TechTarget and Informa Tech’s Digital Business Combine. Dark Reading Resource Library Black Hat News Omdia Cybersecurity Advertise NEWSLETTER SIGN-UP Cybersecurity Topics World The Edge DR Technology Events Resources DATA PRIVACY CYBERATTACKS & DATA BREACHES VULNERABILITIES & THREATS CYBER RISK COMMENTARY Enterprise cybersecurity technology research that connects the dots. AI Rising: Do We Know Enough About the Data Populating It? Organizations remain reluctant to address the fact that AI can dangerously expose business operations as well as personal data. Adam Strange, Principal Analyst, Data Security, Omdia February 2, 2026 5 Min Read SOURCE: LENSW0RLD VIA ALAMY STOCK PHOTO COMMENTARY It certainly is clear that there are (considerable) business benefits to be unlocked through the use of AI. It can undeniably have a beneficial impact by automating rudimentary or labor-intensive tasks, cutting costs, boosting efficiency, enhancing decision-making through powerful data analysis, and so on. It can lead to improved customer experiences, increased innovation, better risk management, and a stronger competitive edge across various functions such as sales, marketing, and operations. All good so far. But how is this improved landscape to be achieved? The answer, fundamentally, is data. What is a lot less clear about AI is what data is actually being poured into all these new productivity tools. Crucially, can organizations have total confidence that they are not releasing sensitive or confidential personal data into an AI tool in the drive for productivity gains? Moreover, would the regulators consider these practices to be compliant with the various data privacy frameworks now in operation around the world? Related:While ECH Adoption Is Low, Risks Remain for Enterprises, End Users Would we be quite so comfortable arguing for the productivity gains of AI, knowing we had no or very little idea what data was populating the tool(s) and, therefore, what risks it exposed the business to? In a recent survey, Omdia asked senior IT decision makers to reflect on the whereabouts of all their data. The results, shown in Figure 1, are revealing. Figure 1: What percentage of your data would you be confident your organization can account for? With only 11% of respondents certain they can account for 100% of their data, organizations simply are unprepared to exfiltrate their data into the AI domain as it currently stands. Without knowing where all the organizational data is and, by association, what it is or how sensitive it is, organizations cannot have any confidence that downloading it (all) to an AI tool will not expose critical business operations or private information. Even worse if the AI is open source or in the public domain. Sensitive data can be lost or revealed simply because there was no understanding that it was within the dataset being moved across into an AI platform in the first place. Exposing data and causing a detrimental impact on business operations is one thing. Regulatory noncompliance and unauthorized data loss will amplify an already damaging situation. Paradoxically, AI can have an important role here and can step in to help with the initial location of data: data discovery. Used cautiously and strictly within the confines of the internal network, an AI tool can be tasked with tracking down the totality of the data landscape — known, unknown, and shadow data — across all identified repositories: on-premises, in software-as-a-service (SaaS), cloud, remote devices, and so on. We are not yet at the point where an AI data discovery tool can search out long-forgotten repositories to find the data held within, but as long as the engine can be told where to look, the greatest part of the data landscape can be identified. Once tracked down, each dataset can be content interrogated and classified, and, ultimately, a decision can be made as to which data should and which data should not be fed into operational AI. Related:BCI: The Stuff of Nightmares or Dreams? AI Usage and Data Knowledge Disconnect In spite of the apparent risks outlined above, the adoption of AI has been widespread. Organizations have either embraced commercially available options such as Microsoft's Copilot or the Watsonx platform from IBM or preferred to build their own in-house tool sets from the ground up. Irrespective, AI now dominates the way many organizations conduct their business operations, and it is rapidly becoming the norm to turn to AI for content or analysis. Inevitably, AI has found application in organizational cybersecurity to improve process, posture, and defenses, just as it has also been adopted for nefarious purposes by the cybercriminal fraternity looking to improve attack methods and bolster means of successful intrusion. Related:Gaps in California Privacy Law: Half of Data Brokers Ignore Requests In the same Omdia survey, respondents were asked whether they had deployed specific cybersecurity products or policies for AI use. The response was clear and unequivocal (Figure 2). Figure 2: Have you deployed specific cybersecurity products or policies for AI use? Given the momentum of AI, the revelation that 90% of those responding to the Omdia survey had implemented AI in some form in a cybersecurity context is not unexpected. If no other incentives were necessary, the opportunity to use AI to identify threats at the network boundary, together with the threat of malicious actors using AI to refine and improve their attack capability, are probably enough to provoke adoption across many businesses. However, it means there is a somewhat alarming disconnect between AI usage as a cybersecurity tool and an understanding of the data that fuels the AI landscape. Simply, Omdia’s research indicates there are too many organizations deploying infrastructural AI without sufficient knowledge of the data they are using to achieve the business benefits articulated to them by the AI vendors in particular. Overlooking or ignoring this critical aspect of using AI is an inherently risky strategy, and the regulators will be waiting to penalize those that lose or misappropriate their data as a result. Ninety percent of organizations are using AI in a cybersecurity capacity, yet only around 10% are able to say they can reliably find all their data, and even then, in all probability, that will apply only to data resident in known repositories. The disconnect is stark. The operationalization is even more concerning. There are certainly aspects of AI that can add significant advantages to businesses looking to speed up tasks, improve overall productivity, and reduce costs. However, until organizations can gain a thorough understanding of the composition of the data being used to educate and expand the knowledge set of these tools, they need to very carefully consider the data and data privacy risks they take when they release large volumes of unknown or unidentified data into AI. Read more about: Omdia About the Author Adam Strange Principal Analyst, Data Security, Omdia Adam Strange is responsible for delivering a comprehensive analysis and insight program focused on data security within the Omdia cybersecurity research function, supporting vendor, service provider and enterprise clients. Adam brings comprehensive experience of the cybersecurity industry, having worked for a series of UK-based channel and global vendor organizations. More Insights Industry Reports ThreatLabz 2025 Ransomware Report The Total Economic Impact™ Of Zscaler Private Access (ZPA) Zscaler ThreatLabz 2025 VPN Risk Report GigaOm Radar for CNAPP The Total Economic Impact™ of Google SecOps Access More Research Webinars Ransomware and the Supply Chain: A Fireside Chat with the CISOs Who Literally Wrote the Book on Third-Party Risk The Hidden AI Attack Surface: How GenAI Tools Expand Data Exposure Risk Beyond the Model: The Expanded Attack Surface of AI Agents AI-Powered Threat Hunting: Staying Ahead of Evolving Attack Patterns AI-Powered Cloud Security Posture Management More Webinars You May Also Like DATA PRIVACY Fortanix Tackles Quantum Computing Threats With New Algorithms by Agam Shah FEB 26, 2025 DATA PRIVACY Ransomware Gangs Innovate With New Affiliate Models by Alexander Culafi, Senior News Writer, Dark Reading APR 23, 2025 DATA PRIVACY Paragon Commercial Spyware Infects Prominent Journalists by Alexander Culafi, Senior News Writer, Dark Reading JUN 19, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 Discover More Black Hat Omdia Working With Us About Us Advertise Reprints Join Us NEWSLETTER SIGN-UP Follow Us Copyright © 2026 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466. Home| Cookie Policy| Privacy| Terms of Use