Securing Intelligence: Why AI Security Will Define the Future of Trust

Artificial intelligence (AI) is likely to greatly shape twenty-first century prosperity and security—but only if it can be trusted. The defining question is not how advanced AI becomes, but whether its systems can be secured enough to sustain institutional and public confidence. Security failures in 2025 revealed that most organizations remain unable to safeguard AI effectively, widening the gap between its technical promise and operational viability. Most AI-related breaches in 2025 resulted in data compromises, and nearly one-third caused operational disruption. The EU Agency for Cybersecurity found that more than 80 percent of social engineering attacks relied on AI, underscoring how adversaries now innovate faster than defenders can respond. For the United States and its allies, securing AI systems is not a narrow technical concern but a test of whether democratic governance can sustain trust and leadership at machine speed.

Three converging dynamics threaten to stall AI adoption: (1) Systemic vulnerabilities in AI models and infrastructure, (2) deployment that outpaces security controls, and (3) increasingly sophisticated adversaries weaponizing AI. Microsoft’s Digital Defense Report 2025 found that cyberattackers from China, Iran, North Korea, and Russia more than doubled their use of AI for cyberattacks and to spread disinformation. Those actors achieved a 54 percent click-through rate with AI-automated phishing emails, compared with 12 percent for traditional methods, demonstrating that AI enhances adversary effectiveness as much as it augments defensive operations. Resolving those challenges is a prerequisite for accelerated and widespread adoption.

Fragile Foundations: Securing the AI Service Supply Chain

The promise of AI-augmented development confronts a stark reality: the code and models enabling it are structurally insecure. A 2025 Veracode analysis found that nearly 45 percent of AI-generated code contained exploitable flaws. For enterprises evaluating adoption, such flaws turn productivity gains into liability risks. JFrog’s Software Supply Chain State of the Union 2025 report documented over twenty-five thousand exposed secrets and tokens in public repositories—a 64 percent year-over-year increase—of which 27 percent remained active and exploitable.

Even more concerning for long-term viability, research by Anthropic, the UK AI Security Institute, and the Alan Turing Institute showed that as few as 250 malicious documents could create a backdoor in large language models, regardless of their size or training data volume. This finding fundamentally undermines confidence in model integrity. The National Security Agency’s AI Security Center warned that compromised data integrity and provenance pose critical risks across national security supply chains, where AI systems process classified information and support strategic decisions.

Those foundational vulnerabilities cascade upward into complex AI ecosystems, eroding confidence in the very infrastructure that supports national and corporate decision-making. In financial services, model risk-management requirements complicate deployment, particularly regarding provenance and explainability. Most health-care organizations faced heightened pressure from stricter Health Insurance Portability and Accountability Act (HIPAA) standards in 2025, leading to delays and greater caution in adoption. These are not theoretical constraints but current barriers that confine frontier AI to peripheral, rather than core, operations. Addressing supply chain insecurity requires verifiable software provenance, secure model pipelines, and continuous third-party auditing—standards that should be embedded in national AI assurance frameworks and international best-practice guidelines.

The Trust Deficit: Risks in Autonomous Agents

The most ambitious vision for artificial intelligence—autonomous agents able to coordinate complex tasks across digital systems—confronts a central obstacle: a lack of trust. The August 2025 Salesloft–Drift AI breach exposed security tokens that connected hundreds of Salesforce systems, compromising data from more than seven hundred companies and revealing how tightly connected digital infrastructure has become. The incident underscores a broader risk: in such an interconnected environment, delegating control to AI agents could produce cascading effects whose reach and repercussions remain uncertain.

High-profile failures have validated this skepticism. Security researchers have shown that indirect prompt injection—where attackers embed malicious instructions in web pages or documents that AI systems then execute—remains a fundamental flaw. In October 2025, OpenAI’s launch of ChatGPT Atlas, its browser, immediately revealed systemic vulnerabilities to such attacks. The company acknowledged that prompt-injection remains an unsolved frontier despite extensive red-teaming. If the leading AI laboratory cannot secure its flagship product against a known attack vector, enterprises cannot yet trust autonomous agents with sensitive operations.

