Rachel Jin, Chief Enterprise Platform Officer at Trend Micro: “AI holds enormous promise for strengthening cyber defences, from identifying anomalies faster to automating time-consuming tasks. But attackers are just as eager to leverage AI for their own purposes, and that creates a rapidly shifting threat landscape. Our research and real-world testing make it clear that security must be built into AI systems from the outset. There is simply too much at stake to treat this as an afterthought.”
According to the study, 81% of global businesses are already using AI-driven tools as part of their cybersecurity strategy, with this number rising to 86% for UK businesses. Nearly all global respondents (97%) are open to using AI in some capacity. Over half are already relying on it for essential processes such as automated asset discovery, risk prioritisation and anomaly detection. AI and automation are now considered top priorities for improving cybersecurity over the next 12 months by 42% of surveyed organisations.
This optimism also comes with significant risk. An overwhelming 94% of global businesses believe that AI will negatively impact their cyber risk exposure within the next three to five years. 66% of UK businesses flag worries that AI-driven attacks will drastically increase in complexity and scale over this period. UK businesses call out increased risk of AI-powered phishing or social engineering attacks (54%), exposure of sensitive (41%) and proliferation of shadow IT (38%) most often when pointing to their AI security risks of most concern.
AI vulnerabilities spotlighted at Pwn2Own Berlin
The tension between opportunity and risk was evident at Trend’s Pwn2Own event in Berlin, where the AI category was introduced for the first time. The results offered a compelling snapshot of where AI security currently stands.
Twelve entries targeted four major AI frameworks, with the NVIDIA Triton Inference Server receiving the most attention. Chroma, Redis, and the NVIDIA Container Toolkit were also successfully exploited, in some cases using just a single bug to achieve full compromise. In total, seven unique zero-day vulnerabilities were uncovered in the AI frameworks. The vendors now have 90 days to patch the flaws before technical details are made public.
As AI becomes more deeply integrated in enterprise IT environments, Trend urges security leaders to proactively evaluate the evolving risk landscape and embed rigorous security practices into every stage of AI adoption.
