Artificial intelligence is rapidly moving from being a tool that organizations deploy to becoming a new attack surface that security teams must defend. According to Gartner, the growing use of custom-built AI applications will significantly reshape how enterprises approach cybersecurity over the next few years, forcing security leaders to rethink incident response, compliance, data governance, and identity protection strategies.
In one of its latest cybersecurity predictions, Gartner estimates that by 2028, 50% of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI-driven applications. The shift reflects the speed at which organizations are building AI-powered tools, often without fully understanding the long-term security implications.
“AI is evolving quickly, yet many tools — especially custom-built AI applications — are being deployed before they’re fully tested,” said Christopher Mixter, VP Analyst at Gartner. “These systems are complex, dynamic and difficult to secure over time. Most security teams still lack clear processes for handling AI-related incidents, which means issues can take longer to resolve and require far more effort.”
The warning highlights a growing gap between AI innovation and security preparedness. As enterprises rush to embed AI into business processes, security teams are often brought in late, leaving limited time to design safeguards or assess risk exposure. Gartner advises that security leaders must be involved from the earliest stages of AI development to ensure adequate planning, resource allocation, and implementation of proper security controls.
Beyond incident response, Gartner expects the rise of AI to drive the adoption of dedicated AI security platforms. By 2028, more than half of enterprises are expected to deploy specialized platforms to manage risks associated with both third-party AI services and internally developed AI applications. These platforms will help organizations monitor AI activity, enforce usage policies, and prevent threats such as prompt injection, data leakage, and misuse of sensitive information.
The growing regulatory focus on AI is also expected to increase pressure on enterprises. Gartner predicts that through 2027, manual AI compliance processes will expose 75% of regulated organizations to fines exceeding 5% of their global revenue. As governments introduce new rules around AI safety, privacy, and accountability, organizations relying on manual compliance methods will struggle to keep pace. Analysts recommend that CISOs strengthen governance, risk, and compliance frameworks and increasingly rely on automation to manage regulatory obligations.
Another major challenge is what Gartner describes as AI data debt — the accumulation of poorly structured, unsecured, or unclassified data that makes it difficult to deploy AI safely. Through 2030, the firm expects that one-third of IT work will be spent remediating data issues to make AI systems secure and reliable. Security teams are likely to expand data loss prevention and monitoring capabilities to control how generative and agentic AI systems access enterprise data, while working closely with data and analytics teams to establish stronger access controls.
Geopolitical tensions and regulatory fragmentation are also reshaping cybersecurity priorities. Gartner forecasts that by 2027, nearly one-third of organizations will demand greater sovereignty over their cloud security controls to address regional regulations and rising concerns around data residency. This trend will force enterprises to reconsider vendor choices and design security architectures that can adapt to country-specific requirements.
At the same time, identity is emerging as one of the most critical areas of cyber defense. With the rapid growth of machine identities, APIs, and automated systems, traditional identity and access management tools are struggling to provide complete visibility. Gartner predicts that by 2028, 70% of CISOs will rely on identity visibility and intelligence platforms to reduce the attack surface and prevent credential-based breaches. These platforms use AI-driven analytics to detect anomalies, identify misconfigurations, and strengthen access controls across increasingly complex environments.
Taken together, the predictions point to a fundamental shift in cybersecurity strategy. As AI adoption accelerates, security teams will need to move from reactive defense to proactive design, embedding protection into applications, data, and identity systems from the start.
For CISOs, the message is clear: securing AI will not be a niche responsibility — it will become central to cyber resilience in the years ahead.