Blab AI
AI Adoption Stalled by Security Concerns as 76% of Firms Halt Projects, Experts Warn of Rising Threats
Three‑quarters of companies that have deployed generative artificial intelligence are now putting their projects on hold, citing safety and security worries that have escalated in the past year.
Aikido Security’s 2026 State of AI in Security & Development report surveyed 450 CISOs, developers and application security engineers across the United States and Europe. 76 % of respondents said they had to stop or limit AI‑driven initiatives within the last 12 months. The figure climbs to 98 % among teams that ship code or models multiple times a day. The report also found that seven in ten organisations experienced a security issue that was harder to detect, investigate or remediate because of AI, a number that rises to 86 % for daily shippers.
The core problem, the survey shows, is velocity. AI accelerates development cycles, leaving security teams with less time to spot flaws. By the time the first round of testing can be completed, new vulnerabilities may already be present.
CybaVerse, a cybersecurity research firm, conducted a separate survey of 141 professionals at InfoSecurity Europe in June 2026. 86 % of respondents believe that AI systems like Claude Mythos will reduce the time it takes attackers to identify and exploit weaknesses, leading to more frequent patching. More than two‑thirds said their employers lack the budget to manage the increased workload.
"Advanced AI platforms were released into the public domain without sufficient preparation for the impact on cyber defences," said Oliver Spence, CEO of CybaVerse. "Now that large technology firms have access to these models, we are already seeing a rise in the volume of vulnerabilities identified and disclosed. The latest Patch Tuesday was the largest on record."
Both surveys echo warnings from the UK National Cyber Security Centre (NCSC) and other Five Eyes agencies that leaders must act now to keep pace with AI‑driven threats. The NCSC’s blog post stresses that adversaries are already using AI to move faster and more effectively, and that defenders must adopt similar capabilities.
Despite the rapid pace of vulnerability discovery, Spence and other experts note that core defensive practices remain unchanged. Visibility of assets, robust vulnerability management processes and prioritisation of remediation based on risk are still essential.
Claude Mythos, a specialised version of Anthropic’s Claude series, is designed to find software vulnerabilities. Anthropic has not released the model publicly, citing safety and misuse concerns. The model’s limited release to a handful of companies has already sparked debate about the balance between security research and the potential for weaponisation.
Three‑quarters of the surveyed cyber professionals believe that advanced AI systems will eventually be weaponised by criminals. "Organizations must prepare for this reality because bullet‑proof security does not exist," Spence said.
The findings highlight a growing disconnect between the speed of AI innovation and the capacity of security teams to keep up. While AI tools promise efficiency gains, they also introduce new attack vectors and shorten the window for detection.
The surveys also point to a lack of testing alignment. Three‑quarters of organisations roll out significant production changes weekly or faster, but only 20 % validate security at that rate. Nearly eight in ten are concerned about vulnerabilities being introduced between tests, and half say test findings are outdated by the time they are reviewed.
The broader industry context includes other recent developments. Google researchers have reported the discovery of an AI‑generated zero‑day exploit, and Anthropic has announced a public beta of Claude Security aimed at vulnerability detection. Meanwhile, OpenAI has expanded its “Daybreak” cyber program, adding new tools and a cyber‑focused GPT‑5.5 model.
In summary, the data shows that AI adoption is being throttled by security concerns. The rapid development cycle, coupled with the perceived acceleration of attack capabilities by models like Claude Mythos, is forcing many organisations to pause or scale back AI initiatives. Security teams are struggling to keep pace, with limited budgets and testing resources. The situation underscores the need for continued investment in traditional security practices and a realistic assessment of AI’s risks.
The next few months will likely see further scrutiny of AI‑driven vulnerability tools, potential regulatory responses, and a continued debate over the balance between innovation and security. Until security teams can align their processes with the speed of AI development, the trend of halted projects is expected to persist.
Aikido Security’s 2026 State of AI in Security & Development report surveyed 450 CISOs, developers and application security engineers across the United States and Europe. 76 % of respondents said they had to stop or limit AI‑driven initiatives within the last 12 months. The figure climbs to 98 % among teams that ship code or models multiple times a day. The report also found that seven in ten organisations experienced a security issue that was harder to detect, investigate or remediate because of AI, a number that rises to 86 % for daily shippers.
The core problem, the survey shows, is velocity. AI accelerates development cycles, leaving security teams with less time to spot flaws. By the time the first round of testing can be completed, new vulnerabilities may already be present.
CybaVerse, a cybersecurity research firm, conducted a separate survey of 141 professionals at InfoSecurity Europe in June 2026. 86 % of respondents believe that AI systems like Claude Mythos will reduce the time it takes attackers to identify and exploit weaknesses, leading to more frequent patching. More than two‑thirds said their employers lack the budget to manage the increased workload.
"Advanced AI platforms were released into the public domain without sufficient preparation for the impact on cyber defences," said Oliver Spence, CEO of CybaVerse. "Now that large technology firms have access to these models, we are already seeing a rise in the volume of vulnerabilities identified and disclosed. The latest Patch Tuesday was the largest on record."
Both surveys echo warnings from the UK National Cyber Security Centre (NCSC) and other Five Eyes agencies that leaders must act now to keep pace with AI‑driven threats. The NCSC’s blog post stresses that adversaries are already using AI to move faster and more effectively, and that defenders must adopt similar capabilities.
Despite the rapid pace of vulnerability discovery, Spence and other experts note that core defensive practices remain unchanged. Visibility of assets, robust vulnerability management processes and prioritisation of remediation based on risk are still essential.
Claude Mythos, a specialised version of Anthropic’s Claude series, is designed to find software vulnerabilities. Anthropic has not released the model publicly, citing safety and misuse concerns. The model’s limited release to a handful of companies has already sparked debate about the balance between security research and the potential for weaponisation.
Three‑quarters of the surveyed cyber professionals believe that advanced AI systems will eventually be weaponised by criminals. "Organizations must prepare for this reality because bullet‑proof security does not exist," Spence said.
The findings highlight a growing disconnect between the speed of AI innovation and the capacity of security teams to keep up. While AI tools promise efficiency gains, they also introduce new attack vectors and shorten the window for detection.
The surveys also point to a lack of testing alignment. Three‑quarters of organisations roll out significant production changes weekly or faster, but only 20 % validate security at that rate. Nearly eight in ten are concerned about vulnerabilities being introduced between tests, and half say test findings are outdated by the time they are reviewed.
The broader industry context includes other recent developments. Google researchers have reported the discovery of an AI‑generated zero‑day exploit, and Anthropic has announced a public beta of Claude Security aimed at vulnerability detection. Meanwhile, OpenAI has expanded its “Daybreak” cyber program, adding new tools and a cyber‑focused GPT‑5.5 model.
In summary, the data shows that AI adoption is being throttled by security concerns. The rapid development cycle, coupled with the perceived acceleration of attack capabilities by models like Claude Mythos, is forcing many organisations to pause or scale back AI initiatives. Security teams are struggling to keep pace, with limited budgets and testing resources. The situation underscores the need for continued investment in traditional security practices and a realistic assessment of AI’s risks.
The next few months will likely see further scrutiny of AI‑driven vulnerability tools, potential regulatory responses, and a continued debate over the balance between innovation and security. Until security teams can align their processes with the speed of AI development, the trend of halted projects is expected to persist.
