A new report from Thales highlights how artificial intelligence is reshaping the cybersecurity landscape, introducing new attack vectors while amplifying existing data protection challenges.
The 2026 Thales Data Threat Report finds that as organizations accelerate AI adoption, they are simultaneously increasing their exposure to cloud threats, identity attacks, and operational complexity.
Based on a survey of more than 3000 IT and security professionals across 20 countries, the report highlights how AI-driven innovation is creating both opportunity and risk. Organizations are increasingly dependent on data to power AI applications, yet many still lack visibility into where that data resides or how it is secured.
AI Expands the Attack Surface
Security professionals are paying greater attention to AI security. Thirty percent of organizations now have a dedicated cybersecurity budget for AI security – up from 20% the previous year – though more than half are still funding AI protections through existing security budgets.
This reflects concerns around the difficulty in security AI ecosystems. 70% of respondents cited the rapid change in AI technologies as the top security concern, making it difficult for security teams to keep pace with evolving threats and infrastructure.
At the same time, AI-powered attacks are becoming more common. The report reveals that 59% of organizations have experienced deepfake-related incidents, while 57% reported an increase in AI-generated misinformation attacks. Nearly half of respondents said their organization had already suffered reputational damage as a result of AI-driven disinformation campaigns.
Cloud Assets Remain the Top Target
Cloud environments continue to be the most attractive targets for attackers. The survey found that cloud storage, cloud-based applications, and cloud management infrastructure collectively represent the top three attack targets for cybercriminals.
Credential theft remains the most common attack technique against cloud infrastructure, with 67% of respondents reporting an increase in incidents involving stolen credentials or misappropriated secrets.
Despite the obvious risks, many organizations still have gaps in basic data protection practices. Only about half of sensitive data stored in the cloud is currently encrypted, the report says.
Visibility is another major challenge. Just 34% of organizations said they have complete knowledge of where their data is stored, making it difficult to implement effective protection strategies.
Complexity Undermines Security
Operational complexity continues to weaken security posture. The report shows that organizations use an average of seven different tools for data protection and monitoring, with 77% running five or more tools in this category.
While the proliferation of tools is intended to improve security coverage, it often produces the opposite effect. Only 39% of respondents say they feel confident in their understanding of their organization’s data security tools, suggesting that tool sprawl may be creating blind spots.
And that complexity creates more opportunity for human error – which is likely why it remains the leading cause of data breaches, cited by 28% of respondents, followed by exploitation of known vulnerabilities and zero-day attacks.
Quantum and Sovereignty Risks Rise
Looking ahead, the report identifies quantum computing as an emerging security concern. 61% of respondents said their primary quantum-related worry is the “harvest now, decrypt later” threat, in which attackers collect encrypted data today in the hope that future quantum computers will be able to decrypt it.
In response, many organizations are beginning to explore post-quantum cryptography. Nearly 60% said they are already prototyping or evaluating post-quantum cryptographic algorithms.
Moreover, data sovereignty is becoming a strategic priority as geopolitical pressures and regulatory requirements increase. More than half of organizations reported that they are refactoring applications and data architectures to meet sovereignty objectives, while 36% believe strong encryption and key management can help maintain compliance regardless of where data is stored.
The “New Insider Threat”
Ultimately, the report argues that AI itself may become a new type of insider threat. As AI agents gain autonomous access to corporate systems and sources, they could unintentionally expose sensitive information if security controls are not properly implemented.
As such, security teams face a difficult balancing act: enabling innovation while maintaining strict control over data. According to the report, organizations must improve data visibility, reduce security complexity, and strengthen encryption practices to keep pace with the rapidl evolving AI ecosystem.
Josh is a Content writer at Bora. He graduated with a degree in Journalism in 2021 and has a background in cybersecurity PR. He's written on a wide range of topics, from AI to Zero Trust, and is particularly interested in the impacts of cybersecurity on the wider economy.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.