June 10, 2026

Q&A: By 2027, 40% of AI-related data breaches will stem from improper use


Artificial intelligence has quickly become embedded in day-to-day work, often faster than organizations can track or govern it. While many companies have introduced some form of AI policies and oversight processes, employees are rapidly adopting new AI tools outside formal guidance. According to the data, 86% of organizations experienced an AI-related security incident in the past year, while Gartner predicts that by 2027, 40% of AI-related data breaches will stem from improper generative AI use. As shadow AI becomes increasingly difficult to contain, business leaders are being forced to rethink whether traditional governance approaches can keep pace.

To discover more, Digital Journal spoke with Adam Markowitz, CEO and co-founder of Drata, discusses why organisations should shift their focus from policy creation to operational controls that can keep up with the reality of AI adoption.

Digital Journal: Why is Shadow AI becoming such a pressing issue for businesses?

Adam Markowitz: Most people think of shadow AI as employees using ChatGPT without approval, but it’s much broader than that. AI is everywhere now, from add-ons to our existing browser extensions to long-used SaaS applications. The pressing challenge is that AI is being adopted faster than organizations can govern it. Teams are finding their own ways to solve problems and move faster, often with good intentions, but their choice of tools and how those tools are used frequently operate outside official review processes. Leaders need to recognize that shadow AI is quickly becoming a normal part of how work gets done at most organizations and is no longer an isolated behaviour.

DJ: What about for the organizations that have already published internal AI policies? Is there still work to be done? 

Markowitz: Policies are important because they establish expectations and accountability, but policies alone don’t create governance. The reality is that employees don’t stop experimenting with new technology because a policy exists. If a tool helps someone close a sale faster or write code more efficiently, it’s human nature to find ways to use it.

The problem is that policies assume organizations know where AI is being used, when in practice, many don’t. When leaders rely entirely on written guidance, they create visibility gaps, enforcement gaps, and evidence gaps. Governance only works when you can prove controls are operating, and that they don’t just exist on paper.

DJ: What risks concern you most when organizations lose visibility into AI adoption?

Markowitz: You can’t govern what you can’t see. When organizations don’t know where AI is touching their organization, it’s challenging to fully understand who has access to sensitive internal data and, in turn, how that information is being used. That’s why visibility is the foundation of trust.  Sensitive information can be exposed through AI prompts, as employees may unknowingly connect AI tools to internal systems. This creates risk across multiple areas. Autonomous agents can make decisions at a scale and speed that traditional review processes were never designed to handle. So the biggest risk isn’t necessarily one tool – it’s more so the accumulation of hundreds of small decisions happening across an organization without clear oversight. Autonomous agents operating on behalf of employees amplify this problem by orders of magnitude. An agent can make thousands of decisions before a security team even knows it’s running.

DJ: Is it realistic for companies to prohibit unapproved AI tools entirely?

Markowitz: When employees see clear value in a technology, adoption usually outpaces governance, so I don’t think it’s realistic or productive. We’ve seen this pattern before with the cloud and even early mobile devices. The better approach is to create safe pathways for innovation. Give employees approved tools. Create environments where teams can experiment responsibly. Establish controls that allow people to benefit from AI without creating unnecessary risk. Organizations that treat AI purely as something to restrict will spend their time chasing usage, while those that enable responsible adoption will move towards innovation much faster.

DJ: How should leaders rethink governance as AI becomes more deeply embedded in day-to-day business operations?

Markowitz: A lot of organizations are still focused on maintaining a perfect inventory of every AI application, so it will take a mindset shift from governing tools to governing outcomes. Governing tools is becoming increasingly difficult because AI capabilities are being embedded into existing products and workflows.

Instead, governance should focus on operational controls. The first step is accepting the reality that AI adoption is already happening throughout the organization, whether it’s formally tracked or not. Some questions that leaders might focus on should be, “Who has access to sensitive systems?” and “Can you produce evidence that controls are working consistently?” Those answers matter regardless of whether the AI tool being used is approved or not.

From there, improve visibility into systems and data. Make sure the right people have access to the right systems, and keep an ongoing pulse on how those systems are being used instead of checking in once or twice a year. The only way to continuously govern AI agents is with an agentic approach itself. Agents move too quickly and never stop, so a human pace can’t keep up. Utilize AI to collect and keep track of evidence so teams can demonstrate how controls are operating.

DJ: Looking ahead, what separates organizations that will thrive in the AI era from those that struggle?

Markowitz: Every business wants to move faster with AI, but customers, regulators, investors, and employees all want to trust that innovation is happening responsibly. The organizations that will be successful aren’t necessarily the ones with perfect visibility into every AI tool – and neither will the ones that block AI. They’re the ones that can confidently prove their controls are working, even as technology continues to evolve. That means moving beyond policies and toward continuous validation that creates assurance around how AI is used.

AI governance is becoming a business discipline, not just a security discipline. The companies that prove their controls are working continuously will move faster, close deals faster, and earn more trust. That’s the advantage.



Q&A: By 2027, 40% of AI-related data breaches will stem from improper use

#AIrelated #data #breaches #stem #improper

Tags: , , , ,

More Stories

Bill Gates faces questioning in US Congress over Epstein ties

Tech leads Asia losses, oil rises as rollercoaster week rumbles on

Art, maths and killing: Ukraine drone chief’s formula to stop Russia

Leave a Reply

Your email address will not be published. Required fields are marked *

You may have missed

Karen Bass’ brother sues LA after home burns down in Palisades Fire

Air Canada pilot accused of flying over 900 flights without valid license: “Like a movie script”

Xabi Alonso tipped to sign £29.5m Liverpool star for Chelsea | Football

Feds snare Newport Beach financier who ‘bilked $100M to fund private jets, fleet of supercars and sex-fueled mega parties’

Q&A: By 2027, 40% of AI-related data breaches will stem from improper use