AI Security Takes the Top Spot: How Enterprises Are Reckoning With the Risks They Built

For the first time in annual tracking by Enterprise Technology Research (ETR), LLM and generative AI protection has overtaken cloud security as the number one cybersecurity budget priority for enterprises. The finding, drawn from a survey of 517 security-focused technology leaders, marks a symbolic inflection point: the same AI tools that promised productivity gains are now the top threat vector keeping CISOs up at night.

From Assistants to Agents—and the Security Gap That Followed

The shift is not merely about chatbots. According to a parallel report from HiddenLayer, an AI security firm, 1 in 8 companies have now reported AI breaches specifically linked to agentic systems—AI that operates autonomously, takes real-world actions, and chains together multi-step tasks without direct human approval at each step.

"One of the clearest signals in this year's research is how fast AI has evolved from simple chat interfaces to fully agentic systems capable of autonomous action," said Marta Janus, principal security researcher at HiddenLayer. "Security frameworks and governance controls are struggling to keep pace with AI's rapid evolution."

The implication is sobering: enterprises deployed AI tools at scale during 2024 and 2025, often outpacing their ability to build appropriate oversight and security controls. Now, in 2026, they are experiencing the consequences.

Shadow AI: The Problem No One Wants to Admit

A separate report from The Purple Book Community released March 23rd added another data point to the picture. Their State of AI Risk Management 2026 research found that while 90% of organizations claim to have visibility into their AI deployments, a striking 59% simultaneously admit that shadow AI exists within their organizations—AI tools being used by employees outside of official IT procurement and oversight.

The confidence gap is significant. Organizations believe they know what AI is running in their environment; more than half are demonstrably wrong. Shadow AI creates exposure that security teams cannot inventory, let alone protect.

The Data Problem at the Heart of It All

ETR's survey identified a specific technical challenge as the hardest unsolved problem in enterprise AI security: preventing sensitive data from entering AI prompts. This was cited by 36% of respondents as their single most difficult data protection challenge—more difficult than model security, API access control, or output monitoring.

The problem is architectural. Employees interacting with AI assistants routinely include customer PII, confidential business data, legal documents, and proprietary code in their queries. The data enters third-party inference systems, often with opaque retention and training policies. Most enterprises lack tools to systematically detect or prevent this before it happens.

Agentic AI Amplifies Every Risk

As AI systems gain the ability to take actions—sending emails, executing code, querying databases, browsing the web—the blast radius of a security failure expands dramatically. A misconfigured chatbot might leak data. A misconfigured agent might exfiltrate it, delete it, or use it to make consequential business decisions.

ETR's report found rapid growth in agentic AI adoption within security operations themselves—using AI to detect threats, respond to incidents, and automate remediation. This creates a recursive challenge: using AI to secure AI, at a time when the security community is still learning the failure modes of agentic systems.

What Security Leaders Are Doing About It

Despite the alarming statistics, enterprises aren't pausing AI adoption—they're retrofitting governance around it. Planned spending priorities for 2026 include LLM security tooling, AI access controls, and vendor consolidation. Organizations are also showing unusual regret about their sequencing: 38% of leaders surveyed by Cybersecurity Insiders said they wish AI governance had preceded AI adoption at scale, and 25% wish they had invested in visibility controls sooner.

The lesson the industry is absorbing: AI deployment outpaced AI governance. The security community is now playing catch-up—and the stakes, with agentic systems running live in production, have never been higher.