Big Four accounting firm EY says artificial intelligence is becoming a new weak point in corporate defense systems, with companies losing millions of dollars to AI-related attacks.
The EY Global Responsible AI Pulse survey, published in October 2025, reveals that the cost of AI-linked cyber incidents now averages $4.4 million per organization.
EY also finds that half of all organizations have already suffered damage from cybersecurity vulnerabilities introduced by AI. The research notes that thieves are exploiting new entry points created by AI, while leveraging the same technology to power their attacks.
“Cyber adversaries are compromising organizations by targeting AI systems across new vectors, using new methods, including data poisoning, prompt injection and model theft. AI is also part of the cyber adversary’s toolkit, increasing their speed and reach, and potentially giving them unanticipated attack methods in the near future.”
EY says evidence of escalation is emerging across the industry, noting that CrowdStrike recently detected a 442% increase in vishing (voice phishing) intrusions in the second half of 2024. Attackers are using generative AI, enabling them to run personalized campaigns at an industrial scale.
Despite the emergence of a new threat, only 14% of CEOs believe AI data protection is strongly safeguarded in their organizations. Ayan Roy, EY Americas Cybersecurity Leader, warns that accelerating adoption without building parallel security layers will amplify the risk of system-wide breaches.
“As businesses accelerate AI and technology adoption, they should consider cybersecurity implications from the outset. Done right, cybersecurity should not slow adoption but should encourage safer, faster innovation across the business.”
Earlier this month, IBM warned that most companies still lack basic guardrails for artificial intelligence, leaving them vulnerable to deepfakes and AI-assisted scams.
“63% of organizations that we surveyed and talked to and interviewed did not have a governance policy… If you don’t have a governance policy or security policy in place, then you really have no way to win because you don’t even know how to define what that is.”
Disclaimer: Opinions expressed at CapitalAI Daily are not investment advice. Investors should do their own due diligence before making any decisions involving securities, cryptocurrencies, or digital assets. Your transfers and trades are at your own risk, and any losses you may incur are your responsibility. CapitalAI Daily does not recommend the buying or selling of any assets, nor is CapitalAI Daily an investment advisor. See our Editorial Standards and Terms of Use.