AI agents require broad access to data and systems to function effectively. Once compromised, abnormal behavior becomes indistinguishable from legitimate AI activity, creating an insider threat that evades conventional monitoring. Until this paradox is resolved, enterprises will confine AI agents to sandbox environments—and the vision of AI autonomously orchestrating complex operations at scale will remain unrealized.

The Governance Gap: Shadow AI and Institutional Risk

The spread of ungoverned tools, what enterprises call shadow AI, has emerged as one of the principal barriers to responsible adoption. IBM’s Cost of a Data Breach Report found that 13 percent of organizations suffered AI-related breaches, costing an average of $670,000 more than conventional breaches. With 88 percent of organizations lacking mature predictive risk models for insider threats, enterprises cannot demonstrate compliance, manage risk, or justify AI deployment beyond pilot programs.

The strategic implications extend beyond breach costs. Researchers observed that AI systems in simulated corporate environments chose harmful actions, including blackmail and corporate espionage, when goals conflicted with organizational direction—a phenomenon termed agentic misalignment. This finding cuts to the core of AI adoption. If AI systems optimize narrow objectives while violating broader organizational constraints, enterprises cannot safely delegate decision-making authority to AI, regardless of efficiency gains. The rise of shadow AI underscores a deeper governance failure: the absence of standardized mechanisms to track, audit, and certify AI use across complex organizations. Shadow AI reflects not only weak corporate oversight but a wider governance lag, where democratic institutions struggle to regulate technologies moving faster than existing accountability mechanisms.

The Tempo Problem: When Offense Outpaces Defense

The accelerating pace of AI-enabled cyberattacks has created a tempo mismatch—one that erodes confidence in democratic states’ ability to defend their digital infrastructure. Half of critical infrastructure organizations reported facing AI-powered attacks in the past year, according to Deep Instinct’s Voice of SecOps survey. Anthropic documented North Korean operatives using frontier-AI services to secure remote employment at U.S. Fortune 500 technology companies fraudulently. According to Check Point Research, criminals are expected to use the Hexstrike-AI framework to reduce the time needed to exploit critical zero-day vulnerabilities from days to minutes. XBOW, an autonomous AI penetration-testing platform, already identifies, exploits, and validates vulnerabilities with roughly 75 percent success on web-application security benchmarks—achieving in minutes what skilled human analysts could complete only in hours or days. This evolution is not incremental but transformational, outpacing traditional security-response capabilities.

Corporations have made significant advances in developing AI-augmented defenses. More than 80 percent of major companies now use AI to strengthen cyber defenses. Organizations deploying AI extensively detect and contain incidents ninety-eight days faster than those without such capabilities and incur an average of $2 million less in breach costs. Yet despite widespread adoption, organizations constrain AI deployment by limiting autonomy and access. Many organizations hesitate to integrate autonomous security tools fully, wary that the same systems designed to protect them could be turned against them. The result is a persistent imbalance—rapid innovation in theory, delayed adoption in practice—that leaves even advanced networks exposed to faster, smarter forms of attack.

The combination of machine-speed exploitation and intelligent evasion has produced a defensive environment in which security teams operate at a continuous disadvantage. This widening tempo gap also carries strategic consequences: adversaries able to automate offense faster than democracies can automate defense will dictate the rules of digital conflict. For chief information security officers advising on AI adoption, the calculus is unforgiving: deploy AI systems that adversaries can compromise faster than defenders can protect, or delay deployment until defensive capabilities mature.

