Regulation & Policy

AI assistants set to become major cybersecurity threat by 2026

Tuesday, 25 November 2025 3:22PM UTC

AI systems in the workplace could soon be the leading source of data leaks, researchers warn, as organisations race to adopt autonomous agents without adequate security controls.

The rapid deployment of AI assistants is introducing new vulnerabilities, with systems often granted excessive access or left unmonitored. These agents, operating as independent identities within IT networks, risk exposing sensitive data due to misconfigurations and poor governance.

A report by Proofpoint found that AI assistants will need to be treated like human employees in terms of identity management, including individual profiles, trust scores and closely monitored privileges. “Security teams will no longer focus solely on human actors; they will be forced to treat their AI agents as first-class identities,” said Ravi Ithal, Chief Product and Technology Officer for AI Security at Proofpoint.

Instances of data exposure linked to AI are already widespread. In 2025, 84% of AI tools experienced data breaches, with over half involving credential theft. Much of this was attributed to ‘shadow AI’, where employees use personal accounts or consumer platforms like ChatGPT, Google Gemini and Microsoft Copilot for work. A related survey showed 57% of staff admitted entering confidential company data into generative AI tools.

“This kind of informal behaviour creates major blind spots in data protection,” said Adrian Covich, Vice President of Systems Engineering for Proofpoint in Asia-Pacific and Japan. He urged organisations to audit AI usage and bolster data protocols ahead of regulatory reforms expected in 2026. Further research by GitGuardian found 6.4% of AI-assisted code repositories leaked secrets – 40% more than the average for public repositories. Developers using LLMs may be prioritising speed over security, analysts said. Meanwhile, cyber espionage is becoming more discreet. Rather than phishing, attackers now infiltrate networks through encrypted messaging and trusted platforms. “The most effective espionage in 2026 won’t be loud or flashy,” said Alexis Dorais-Joncas, Head of Espionage Research at Proofpoint. “It’ll be invisible, hiding in plain sight behind the tools and platforms we trust every day.”

The rise of AI is also pushing governments to rethink cybersecurity laws. Australia is reviewing its AI governance framework, with officials calling for stronger data controls and compliance with evolving standards. Certifications like ISO 42001 provide a base, but may fall short in addressing the full scope of AI-related risks.

As oversight increases, experts say organisations must adapt quickly. Measures such as expanding identity and access management to include AI, curbing shadow AI, and aligning with regulatory expectations will be vital to ensuring AI develops safely and ethically.

Created by Amplify: AI-augmented, human-curated content.

More on this

https://securitybrief.com.au/story/ai-assistants-to-surpass-humans-in-causing-corporate-data-leaks - Please view link - unable to able to access data
https://www.globenewswire.com/news-release/2025/05/19/3084053/0/en/Analysis-of-AI-tools-84-breached-51-facing-credential-theft.html - A 2025 analysis revealed that 84% of AI tools have experienced data breaches, with 51% facing credential theft. The rapid, unmonitored adoption of AI tools in workplaces has led to significant security risks, as many employees use personal accounts for work tasks, bypassing company monitoring systems. This trend has resulted in increased exposure of sensitive company data, highlighting the need for robust data security measures and official AI policies within organizations.
https://www.thehackernews.com/expert-insights/2025/04/the-new-frontier-of-security-risk-ai.html - GitGuardian's 2025 analysis of approximately 20,000 repositories with active Copilot usage found that over 1,200 repositories leaked at least one secret, representing 6.4% of the sample. This rate is 40% higher than the average across all public repositories, which stands at 4.6%. The findings suggest that code generated by Large Language Models (LLMs) may inherently contain more security vulnerabilities, and that developers using AI assistants may be prioritizing speed over security, inadvertently creating more opportunities for credential exposure.
https://www.peoplemattersglobal.com/news/technology/ai-data-leaks-soar-as-employees-bypass-company-rules-45605 - A 2025 survey revealed that 57% of employees at large US enterprises admitted to entering confidential company data into tools like ChatGPT, Google Gemini, and Microsoft Copilot. Additionally, 68% of respondents accessed generative AI assistants through non-corporate platforms, effectively sidestepping IT and security protocols. This phenomenon, dubbed ‘shadow AI’, is widening the cracks in already fragile data governance frameworks, highlighting the need for organizations to implement robust data security measures and official AI policies.
https://www.techmonitor.ai/technology/cybersecurity/ai-driven-data-leaks-affect-68-firms-report - A 2025 study found that 68% of organizations have experienced data leaks linked to the use of AI tools, yet only 23% have formal security policies in place to address these risks. The findings highlight growing challenges as AI becomes more embedded in daily operations, with many organizations lacking adequate measures to prevent data breaches associated with AI systems.
https://www.esecurityplanet.com/news/shadow-ai-chatgpt-dlp/ - A 2025 report revealed that 77% of employees share sensitive company data through ChatGPT and AI tools, creating major security and compliance risks. The findings underscore a growing identity and data management crisis within enterprise environments, as generative AI tools have become the leading channel for corporate-to-personal data exfiltration, responsible for 32% of all unauthorized data movement.
https://cybertechnologyinsights.com/cybertech-staff-articles/ai-identities-cybersecurity-2026/ - Research indicates that by 2026, 75% of security failures will result from inadequate management of machine identities, including AI agents. This shift underscores the need for organizations to extend identity management controls traditionally reserved for human actors to these AI entities, as AI assistants are projected to function as independent identities within IT environments, each carrying unique profiles and trust scores.

