Artificial intelligence is now part of business operations in many S&P 500 companies. However, our researchers have identified hundreds of potential issues ranging from insecure AI output to critical infrastructure attack vectors across sectors such as infrastructure, finance, and healthcare.
-
65% of S&P 500 companies have integrated AI into their business operations.
-
In total, 970 AI-related potential security issues have been identified across 327 American companies.
-
205 cases of potentially insecure AI output were identified, where flawed or dangerous results could cause damage.
-
146 instances of potential data leakage involving AI systems.
-
119 cases of potential IP theft attributed to AI usage.
AI has achieved near-universal adoption across the S&P 500, powering everything from logistics and R&D to healthcare, finance, and critical infrastructure. Yet, as companies rush to embed AI into their operations, security protocols might struggle to keep pace, leaving systemic vulnerabilities that are only now coming into focus.
The Cybernews research team has identified 327 S&P 500 companies that publicly report using AI tools in their operations and analyzed how these organizations deploy AI in daily business activities. Our investigation tracked a wide range of use cases, from language model-powered analytics and internal business tools to customer-facing integrations and automated support systems.
The focus was on real, publicly documented deployments, regardless of whether companies build their own AI, embed third-party models, or offer AI-driven services to clients. The result is a look at just how deeply AI is woven into the daily workflows of America’s corporate giants – and the mounting security risks that come with this transformation.
Bad output, data leaks, and IP theft: the big three
The research spotlights three dominant potential threat vectors.
First, insecure output is the most widespread AI risk across the S&P 500, with 205 potential issues that could cause an incident largely spanning technology, finance, and healthcare. Chatbots could be leaking customer data, finance bots giving bad investment advice, or a medical AI hallucinating treatments that are unsafe or not fully tested yet. It often starts with poor-quality training data, outdated sources, or even intentional data poisoning where attackers slip malicious info into the mix.
Next comes data leakage with 146 potential threats. This is when AI models accidentally spill sensitive information: customer PII, business financials, even proprietary source code. It often happens through prompt injection, where attackers craft clever queries to extract training data or past chat logs. Sometimes, it’s just the model “remembering” things it shouldn’t.
Intellectual property theft rounds out the top three, with 119 cases of proprietary business data or R&D secrets being potentially exposed or stolen via AI systems. Attackers use model extraction techniques – think of it as digital industrial espionage. By bombarding an exposed AI model with thousands of queries, hackers can reverse-engineer its logic, recreate its capabilities, and siphon off the very data and trade secrets that make your business unique. Sometimes, insiders or compromised APIs can make the job even easier.
“It’s not enough to deploy AI and hope for the best. Businesses need to develop AI with the same safety standards as airplanes: constant oversight, clear guardrails, and a zero-trust approach. Every AI decision must be considered potentially wrong until proven correct, and every input must be monitored to prevent sensitive data from leaking or trade secrets from escaping,”
Girėnas said.
The rapid growth of AI in business is not only transforming how companies operate but also reshaping the threat landscape. According to Žilvinas Girėnas, head of product at nexos.ai, the biggest risks for enterprise AI today are less about the technology itself and more about how it’s being used, secured, and trusted.
“Insecure AI outputs, data leaks, and IP theft are the new primary risks for every industry using AI, from finance to healthcare to critical infrastructure,” Girėnas said.
“It’s not enough to deploy AI and hope for the best. Businesses need to develop AI with the same safety standards as airplanes: constant oversight, clear guardrails, and a zero-trust approach. Every AI decision must be considered potentially wrong until proven correct, and every input must be monitored to prevent sensitive data from leaking or trade secrets from escaping.”
He also noted that as AI adoption increases, new risks such as model manipulation, supply chain attacks, and systemic bias are quickly emerging threats that require equal attention.
Other risks are gaining ground fast
The algorithmic bias risk has been documented 37 times. It happens when the model is trained using data that doesn’t match current societal norms. For example, if a loan model is trained on 30 years of historical data where a certain demographic was unfairly denied loans, AI will replicate it.
Our research also found 49 documented cases of possible critical infrastructure attack vectors where AI vulnerabilities could be weaponized against the systems that keep society running: power grids, water treatment plants, factories, and more. The energy sector alone has 35 potential issues, making it the top target for these high-stakes exploits.
Attacks can happen when hackers manipulate sensors, poison training data, or exploit outdated systems. This could potentially trigger blackouts and production shutdowns, or even endanger public safety. For instance, if a chemical plant’s AI relies on temperature sensors to trigger cooling systems, a hacker could manipulate those sensors to feed false “normal” readings. The AI, trusting its data, would fail to activate cooling, risking a meltdown or explosion.
