Proofpoint Research Reveals Half of Global Organizations Experienced AI Incidents Despite Having AI Security Controls in Place

Inaugural global study finds more than half of organizations are not fully confident their AI security controls would detect compromised AI

• 87% of organizations have deployed AI assistants beyond pilot

• 94% struggle with multi-tool complexity as AI risks expand across email, cloud, collaboration, and AI systems

SUNNYVALE, Calif., April 28, 2026 - Proofpoint, Inc., a leading cybersecurity and compliance company, today released its 2026 AI and Human Risk Landscape report 2026 AI and Human Risk Landscape report, which explores the widening gap between how quickly organizations are operationalizing AI and how prepared they are to secure and investigate the risks that follow. The global study, which surveyed more than 1,400 security professionals across 12 countries, examines how rapid AI adoption is transforming enterprise collaboration and exposing structural weaknesses in security controls and incident response.

AI is increasingly permeating organizations and is now operational across most functions, with deployments spanning customer support, internal messaging, email workflows, and third-party collaboration. 87% of organizations have deployed AI assistants beyond the pilot stage, and 76% are actively piloting or rolling out autonomous agents. Yet while organizations are investing in AI tools and controls, many cannot confirm those controls are effective-52% are not fully confident their AI security controls would detect a compromised AI, and half of those with controls in place have already experienced a confirmed or suspected AI-related incident.

Further, most organizations report they are not fully prepared to investigate AI-related incidents that span multiple systems and channels-only one-third say they are fully prepared to investigate one.

"This year's findings highlight a widening divide between AI adoption and security readiness," said Ryan Kalember, Chief Strategy Officer at Proofpoint. "Organizations are scaling AI assistants and autonomous agents across core workflows, yet many cannot confirm their controls are effective or fully investigate incidents that move across collaboration channels. As AI becomes embedded in how work gets done, security leaders must rethink how they protect trusted interactions across people, data and AI systems."

Key global findings from Proofpoint's 2026 AI and Human Risk Landscape report include:

• AI Deployment Has Outpaced Security Readiness. AI adoption has moved into production faster than governance frameworks have matured. While 87% of organizations have deployed assistants beyond pilot stage and three-quarters are advancing autonomous agents, more than half describe security as catching up, inconsistent or reactive. 42% report experiencing a suspicious or confirmed AI-related incident, indicating that exposure is already present in live environments.
• Collaboration Channels Are the Primary AI Attack Surface. AI is expanding the attack surface, enabling threats to spread at machine speed and impact connected workflows. While email remains the most common threat vector at 63%, exposure now extends across third-party SaaS and cloud applications (47%), social and messaging platforms (41%), and AI assistants or agents (36%). Among organizations that experienced an AI-related incident, exposure increases across every channel, including 67% in email and 53% involving AI systems.
• Confidence Exceeds Control Effectiveness. While many organizations have security controls in place, they also lack assurance. 63% of organizations report having AI security coverage in place, yet 52% are not fully confident those controls would detect compromised AI. Further, more than half of organizations with controls still reported an AI-related incident. Gaps persist in training (47%), visibility into AI or agent activity (42%), and governance alignment across teams (41%).
• Investigation Readiness Lags Behind Incident Reality. When AI-related incidents occur, many organizations struggle to investigate them effectively. Only one-third of respondents say they are fully prepared to investigate an AI- or agent-related incident, and 41% report difficulty correlating threats across channels. As AI-related activity spans email, collaboration platforms and cloud systems, the ability to reconstruct events depends on visibility across connected environments, which many organizations do not yet have.
• Tool Sprawl is a Structural Barrier. Fragmentation across security stacks is compounding the challenge, limiting visibility and slowing response when incidents move across systems at machine speed. 94% of organizations say managing multiple security tools is at least moderately challenging, and more than half describe it as very or extremely difficult. Respondents cite operational cost pressures (45%), integration challenges (42%), and difficulty correlating threats (41%).
• Security Architecture Becomes a Strategic Priority as AI Scales. More than half of organizations are actively pursuing vendor and tool consolidation, and a majority believe a unified platform is more effective than point solutions. Over the next 12 months, 61% plan to expand AI protections, 56% intend to extend collaboration channel coverage, and 53% expect to move toward a unified platform approach.

"While AI has introduced new risks, such as prompt engineering, its bigger impact has been amplifying the risks we've always had," Kalember said. "Running untrusted code, mishandling sensitive data, and losing control of credentials are the same challenges that humans have created for decades. AI executes them at machine speed and scale. When organizations hand AI the keys to act on their behalf-across customers, partners, and internal systems-the blast radius of any one of those failures grows dramatically. The answer isn't to treat AI as a novel threat category, but to apply rigorous, proven controls to what AI touches, what it runs, and what it's allowed to authenticate as. Organizations that get that foundation right early will scale AI confidently. Those that don't are just automating their own exposure."

To download the 2026 AI and Human Risk Landscape report, please visit: https://www.proofpoint.com/us/resources/threat-reports/ai-human-risk-landscape-report

Methodology

The 2026 AI and Human Risk Landscape report provides a global view into how organizations are adopting AI and managing the security risks that follow. The research examines AI deployment maturity, control effectiveness, incident experience, collaboration channel exposure, and investigation readiness as AI assistants and autonomous agents become embedded in enterprise workflows. In January 2026, more than 1,400 full-time security professionals across organizations of varying sizes and industries were surveyed. Respondents represented 20 industries and spanned 12 countries, including the U.S., the U.K., France, Germany, Italy, Spain, the UAE, Australia, Japan, Singapore, India, and Brazil.

About Proofpoint, Inc. 

Proofpoint, Inc. is a global leader in human- and agent-centric cybersecurity, securing how people, data and AI agents connect across email, cloud and collaboration tools. Proofpoint is a trusted partner to over 80 of the Fortune 100, over 10,000 large enterprises, and millions of smaller organizations in stopping threats, preventing data loss, and building resilience across people and AI workflows. Proofpoint's collaboration and data security platform helps organizations of all sizes protect and empower their people while embracing AI securely and confidently. Learn more at https://www.proofpoint.com. 

Connect with Proofpoint on LinkedIn.

Proofpoint is a registered trademark or tradename of Proofpoint, Inc. in the U.S. and/or other countries. All other trademarks contained herein are the property of their respective owners.