns are data security issues, including Leakage of sensitive data 63% leakage of sensitive data (63%), sensitive data being Violations of regulations 42% overshared, with users gaining access to data they’re not authorized to view or edit (60%), and inappropriate Sensitive data being overshared 60% Lack of visibility into AI 42% components and vulnerabilities use or exposure of personal data (55%). Other Inappropriate use or exposure of concerns include insight inaccuracy (43%) and harmful personal data 55% Over-permissioned access 36% granted to AI apps or biased outputs (41%). Inaccurate insights generated by 43% Incorrect or misleading 36% In companies that are developing or customizing GenAI GenAI responses (Hallucination) apps, security leaders’ concerns were similar but slightly Lack of visibility into data and Malicious models 32% access risks 42% varied. Data leakage along with exfiltration (60%) and the inappropriate use of personal data (50%) were again Harmful or biased outputs from Unintended functionality 29% performed by AI (excessive agency) top concerns. But other concerns emerged, including GenAI apps 41% the violation of regulations (42%), lack of visibility into Risky or insecure plugins in Supply chain vulnerability 27% AI components and vulnerabilities (42%), and over- GenAI apps 39% permissioned access granted to AI apps (36%). Violations of regulations or Training data poisoning 23% code-of-conduct policies 38% Overall, these concerns can be divided into two Insecure plug-in design 22% Non-compliant or unethical use categories: amplified and emerging security risks. The of GenAI apps 38% following sections examine these risks in more detail. Adversarial prompt attacks 22% Insider risk from use of GenAI 32% apps Model theft 20% Overreliance on GenAI apps 27% Denial of service attack 19% Shadow IT 19% Wallet abuse 9%