AI as a Data Threat: 99% of Organizations Expose Sensitive Data to AI Tools

A new report from cybersecurity firm Varonis reveals that artificial intelligence tools are creating unprecedented data exposure risks for organizations worldwide. The study, which analyzed 20 petabytes of data across 1,000 organizations, found that 99% have sensitive data exposed to AI systems, with 90% of cloud data accessible to AI tools¹.

AI’s Data Consumption Patterns

The report compares AI tools to “Pac-Man,” describing how they indiscriminately access and process data across cloud environments, applications, and SaaS platforms. This behavior creates significant security challenges, particularly when combined with the widespread use of unverified AI applications. According to the findings, 98% of organizations use unverified apps, including unsanctioned AI tools that bypass traditional security controls².

Varonis CEO Yaki Faitelson noted, “AI’s productivity gains come with real security risks. We’re seeing these tools access everything from customer databases to intellectual property without proper safeguards.” The analysis included data from major platforms like AWS, Azure, and Salesforce, revealing consistent patterns of overexposure across all environments³.

Security Gaps and Shadow AI

The report identifies several critical security gaps that exacerbate AI-related risks:

• 1 in 7 organizations lack multi-factor authentication enforcement in SaaS and multi-cloud environments
• 88% have “ghost users” – stale but still enabled accounts that could be exploited
• Only 10% of files are properly labeled for sensitivity
• 66% expose cloud data to anonymous users

Shadow AI presents particular challenges, with mobile devices often bypassing traditional security controls. Security Boulevard’s coverage of the report notes that mobile endpoints create unique risks as they frequently connect to both corporate and personal AI tools⁴.

Financial and Operational Impacts

The financial implications of these exposures are significant. IBM and Ponemon Institute data cited in the report shows the average cost of a data breach has risen to $4.35 million globally, with U.S. breaches averaging $9.44 million⁵. Small and medium businesses are particularly vulnerable, with 76% experiencing attacks in 2025 but only 26% carrying cyber insurance coverage.

Varonis’ findings have already influenced market behavior, with the company’s stock (VRNS) seeing increased activity following the report’s release. GuruFocus noted this reflects growing market demand for AI security solutions⁶.

Recommendations for Mitigation

The report provides several actionable recommendations for organizations:

Area	Recommendation
Access Control	Implement zero trust principles and enforce MFA universally
Data Classification	Label sensitive files and implement automated classification
Monitoring	Deploy AI-native security tools to detect unauthorized AI usage
User Management	Deprovision ghost users and implement regular access reviews

For organizations looking to assess their risk, Varonis offers a free risk assessment tool that provides visibility into AI-related data exposures⁷.

Future Implications

The report has spurred calls for AI-specific compliance frameworks to address these emerging risks. As AI adoption continues to accelerate, organizations will need to balance productivity benefits with data protection requirements. The findings suggest that current security practices haven’t kept pace with AI’s rapid integration into business processes.

With ransomware costs averaging $4.54 million per incident (excluding ransom payments) and social engineering attacks increasing 270% in 2025, the stakes for addressing AI-related vulnerabilities have never been higher⁸.

References

1. “AI is a Ticking Time Bomb for Your Data, Reveals New Report From Varonis,” GlobeNewswire, May 20, 2025. [Online]. Available: https://www.globenewswire.com/news-release/2025/05/20/3084970/0/en/AI-is-a-Ticking-Time-Bomb-for-Your-Data-Reveals-New-Report-From-Varonis.html
2. “State of Data Security Report 2025,” Varonis Blog, May 20, 2025. [Online]. Available: https://www.varonis.com/blog/state-of-data-security-report
3. “AI is a data-breach time bomb, reveals new report,” BleepingComputer, May 20, 2025. [Online]. Available: https://www.bleepingcomputer.com/news/security/ai-is-a-data-breach-time-bomb-reveals-new-report
4. “AI is a Ticking Time Bomb for Your Data, Reveals New Report From Varonis,” Security Boulevard, May 20, 2025. [Online]. Available: https://securityboulevard.com/2025/05/ai-is-a-ticking-time-bomb-for-your-data-reveals-new-report-from-varonis
5. “Average Cost of a Data Breach,” ProWriters, 2025. [Online]. Available: https://prowritersins.com/cyber-insurance-blog/average-cost-of-a-data-breach
6. “AI is a Ticking Time Bomb for Your Data, Reveals New Report From Varonis (VRNS) Stock News,” GuruFocus, May 20, 2025. [Online]. Available: https://www.gurufocus.com/news/2876764/ai-is-a-ticking-time-bomb-for-your-data-reveals-new-report-from-varonis-vrns-stock-news
7. “Varonis Data Risk Assessment Sample,” Varonis. [Online]. Available: https://info.varonis.com/hubfs/docs/DRA-sample.pdf
8. E. Kirstel, “AI as a ticking time bomb,” X Post, May 20, 2025. [Online]. Available: https://x.com/EvanKirstel/status/1924857797239304199