Blog post

AI Models under Attack; Conventional Controls are not Enough

By Avivah Litan | August 05, 2022 | 0 Comments

2 in 5 organizations had an AI privacy breach or security incident, of which 1 in 4 were malicious attacks.  Conventional controls ARE NOT enough.

Attack surfaces are rapidly growing as AI becomes pervasive.  Over 70% of enterprises have hundreds or thousands of AI models deployed, according to Gartner’s latest survey of AI adoption.  See our latest research for full survey analysis: AI in Organizations: Managing AI Risk Leads to Positive Business Outcomes

Attacks are Pervasive

Compromises and malicious attacks against AI are not-surprisingly common.

41% of organizations surveyed had experienced an AI privacy breach or security incident as noted in the figures below. Of those reported incidents, 60% were data compromises by an internal party, while 27% were malicious attacks on the organization’s AI infrastructure. These findings highlight a big problem, particularly as some breaches or incidents may go undetected.

Figure 1

Figure 2

AI can be transformative but poses risks that require new forms of AI Trust Risk and Security Management (AI TRiSM). Conventional controls simply are not sufficient.

The Good News – Managing AI Risk pays off

Our survey also found that organizations that collaborate across departmental siloes to implement AI TRiSM move more AI models into production and derive more value from them than organizations that do not. Regulatory compliance currently drives AI TRiSM, but that is shortsighted as effective risk management yields better business results.   We also found more AI project success when budgets are allocated to the CIO office as shown in Figure 3 below.

Figure 3

AI TRiSM methodology and tools are a prerequisite for establishing KPIs and measurements. Managing AI without visibility and direction is unacceptable.

AI TRiSM implementation will ensure organizations understand what their AI models are doing and what they can expect from them in terms of performance and business value.


The Gartner Blog Network provides an opportunity for Gartner analysts to test ideas and move research forward. Because the content posted by Gartner analysts on this site does not undergo our standard editorial review, all comments or opinions expressed hereunder are those of the individual contributors and do not represent the views of Gartner, Inc. or its management.

Comments are closed