- As AI systems gain broader access to enterprise data across environments, organisations must treat data visibility and encryption as core security elements.
- AI-enabled deepfakes and misinformation are increasing the effectiveness of identity-based attacks. Today, credential theft is the leading attack technique against cloud infrastructure in India (68%) and worldwide (67%). 65% of companies in India who responded to the survey report deepfake-driven incidents, and 55% experience damage from AI-generated misinformation.
- Investment in AI security is growing, with 30% of companies around the world including India allocating dedicated budgets; however, 53% are still relying on existing security budget.
According to the Thales 2026 Data Threat Report, organisations across various markets including automotive, energy, finance and retail say the rapid pace of AI-driven transformation is now their biggest security challenge. Based on the report’s research, conducted by S&P Global 451 Research, 64% of organisations in India and 70% globally who responded to the survey cite AI as their top data security risk. The concern is not only about malicious AI, but about the access it is being granted as it shifts from a tool to a trusted insider.
This press release features multimedia. View the full release here: https://www.businesswire.com/news/home/20260225890645/en/
©Thales
As enterprises embed AI into workflows, analytics, customer service, and development pipelines, these systems are being granted broad, automated access to enterprise data, often with fewer controls than those applied to human users in a corporate environment.
“The rapid adoption of AI is driving a surge in next-gen cyber threats, particularly deepfakes. This is corroborated by the 2026 Thales Data Threat Report, which reveals 65% of organisations in India have already experienced deepfake-driven attacks. We appreciate India’s efforts to strengthen its legal framework and counter these risks,” says Ankur Kanaglekar, Vice President – India, Thales. “When identity governance, access policies, or encryption frameworks are weak, AI can amplify those weaknesses across corporate environments far faster than any human ever could.”
Visibility Gaps Are Widening as AI Expands Data Reach
The report reveals a troubling disconnect between AI adoption and data control. Only 34% of organisations worldwide, and 35% in India, know where all their data resides, regardless of its level of criticality. Just 39% worldwide and 36% in India can fully classify their data. Meanwhile, nearly half (47%) of sensitive cloud data remains unencrypted globally.
As AI systems ingest and act on data across cloud and SaaS environments, limited visibility makes enforcing least-privilege access increasingly difficult, that is granting only the strictly necessary access rights. This increases the extent of exposure if credentials are compromised.
Identity infrastructure is now the primary attack surface. Credential theft remains the leading attack technique against cloud management infrastructure, cited by 68% of organisations in India experiencing cloud attacks. At the same time, 44% rank secrets management among their top application security challenges in India, reflecting the growing complexity of governing machine identities, API (application programming interface) keys, and tokens at scale.
AI Is Powering More Convincing Attacks
While organisations race to adopt AI, attackers are doing the same. Nearly 65% of companies in India (60% worldwide) report experiencing deepfake-driven attacks, and 55% in India (48% globally) report reputational damage tied to AI-generated misinformation or impersonation campaigns.
As AI introduces new risks, it also increases existing ones. Human error already contributes to 26% of breaches in India, and with automation layered on top, small mistakes can scale faster and spread wider.
Security Investment Is Shifting, But Not at the Pace of the new Risks
While organisations recognize the need to adapt, investment is not keeping pace with the rapid expansion of AI-driven access and automation. 30% of organisations in India and globally now dedicate specific budgets to AI security, reflecting growing awareness. However, the majority (53%) in India still depend on traditional security programs built primarily for human users and perimeter-based controls. As machines increasingly authenticate, access, and act autonomously, many security strategies have yet to adjust to this shift in operating models.
“As AI becomes deeply embedded into enterprise operations, continuous data visibility and protection are no longer optional,” said Eric Hanselman, Chief Analyst at S&P Global 451 Research. “Organisations must treat data security strategy as foundational to innovation, not separate from it.”1
Trust Must Evolve as Machines Gain Access
AI is not replacing traditional threats; rather, it is intensifying them by increasing their speed, scale, and reach. As automated systems gain broader access to enterprise data, organisations must rethink identity, encryption, and data visibility as core infrastructure. The organisations that embed strong governance into their AI strategies will be better positioned to innovate securely and avoid turning AI into their newest insider threat.
For more information, please download the full report and join our webinar hosted by Eric Hanselman, Chief Analyst at S&P Global 451 Research.
About Thales
Thales (Euronext Paris: HO) is a global leader in advanced technologies for the Defence, Aerospace, and Cyber & Digital sectors. Its portfolio of innovative products and services helps address several major challenges: sovereignty, security, sustainability and inclusion.
The Group allocates €4.5 billion per year in Research & Development in key areas, particularly for critical environments, such as Artificial Intelligence, Cybersecurity, Quantum and Cloud technologies.
Thales has more than 85,000 employees in 65 countries. In 2025, the Group generated sales of €22.1 billion.
About Thales in India
Present in India since 1953, Thales is headquartered in Noida and has other operational offices and sites spread across Delhi, Gurugram, Bengaluru and Mumbai, among others. Over 2300 employees are working with Thales and its joint ventures in India. Since the beginning, Thales has been playing an essential role in India’s growth story by sharing its technologies and expertise in Defence, Aerospace and Cyber & Digital sectors. Thales has two engineering competence centres in India – one in Noida focused on Cyber & Digital business, while the one in Bengaluru focuses on hardware, software and systems engineering capabilities for both the civil and defence sectors, serving global needs. The Group has also established an MRO facility in Gurugram to provide comprehensive avionics maintenance and repair services to Indian airlines.
PLEASE VISIT
Thales Group
Thales
|
|
|
|
1 Thales 2026 Data Threat Report, 2026, commissioned by Thales |
|
Recent images of Thales and its Defence, Aerospace and Cyber & Digital activities can be found on the Thales Media Library. For any specific requests, please contact the Media Relations team.
View source version on businesswire.com: https://www.businesswire.com/news/home/20260225890645/en/
