Thales warns AI ecosystems could become new insider threat without stronger governance

Data is the gold of the twenty-first century, the valuable commodity that big tech, governments and bad actors all covet. Securing it and innovating with it is the defining competition in the modern marketplace as Thales is back with its 2026 report.

The 2026 Thales Data Threat report examines the rise in AI security, AI-fueled attacks such as deepfakes, the lack of encryption for data stored in the cloud, and the importance of security discipline when it comes to identity and access management.

“Effective data security has never been easy, and the pressures of AI and agentic applications are making it much harder,” the report concludes. “Data must be available for a wider range of uses, in greater volumes and at higher velocity, all while maintaining strong security controls.”

Thales found a 50 percent year-over-year growth in the proportion of respondents designating security funds for AI. This proportional increase in budget specifically for AI is reflected in the integration of new elements, including chat interfaces and Model Context Protocol servers, which security teams have to secure.

The 2026 report found 70 percent of respondents citing the speed of AI change within AI ecosystems as top of mind when it comes to AI security. Significantly more than half – 61 percent – report their AI applications being targeted by attackers, with sensitive data the main goal, and 57 percent report AI-generated misinformation, as deepfakes showed the second-highest attack increase.

Exactly half of respondents rank secrets management as the priority concern in application security while just over half – 52 percent – regard identity and access management as the leading security discipline, as attackers target credentials. Meanwhile, only 47 percent of sensitive data in the cloud is encrypted.

The findings reinforce a growing focus on identity-centric security as organizations deploy AI systems. With credential theft remaining the leading attack technique against cloud infrastructure and identity and access management ranked as the top security discipline by 52 percent of respondents, the report suggests that controlling access to data may become as important as protecting the data itself.

“Organizations are struggling with data quality and security as they work to safely deliver access to the raw material from which AI value is built,” the report says in its introduction. “As agentic applications gain access to greater volumes of data, organizations must improve data security and management practices to ensure that AI does not become a new insider threat.”

The cloud still a solid target, data sovereignty concerns rise 

While agentic AI grows, the cloud remains an area of concern, with cloud assets a significant attack target. Cloud storage, applications and management are the top three attack targets. Crucially, credential theft is the leading attack technique against cloud infrastructure, with 67 percent seeing credential theft and misappropriated secrets increasing, the Thales report found.

Data sovereignty is given greater weight in the new report compared to 2025’s, with 54 percent pursuing reworking and refactoring of application and data architectures to achieve sovereignty aims. The rise in geopolitical risks means critical assets like identity data and the technology on which it relies is becoming a priority among businesses and governments in general.

A significant proportion of organizations – 59 percent – are prototyping and evaluating Post-Quantum Cryptographic (PQC) algorithms. The 2026 Thales report found that 61 percent cited quantum as their top concern for future risks. Recently, the Cybersecurity Agency of Catalonia announced it is investing in the post-quantum era as it prepares the region’s digital identity infrastructure for a time when quantum computing renders current encryption standards obsolete.

One of Thales’ recommendations focuses on trust, especially as AI‑driven misinformation and disinformation are now widespread. The company’s research found 97 percent of respondents reporting some form of organizational harm from AI‑generated false content.

These incidents include deepfake business email compromise, brand misuse, reputational damage, harm to key personnel and fraudulent hiring activity. Security tools that meet users and stakeholders where they are — and work consistently across environments — will be essential for faster prevention, detection and response, the report says.

The 2026 Thales Data Threat Report was based on a global survey of 3,120 respondents gained via online survey with targeted populations for each country, targeted at professionals in security and IT management.

Article Topics

AI agents  |  cloud services  |  cybersecurity  |  data sovereignty  |  digital identity  |  Thales Digital Identity and Security