- Pentera, the market leader in AI-powered Security Validation, released its AI Security & Exposure Benchmark 2026 based on a survey of 300 U.S. CISOs and security executives in North America. The report shows that although AI is now embedded across enterprises, many security teams lack a clear understanding of where AI is deployed, the risks it introduces, and the tools and expertise needed to secure it.

AI is not being introduced in isolation. It's being layered onto already complex IT and security environments where scale, fragmentation, and inconsistent security validation, have long been challenges. The report reveals a significant security gap: 67% of CISOs report limited visibility into how AI is being used across their environment, and 44% acknowledge their AI security posture is already lagging behind the rest of their security program.

"AI represents a fundamental shift because it touches every part of the enterprise. It's changing how data and systems interact, expanding organizational exposure beyond what most security programs have fully mapped," said Amitai Ratzon, CEO of Pentera. "As AI adoption accelerates, enterprises are accepting risks they don't yet fully understand. Adversarial testing enables security teams to see that risk from the attacker's perspective - validating security controls, prioritizing exploitable gaps that pose real business impact, and strengthening their security posture over time."

Benchmark Survey Highlights:

• AI Security Challenges Are Foundational, Not Budget-Driven - The top challenges are lack of internal expertise (50%), limited visibility into AI usage (48%), and insufficient AI-specific security tools (36%), underscoring the need for upskilling.
• AI Security Relies on Legacy Controls - 75% of CISOs report that their enterprises rely on extending controls originally designed for other attack surfaces to cover AI-driven workflows and infrastructure. Only 11% of enterprise CISOs report having security tools specifically designed to protect AI systems.
• AI Security Is Funded, but Not Yet Treated as a Standalone Priority - 78% of enterprises fund AI security through existing security budgets, yet only 1% have a dedicated AI security budget. 21% plan to introduce one, signaling a shift toward maturity.
• AI is Reshaping Consolidation Conversations, but Not Security Stacks Yet - 58% of CISOs say AI is influencing their security stack consolidation strategy, only 3% are actively consolidating due to AI, with another 11% consolidating for reasons unrelated to AI.