Supply chain disruptions (54 instances), model evasion (38), and data poisoning (24) are also on the rise, showing that the attack surface is both broad and evolving.
“To reduce exposure to these threats, organizations need to apply cybersecurity principles to AI systems. The first step is simple: don’t trust AI by default. Every model you deploy should include built-in safeguards: data classification, output filtering, and strict access controls. You have to control what goes in, what comes out, and how AI is used throughout your business. If you’re not validating AI outputs, you’re risking your reputation. If you’re not securing sensitive data, you’re giving hackers an opportunity. And if you’re not monitoring for misuse, you won’t detect the breach until it’s too late,” added Girėnas.
He stressed that security can’t be an afterthought: “Start by assuming your AI will fail. Then build the defenses that keep that failure from becoming a business-ending disaster.
Sensitive sectors, real consequences
What’s most dangerous is where AI vulnerabilities are showing up – and which sectors are hit hardest. While healthcare, energy, and finance remain high-profile targets, the data reveals that technology, industrial, and retail sectors are just as exposed, if not more so, to a wide spectrum of AI-driven risks.
Technology software and semiconductors top the list, with 202 total potential issues across 61 companies. This sector alone reported 40 cases of IP theft, 34 instances of insecure output, and 32 of data leakage. The high concentration of proprietary algorithms and sensitive code makes tech firms especially vulnerable to both data leaks and IP theft, which can erode competitive advantage overnight.
Financial services and insurance (158 total potential issues, 56 companies) face the highest number of potential data leakage issues (35), and a striking 22 cases of algorithmic bias, highlighting the dual threats of sensitive customer information exposure and systemic discrimination in lending or credit scoring. The sector also contends with 32 potentially insecure output instances and 18 cases of potential model evasion, where attackers could attempt to bypass fraud detection systems.
Healthcare and pharmaceuticals (149 potential risks, 44 companies) are particularly at risk for patient safety, with 19 identified potential issues, as well as 24 data leak risks and 28 insecure output risks. Here, a flawed AI model or leaked dataset is more than a compliance formality as it can directly impact patient outcomes and regulatory standing.
“AI is becoming more deeply embedded in business operations, and the risks are multiplying. The lessons from all these incidents are clear: unchecked deployment without robust security and oversight leads to real-world failures,”
said Vareikis.
Industrial and manufacturing (114 potential issues, 41 companies) and critical infrastructure and energy (103 potential issues, 37 companies) together account for 38 critical infrastructure attack vectors and 12 potential supply chain disruptions. These sectors are uniquely exposed to operational sabotage and systemic risk, as AI-driven automation and predictive maintenance become standard. A single compromised model could halt production lines or destabilize energy grids, with ripple effects far beyond the company itself.
Retail and consumer goods (92 potential issues, 36 companies) and logistics and transportation (32 potential issues, 10 companies) are increasingly reliant on AI for inventory management, personalized marketing, and route optimization. With 20 and 2 data leakage risks, respectively, and a combined 28 potential supply chain disruptions, these sectors face mounting threats to both customer privacy and operational continuity.
Even defense and aerospace (36 potential issues, 9 companies) and media and entertainment (25 potential issues, 9 companies) are not immune, reporting notable counts of IP theft, insecure output, and national security risks. In defense, 8 potential national security risk issues reveal the potential for AI vulnerabilities to escalate beyond corporate losses to matters of state.
“In each of these sectors, the result of AI integration is a paradox: unprecedented efficiency gains exist alongside systemic fragility, where a single compromised model could trigger cascading failures across energy grids, financial markets, or healthcare systems. This tension between innovation and vulnerability defines corporate America’s AI moment,” said Martynas Vareikis, Security Researcher at Cybernews.
Real-world AI failures: some lessons already learned
AI risks are already playing out across some of the world’s biggest companies, with consequences that range from embarrassing to catastrophic.
Take IBM’s Watson, once touted as a revolution in medical AI. As early as 2018, internal documents revealed that Watson had recommended unsafe and incorrect cancer treatments, raising serious questions about the quality of its training data and the oversight of its recommendations. In healthcare, a single flawed suggestion, which is an example of insecure output issues, is a patient safety risk.
Financial services and consumer tech haven’t fared much better. In 2019, Apple’s credit card algorithms came under regulatory investigation for alleged gender bias, after reports surfaced that women were routinely offered lower credit limits than men, even when their financial profiles were similar. The black-box nature of these models made it nearly impossible for customers to challenge or understand decisions.
