AI, particularly in the form of assistants and agents , are permeating enterprise operations, reaching deep into customer support, internal messaging, email workflows, and third-party collaboration tools as corporate executives push for the competitive advantage the technology promises. At the same time, organizations are investing in and deploying security tools and controls, according to researchers with cybersecurity firm Proofpoint . However, the gap between how quickly companies are deploying AI and how prepared they are to secure it continues to widen as innovation rapidly outpaces security. “What we’re seeing isn’t simply that AI is easier to adopt than to secure,” Tim Choi , group vice president for product go-to-market (GTM) and strategy for AI security at Proofpoint, told MSSP Alert. “It’s that AI is being embedded directly into revenue-generating workflows, such as customer support, collaboration platforms, [and] vendor communications, before governance models have fully matured to support it.” The security vendor laid out the situation this week in its 2026 AI and Human Risk Landscape report, based on surveys of more than 1,400 security pros from 12 countries, that examined how the rapid adoption of AI is both transforming collaboration within enterprises and bringing to light structural weaknesses in security controls and incident response. Adoption Outpaces Security The survey found that 87% of those questioned said their companies have deployed AI assistants beyond the pilot state and 76% are piloting or rolling out autonomous agents. The problem is that, while organizations are investing in security tools and controls, half of those who said they had such controls experienced a confirmed or suspected AI-related security incident. “If you want to know where the industry stands right now, that single finding from our survey ... tells you everything you need to know,” the report’s authors wrote in the introduction. “AI has moved from experiment to operational backbone. And it has done so at a pace that has outrun security models designed to govern it.” It's Both Speed and Architecture Proofpoint’s Choi said the problem isn’t just about speed, but also about architecture, noting “threes structural drivers behind the divide” that starts with the fact that AI deployment is happening at the application and workflow layer rather than in infrastructure. “Security controls were historically designed around endpoints and networks,” he said. “AI operates inside identity, SaaS, and collaboration environments, which are harder to monitor end to end.” In addition, many existing security tools were built for a pre-agent threat model and were not designed to monitor autonomous decision-making or cross-channel data movement. Lastly, “AI collapses time,” he said. “Agents act at machine speed, across systems, often without a human in the loop. Security teams are being asked to govern behavior that didn’t exist a year ago.” The numbers in Proofpoint’s report back that up. While 63% of those surveyed said they have AI security controls in place, 52% are not fully confident those controls would detect a compromised AI. In all, 42% of respondents reported a confirmed or suspicious AI incident. Collaboration Channels a Security Risk Collaboration channels have become the primary AI attack surface, allowing threats to move at machine speed through connected workflows. Email continues to be the most common attack vector, at 63%. However, that threat exposure is reaching out to third-party SaaS and cloud applications, at 47%, social and messaging platforms (41%), and AI assistants and agents (36%). Those companies that experienced an AI-related incident saw exposure increases of 67% in email, 57% in third-party apps, and 53% involving AI systems. Such reach of AI assistants and agents is a challenge for security teams. A third of security pros surveyed said they’re fully prepared to investigate an AI-related incident and 41% said it was difficult to correlate threats across channels. Many organizations don’t have the visibility across such connected environments, accord to Proofpoint’s report. Tool sprawl is another obstacle, with half of the organizations saying managing multiple tools is very difficult. Executive Pressure AI and security is a complicated issue for executives, who are under pressure to use the technology, Choi said. “AI is seen as a competitive advantage,” he said. “Boards and CEOs are pushing for productivity gains, automation, and new digital workflows. Security teams are brought in, but often after deployment decisions are made.” At the same time, many company leaders assume that if there are controls in place, they’ve got security covered. However, Choi said, “our findings show that confidence often exceeds control effectiveness, particularly when threats move across email, collaboration tools, SaaS apps, and AI systems simultaneously.” Challenge and Opportunity for MSSPs For MSSPs and MSPs, AI adoption is both an exposure challenge and business opportunity, he said. “Many clients are embedding AI into collaboration and revenue-driving workflows faster than governance is evolving, which introduces blind spots around identity, mailbox rules, and cross-channel visibility,” he said. “Service providers need to shift from simply protecting endpoints to understanding how AI interacts with data, users, and business processes across SaaS environments.” AI security isn’t a one-time project, Choi added, noting that “it requires ongoing monitoring, policy refinement, and workflow oversight. That creates a natural expansion into recurring managed services for providers that can position themselves as trusted advisors in AI risk, not just incident responders.”