The Credibility Crisis: AI Deception and Digital Authenticity

AI-powered deception now threatens the social foundation essential for AI adoption. Deepfakes—synthetic images, videos, or voices used to impersonate individuals—accounted for 7 percent of all detected fraud by the end of 2024. Deepfake fraud losses reached $410 million in the first half of 2025, already surpassing the total for 2024. Such incidents erode confidence in voice-based authentication, video conferencing, and every other identity verification mechanism on which AI adoption depends.

The technology enabling this credibility crisis has reached maturity at scale. NCC Group researchers demonstrated that real-time AI voice cloning can now successfully conduct attacks during security assessments, achieving password resets and account takeovers by impersonating trusted individuals with near-perfect fidelity. Both current detection systems and human judgment fail to distinguish authentic from synthetic identities reliably.

This erosion of trust extends beyond enterprise risk to democratic infrastructure. When citizens cannot trust video, audio, or text as authentic, they apply blanket skepticism not only to malicious deepfakes but to legitimate AI applications in telemedicine, remote education, and digital governance. Left unaddressed, the spread of AI-generated disinformation will erode not only enterprise trust but civic legitimacy, turning information integrity into a core dimension of strategic competition.

Securing the Foundation: Building Trust for AI’s Future

The transformation that AI promises now depends on solving the security challenges constraining its adoption. AI innovation and security are not opposing objectives; without robust safeguards, innovation yields systems too fragile to sustain. IBM estimates that the average data breach costs $4.4 million per incident, with AI-driven breaches likely to go higher. Most S&P 500 companies now cite AI security as one of their foremost adoption concerns.

Some industry executives contend that stricter safeguard standards will hinder AI innovation and give less constrained competitors—particularly China—an edge. This view misinterprets the challenge. Security requirements could slow premature deployment, but they accelerate responsible adoption by fostering the trust needed for broad integration. The real contest is not over who deploys fastest, but over who can scale AI securely, safely, and sustainably.

The path forward requires treating AI security as the foundation of credible and sustainable AI adoption.

• First, governments and enterprises should treat all AI-generated code as untrusted input subject to mandatory review.
• Second, they should adopt zero-trust architectures designed specifically for AI systems—sandboxed agents, least-privilege access, and real-time anomaly monitoring.
• Third, they should implement governance frameworks that eliminate shadow AI through centralized approval workflows and audit trails.
• Fourth, national security and critical infrastructure operators should implement continuous model integrity monitoring and practice AI incident response, assuming compromise will occur and designing for rapid containment.

Industry coordination will determine whether AI security evolves piecemeal or systemically. Technology providers should align on standardized telemetry for AI components through complementary frameworks such as the National Institute of Standards and Technology’s AI Risk Management Framework and the Cloud Security Alliance’s Security, Trust, Assurance, and Risk (STAR) for AI. The U.S. government should condition federal AI procurement on vendor compliance with those standards, signaling that trustworthiness is a market advantage. Industry can rely on the Coalition for Secure AI’s best practices for AI incident response, model integrity, and securing AI-generated code.

Acknowledging those challenges demands strategic realism. Although implementing those four foundational steps is a significant undertaking, leaders can start small on them today. The immediate priority is to initiate coordinated implementation, as these actions—treating all AI-generated code as untrusted, adopting zero-trust architectures, eliminating shadow AI, and mandating continuous monitoring—are high-leverage starting points. They build the necessary baseline of trust while the more complex coordination efforts mature.

Policymakers and industry leaders have limited time to establish credible safeguards before adversaries exploit systemic weaknesses. Each month of delay deepens the trust deficit and widens the strategic gap. For the United States and its allies, the challenge is not only to secure AI systems but to do so swiftly enough to sustain democratic trust and technological leadership. The necessary practices are understood, and the standards are taking shape; what remains uncertain is whether democratic governments will act in time to shape—rather than follow—the emerging rules of technological competition. Securing AI is not merely a technical safeguard but a strategic requirement for democratic resilience. The credibility of U.S. and allied leadership in the digital order will rest on whether they can embed trust into the architecture of machine intelligence itself.