IT teams are bullish on AI tools, but they’re worried security practices can’t keep pace

IT teams are growing increasingly concerned about AI-related risks amidst continued adoption, according to new research.

Findings from Heimdal’s State of AI Risk Management in 2026 report show AI tools are now commonplace across most IT estates, with teams often running several at one.

ChatGPT, for example, runs in nearly three-quarters (71%) of UK IT environments, while Microsoft Copilot is present in 68%. These same figures are reflected across the Atlantic, with US-based IT teams often using a combination of multiple different AI solutions.

AI tools are playing a key role in reducing workloads, the study noted, which IT teams highlighted as the most positive benefits of the technology.

Latest Videos From

Watch full video here:

Nearly three-quarters of IT and security teams said they lose around a quarter of their week to “repetitive, low-value work” - and AI is helping reduce that manual toil.

Indeed, teams facing the highest levels of operational load are often ranked among the most optimistic when it comes to AI. More than half (59%) of US teams said they expect AI to alleviate pressure, while 55% in the UK expect the same.

AI-related risks are haunting IT teams

Despite this optimism, a key recurring concern among IT leaders is that controls and security capabilities haven’t kept pace with the rate of adoption. Heimdal noted that only four-in-ten teams rate their security stack as “ready for AI-related risk”.

Teams are increasingly concerned about data leakage, for example, with 56% of UK respondents highlighting this risk. Visibility is a major issue in this regard, Heimdal found.

UK teams with full visibility into AI use were most likely to flag data leakage as a leading concern, compared to just 27% of those with no visibility. In the US, 59% of teams with full visibility also highlighted data leakage as a key concern.

While concerns over potential risks typically mount as AI tools are integrated, Heimdal noted that unauthorized AI use, or ‘shadow AI’, is also a recurring problem for enterprises.

Heimdal specifically highlighted the Salesloft Drift breach in August 2025 as a key example of how poor AI-related visibility can impact organisations.

The incident saw threat actors steal OAuth tokens for Drift’s AI chatbot integration with Salesforce, using these to extract data from several hundred Salesforce instances.

A host of organisations, including Cloudflare, Palo Alto Networks, and Zscaler were impacted in the attacks.

“Drift was the AI tool. Salesforce held the data,” the company noted in a blog post.

“Most of the affected teams had never personally provisioned Drift,” it added. “A third-party AI chatbot, plugged in through an OAuth grant few had recently reviewed, became the way in.”

Contrasting priorities

Perception of AI-related risk among frontline practitioners and executives is a major problem, according to Heimdal. Indeed, “executive confidence” in AI security is a repeated point of friction when it comes to governance and risk management.

In the US, for example, 29% of executives said AI risk is under control, yet just 7% of practitioners agreed. In the UK, meanwhile, these figures stand at 18% against 11%.

Adam Pilton, cybersecurity advisor at Heimdal, said this shows many organizations still aren’t fully aligned on how they manage AI risk.

"Misplaced confidence is one of the most dangerous things in security. This data shows executives are far more confident that AI risk is under control than the evidence supports. Most of the conversation right now is about productivity, when the bigger question is how AI can be turned against the business,” he said.

“The report shows the gap between how secure leaders feel and how secure they actually are.”

FOLLOW US ON SOCIAL MEDIA

Follow ITPro on Google News and add us as a preferred source to keep tabs on all our latest news, analysis, views, and reviews.

You can also follow ITPro on LinkedIn, X, Facebook, and BlueSky.