33% of respondents say AI agents shared sensitive or inappropriate data

12% of all sensitive data exposures originate from personal accounts, including free versions of generative AI tools.

The average organization used 27 distinct AI tools in Q3 2025, down from 23 new tools introduced in Q2 2025.

58% of IT security decision makers estimate that 50% or more of cyberattacks in the next year will be driven by agentic AI

89% of organizations have fully or partially incorporated AI agents into their identity infrastructure, with an additional 10% planning to do so

71% of enterprises state it is critical to urgently develop the capability to distinguish between human and AI agents.

75% of security practitioners indicate that AI applications evolve faster than security measures can keep up.

35% of leaders cite integration challenges as a top barrier to realizing ROI from AI.

53% of organizations are currently in the pilot, planning, or active evaluation phases of AI implementation in their support operations.

98% of enterprises feel confident in their ability to distinguish between human and AI agents.

74% of organizations expect their focus on AI security to increase significantly over the next two years.

74% of security practitioners believe that AI sprawl will significantly exceed the risks associated with API sprawl.

57% of leaders are now tracking ROI from AI through increased output, 53% through process reinvention, and 47% through the creation of new capabilities.

The company with the smallest footprint that still had verified leak instances had 0 public repositories and 14 organization members.

65% of the 50 leading AI companies analyzed had leaked verified secrets on GitHub.

In one specific case (an AI50 Company with no disclosure permission), a HuggingFace token found in a deleted fork allowed access to about 1K private models. The leak also included multiple WeightsAndBiases API keys belonging to organizational employees that leaked training data for many private models

Almost half of the disclosures regarding leaked secrets by leading AI companies on GitHub either failed to reach the target or received no response.

The total valuation of the companies with verified secret leaks is over $400B.

The company with the largest footprint without an exposed secret had 60 public repositories and 28 organization members.

52% of organizations lack a formal AI governance framework.