Zillow’s foray into algorithm-driven real estate is another cautionary tale. From 2018 to 2021, the company relied on machine learning models to predict home prices and make cash offers. The result was a $500 million loss, as the models consistently overbid and failed to account for market volatility and real-world complexities. Far from a magic bullet, AI became a costly liability.
Even tech giants aren’t immune to basic data hygiene failures. In 2023, Samsung banned ChatGPT internally after discovering that sensitive source code had been leaked by several employees – an incident that highlights just how easily proprietary information can slip through the cracks when using third-party language models. The leaked code was made available through AI outputs when employees pasted confidential material into ChatGPT prompts, allowing the model to potentially resurface fragments of that data in later responses.
“AI is becoming more deeply embedded in business operations, and the risks are multiplying. The lessons from all these incidents are clear: unchecked deployment without robust security and oversight leads to real-world failures,” said Vareikis.
How can companies mitigate AI-related risks?
For companies looking to balance rapid AI adoption with security, experts advise building a culture of security around every phase of AI deployment. This should address all the identified potential issues as well as compliance with industry regulations and best practices.
For insecure output, the most widespread risk, companies need to treat every AI response as potentially untrusted.
As Vareikis puts it, “Zero-trust validation and human or non-algorithmic oversight are essential, especially in sectors like finance and healthcare where the potential harm is highest.”
When it comes to data leakage – a risk with 146 potential risks across S&P 500 companies – Vareikis stresses the importance of layered defenses.
“Data classification and access controls are your first line of defense. But don’t stop there. Output filtering and external security rules act as digital bouncers, stopping sensitive information from slipping through before it becomes tomorrow’s headline.”
“Data classification and access controls are your first line of defense. But don’t stop there. Output filtering and external security rules act as digital bouncers, stopping sensitive information from slipping through before it becomes tomorrow’s headline,”
Vareikis explained.
Intellectual property theft, with 119 documented cases, calls for a proactive approach.
“Your AI models and training data are now very expensive assets. Encrypt them, monitor for suspicious access, and limit exposure wherever possible. In the AI arms race, letting your guard down for even a moment can mean losing your competitive edge,” Vareikis warns.
For data poisoning and model evasion (24 and 38 cases, respectively), the best defense is vigilance at every step.
“Use anomaly detection and real-time monitoring to spot tampered data before it corrupts your models. Adversarial training, where models are exposed to simulated attacks during development, can make them more resilient to manipulation,” said Vareikis.
He also urges not to forget other potential issues, such as supply chain security.
“Vet third-party AI tools and updates as rigorously as your own code, since a single compromised dependency can open the floodgates to attackers.”
Companies that embed security into every layer of their AI stack, from data pipelines to model deployment, will be far better positioned to reap the benefits of AI without falling victim to its growing list of threats.
Methodology
Data for this research was collected using publicly available AI with web scraping capabilities and was manually and individually verified to confirm the usage of AI-assisted workflows.
If AI was mentioned in a company’s privacy policy, press release, or mentioned in reputable AI providers’ news posts, and we were able to identify the use case and type of AI, then we count it as valid.
In other cases, we could not identify enough information to strongly believe the usage of AI is common practice in that company.
Potential issues were categorized by their impact on the customers, the company, or the brand. In most cases, potential issues have already affected high-value companies before and are well-documented in the press.
Data was collected on June 24th and reviewed manually on June 25th. If the company has updated its privacy policy and/or received more press coverage about its AI usage, that was not included in this analysis.
Limitations and future risks
While all mentioned companies have implemented AI solutions, Cybernews researchers do not have detailed visibility into the specific security rules, controls, or internal practices each organization applies, and Cybernews researchers could not assess the maturity or effectiveness of their internal security measures.
The analysis is based on publicly available information about what type of AI is used, in which industry, and for what purpose. Therefore, the researchers identified potential insecure use cases and associated risks, but have not been able to confirm how securely or responsibly these AI systems are actually managed in practice.
In this report, the terms “case,” “incident,” and “instance” refer to a potential risk or vulnerability identified through analysis of publicly available information about AI deployments in S&P 500 companies. These do not represent confirmed security breaches or active incidents, but rather possible exposures or issues that could arise based on how AI is being used. All counts reflect potential – not verified – security risks.
That being said, the Cybernews research team believes that in the near future nearly every company will be in one way or another assisted by AI-enhanced workflows, so it is safe to state that the potential issues discovered today already are or will be valid for most companies.
Potential or verified issue counts will only rise, as will new AI-focused threat actor groups. It is crucial to highlight the importance of early secure practices and adaptation – doing it later could be too late.
