When prompted to generate secure code, GPT-4o still produced insecure outputs vulnerable to 8 out of 10 issues.

Only 22% of all AI applications are in adherence to one or more compliance certifications such as HIPAA, PCI, ISO, FISMA, and FedRAMP.

84% of AI applications don’t support ‘Data Encryption at Rest’.

95% of AI applications are at medium or high risk for EU GDPR violation.

In January 2025, customers uploaded a combined 176GB of data into the DeepSeek AI chatbot.

Less than 10% of enterprises have implemented data protection policies and controls for AI applications.

44% of security leaders surveyed plan to prioritize security infrastructure oversight and implementation, much of which now focuses on securing AI systems and preventing data leakage.

Some open security issues in Agentic AI are lingering for 1,200-plus days.

68% of organizations surveyed have experienced data leakage incidents specifically related to employees sharing sensitive information with AI tools.

Enterprises use a staggering 320 AI cloud applications on average.

Skyhigh Security research reveals a 200% increase in AI application traffic within the last year. This compares to a 23% increase in traffic to non-AI applications.

Microsoft Copilot is used by 82% of all Skyhigh Security customers within their enterprise. This is up from 18% last year for Microsoft Copilot usage by Skyhigh Security customers. Within the same timeframe, traffic to Microsoft Copilot increased 3,600x and data uploads to Microsoft Copilot increased 6,000x.

In response to simple, “naive” prompts, all LLMs tested generated insecure code vulnerable to at least 4 of the 10 common CWEs.

With naive prompts, ChatGPT scored a 1.5/10 secure code result.

Claude 3.7 Sonnet scored 6/10 secure code result using naive prompts.

Only 23% of organizations surveyed have implemented comprehensive AI security policies.

11% of files uploaded to AI applications include sensitive corporate content.

OpenAI’s GPT-4o had the lowest performance, scoring a 1/10 secure code result using "naive" prompts.

60% of top vulnerabilities found in Agentic AIwere access control-related

Claude 3.7 Sonnet scored 10/10 with security-focused prompts.