The 2025 AI Governance Survey highlights why cybersecurity is a concern with technological advances and the accelerated use of AI across industries. Cybersecurity professionals and tech enthusiasts are determining how best to govern emerging AI systems. PacificAI, in collaboration with Gradient Flow, looked at the issues organizations are facing and developed strategies for readying defenses against emerging risks.
1. AI-Driven Threats Are on the Rise
Many cybersecurity experts are concerned that AI is making hackers smarter. One report showed password-hacking tools driven by AI bypassed 81% of common password combinations in under 30 days. The ability to bypass typical passwords is concerning in light of the details uncovered by the AI Governance Survey. Researchers found that 54% of organizations have an AI-specific incident response playbook. If hackers attack systems using AI, the company may struggle to mitigate the damage.
A positive aspect of the survey was that 75% of companies had an AI usage policy in place. Although its implementation may need work, managers are starting to see how crucial protection and planning are.
2. Automation and Human Oversight Must Be Balanced
At the same time, managers may face difficulty ensuring plans and policies align with needs because of insufficient staff. Experts estimate a 5% to 10% labor gap across the economy. Labor shortages in some sectors impact having enough staff to keep up with demand, particularly as a company grows. AI may provide opportunities for scalability.
There is a risk of over-automation for security teams without enough oversight into how organizations handle potential breaches and security incidents. Reliance on AI may reduce manual oversight, leading to complacency and increased hacking risks.
The survey results showed that technical leaders and company CEOs feel oversight is a critical area of concern, with 48% of respondents indicating that organizations have implemented monitoring for how AI systems are used and if they are accurate.
While AI brings automation to teams and saves companies money, relying too much on computers can be a dangerous precedent. The survey indicated many companies lack human oversight. Some simple changes, such as requiring peer reviews before deploying models or sampling outputs for accuracy, can combine automated systems with human intelligence. Such hybrid environments address ethical concerns before they become a problem and can identify threats that AI may have missed.
3. The Regulatory Landscape Is Evolving
The regulations surrounding AI governance are constantly changing. As of May 2025, over 69 countries have launched 1,000-plus AI-related policies, showing people are more concerned about governance. While AI pulls from massive amounts of data, using information without governance leads to issues. The survey showed that small firms lack training and understanding of essential frameworks. A mere 14% of employees understood the basics of the NIST AI RMF. Without understanding basic privacy protection measures, systems remain vulnerable to attacks.
Anyone involved with AI should study the rules around ISO/IEC 42001, a global international standard for AI management systems. Understanding the basics allows tech professionals to defend pipelines with strict access controls. Validation filters and other techniques like differential privacy and federated learning protect systems and save forensic evidence in case of a security breach. Learning from weak access points can help security teams reduce the number of incidents in the future.
Hackers are maliciously manipulating training data to lessen the reliability of machine learning models. Dubbed data poisoning, hackers plug biased and incorrect data into an AI model via the training phase. The model then produces inaccurate results that may harm the company or individuals. Organizations face degraded performance, and hackers may even introduce backdoor access points for later entry.
4. The Need for More AI Transparency
The survey highlighted the need for more transparency in AI systems. Models may produce biased results, so humans must be on hand to identify the unpredictable outcomes and how to address them to prevent future issues. The challenge is that transparency may give cyberattackers the tools to probe databases.
The research showed gaps in later model stages. For example, many solutions look at planning stages, data and modeling. However, during deployment and oversight, professionals tend to rely more on AI’s outcomes and less on human intervention. Embracing tools to audit live systems is crucial to preventing breaches. The lack of tools in the later stages impacts the offense and defense of most systems.
Research shows 73% of AI agent implementations are too permissive in credential scoping, and 61% of organizations say they aren’t sure what their automated systems access. Letting autonomous systems run wild without any oversight risks scenarios once limited to science fiction novels.
5. Shift-Left Development Is a Partial Solution
The solution may be partly due to the growing shift-left movement, where security is embedded early in development. Although the survey identified that most companies draft policies, few integrate machine learning operations into daily practices.
While technical leadership may want to use generative AI targeting and implement better strategies, many lack the workforce or training to accomplish the task. Cybersecurity professionals who find and report vulnerabilities, also known as bug bounty hunters, may crowdsource and test systems to find weaknesses. These ethical hackers work to improve security and report flaws before bad players can use backdoors to enter systems. By adding AI governance into daily workflow practices, firms can prevent costly issues and damaged reputations.
6. Security Professionals Need Better Skillsets Now
The survey highlighted an increased demand for technical professionals to gain skills in monitoring, governance tooling and incident response design. A mere 41% of companies offer ongoing AI training annually, and smaller organizations had the lowest numbers.
Teams particularly need skills in better model auditing, MLOps security, familiarity with common frameworks and risk assessment. Some ways to encourage improvement in these areas are offering red-teaming AI systems, staying on top of new toolsets and joining open training platforms. Look for places offering the opportunity to learn from other security professionals.
Turning Insights Into Action
CEOs, technical leaders, white-hat hackers and those interested in AI cybersecurity should study the 2025 AI Governance Survey. The results show a concerning lack of governance across all organizational sizes. Companies are embracing AI usage but failing to manage the risks effectively. Those in charge must demand more oversight and data governance, while upskilling current IT staff. As AI grows, businesses must be able to pivot to address new potential threats while keeping costs affordable.