Noah Fact Check Pro

The draft above was created using the information available at the time the story first emerged. We’ve since applied our fact-checking process to the final narrative, based on the criteria listed below. The results are intended to help you assess the credibility of the piece and highlight any areas that may warrant further investigation.

Freshness check

Score: 8

Notes: The narrative presents recent concerns about AI assistants leading to corporate data leaks by 2026. Similar reports from October 2025 highlight the risks associated with AI agents in business environments. ([proofpoint.com](https://www.proofpoint.com/us/blog/ciso-perspectives/cybersecurity-2026-agentic-ai-cloud-chaos-and-human-factor?utm_source=openai)) The report cites a 2025 analysis revealing that 84% of AI tools had experienced data breaches, with over half suffering credential theft. ([telconews.com.au](https://telconews.com.au/story/ai-assistants-to-surpass-humans-in-causing-corporate-data-leaks?utm_source=openai)) The inclusion of updated data and projections for 2026 suggests a higher freshness score, but the core concerns have been previously reported.

Quotes check

Score: 7

Notes: The narrative includes direct quotes from Proofpoint executives, such as Ravi Ithal and Adrian Covich. Similar quotes from these individuals have appeared in reports from October 2025. ([proofpoint.com](https://www.proofpoint.com/us/blog/ciso-perspectives/cybersecurity-2026-agentic-ai-cloud-chaos-and-human-factor?utm_source=openai)) The repetition of these quotes indicates potential reuse of content.

Source reliability

Score: 6

Notes: The narrative originates from TelcoNews Australia, a telecommunications news outlet. While it provides industry-specific insights, its credibility is uncertain due to limited verifiable information about the publication. The reliance on a single outlet for this information raises concerns about the reliability of the report.

Plausibility check

Score: 8

Notes: The claims about AI assistants becoming a leading source of corporate data leaks by 2026 align with recent cybersecurity concerns. Reports from October 2025 highlight similar issues, including data breaches and credential theft associated with AI tools. ([proofpoint.com](https://www.proofpoint.com/us/blog/ciso-perspectives/cybersecurity-2026-agentic-ai-cloud-chaos-and-human-factor?utm_source=openai)) The narrative's focus on AI agents' risks in business environments is plausible and consistent with current industry discussions.

Overall assessment

Verdict (FAIL, OPEN, PASS): OPEN

Confidence (LOW, MEDIUM, HIGH): MEDIUM

Summary: The narrative presents concerns about AI assistants leading to corporate data leaks by 2026, reflecting ongoing industry discussions. However, the reliance on a single, less verifiable source and the reuse of quotes from previous reports raise questions about the originality and reliability of the content. The plausibility of the claims is supported by similar reports from October 2025, but the overall assessment remains open due to the identified issues.

AI security
Data leaks
Cybersecurity threats