Explosive AI Growth Leaves Organizations Grappling With New Attack Surfaces

As AI adoption surges toward a trillion annual enterprise transactions, IT leaders now face an attack surface expanding faster than traditional security models can contain. With nearly 40% of AI activity being blocked due to data‑exposure risks, the stakes for governing AI securely have never been higher.

According to Zscaler ThreatLabz’ 2026 AI Security Report, there is a massive rise in enterprise AI adoption. The researchers analyzed around 1 trillion AI/ML transactions for 2025, which show a 91% year‑over‑year increase. AI has effectively become core infrastructure within organizations, consistently active across workflows, tools, and business processes.

Enterprises transferred more than 18,000 TB of data to AI tools in 2025, which is a 93% increase from the previous year. As more data flows into AI systems, the likelihood of accidental data leaks grows sharply, especially through tools like Grammarly, ChatGPT, and coding assistants. ChatGPT alone generated over 410 million DLP violations.

AI security controls are heavily shaping usage

Additionally, organizations blocked 39% of all AI/ML transactions due to concerns around privacy, compliance, and uncontrolled data sharing. The most commonly blocked apps are also the most widely used ones (like Grammarly, GitHub Copilot, and ChatGPT).

OpenAI remains the dominant LLM vendor that generates three times more enterprise traffic than the next competitor. Grammarly, ChatGPT, and Codeium are the most-used AI applications globally that reflects their deep integration into daily workplace tasks.

Embedded AI is becoming a hidden risk

According to the report, AI features that are built directly into everyday applications (such as Microsoft 365 Copilot) operate with inherited permissions and often bypass traditional security oversight. This raises concerns about unauthorized data access, prompt manipulation, and supply-chain exposure in AI-connected systems.

Zscaler’s red‑team testing found that every AI system assessed exhibited critical vulnerabilities, many of which surfaced within minutes of adversarial interaction. These weaknesses frequently appeared as data leakage, prompt manipulation, hallucinations, policy bypasses, and poor safety alignment, with even simple one‑shot prompts proving effective at causing the highest failure rates.

The report forecasts a sharp escalation in AI‑related threats, including a surge in autonomous, agentic AI‑driven cyberattacks and a growing wave of intrusions aimed at compromising AI supply‑chain components such as models, datasets, and connectors. It also warns that attackers will increasingly exploit embedded AI features within SaaS platforms, and the expanding use of GenAI will heighten the risk to sensitive enterprise data stores.

Recommended best practices

Organizations are encouraged to adopt a security-first approach to AI by building strong visibility, governance, and access controls into every stage of AI usage. This begins with maintaining a continuously updated inventory of all generative AI tools so that security teams understand exactly where AI is operating and what data it can touch.

Moreover, it’s recommended to apply zero‑trust principles to all AI interactions to ensure that users and systems receive only the minimum necessary access. Inline inspection, AI‑aware data‑loss prevention, and disabling risky default AI settings also help prevent sensitive information from being exposed to external models or misused through prompts.

Lastly, organizations are advised to strengthen oversight by validating model provenance, assessing supply‑chain components, and continuously testing models for vulnerabilities such as prompt injection, hallucination, and data leakage. Moreover, end‑to‑end security across the AI development lifecycle helps prevent weaknesses from entering production systems.