Internal AI systems emerge as top breach risk: report

ExtraHop has released its 2026 Global Threat Landscape Report, which identifies internal AI systems as a major source of enterprise breaches.

The report is based on a survey of more than 1,800 security and IT leaders at organisations with more than 1,000 employees across the US, UK, France, Germany, Singapore, Australia and the UAE.

Among respondents, 55% said AI agents, agentic infrastructure and generative AI applications now represent their biggest attack-surface risk. Another 85% reported security incidents, data exposures or near misses in which an AI system was the root cause.

The findings suggest a shift in how cyber risk is developing inside large companies. Rather than focusing only on external software flaws or phishing campaigns, security teams are also dealing with threats tied to AI tools embedded in workflows, identities and data-handling processes.

Many organisations also appear to be struggling to detect attacks before sensitive information leaves their networks. Nearly half of ransomware victims, 49%, said they did not detect the attack until after data had been exfiltrated, up from 31% a year earlier.

Another 14% said they were unaware of an incident until they received a ransom demand. In ransomware cases, attackers remained inside enterprise environments for nearly two and a half weeks on average before detection.

Detection delays

Respondents cited several reasons for delayed detection and investigation. Attackers used encrypted channels to bypass detection, mimicked legitimate workflows and relied on valid high-privilege account permissions, making malicious behaviour harder to distinguish from normal activity.

Alert fatigue remained a problem, and a lack of established baseline behaviour within networks was another reason anomalous activity went unnoticed.

The report also highlighted concerns about AI-related identity compromise. Nearly 37% of respondents reported AI identity or session theft, suggesting that internal AI systems are no longer viewed only as productivity tools but also as active targets for attackers.

Examples of AI-linked incidents included AI-enhanced external attacks, compromised AI identities, supply chain breaches involving vendors' integrated AI, shadow AI exposure, and failures in agentic or API logic.

Ransom trends

The financial picture in ransomware incidents was mixed. The average ransom payment fell to USD $2.8 million from USD $3.6 million in 2025, but the share of victims who paid rose to 83% from 70%.

Downtime per incident averaged almost 30 hours. The data suggests that while average payments are falling, attackers may be extracting money from a larger share of victims.

The most frequently detected threat groups in enterprise networks were LockBit, RansomHub, Lazarus Group, DarkSpectre and Midnight Blizzard. LockBit and RansomHub were the top two for the second consecutive year.

The report also drew a contrast between groups using AI to increase the speed and volume of attacks and state-backed actors that still rely more heavily on human-led operations. Detections linked to APT41 fell by 50% year on year.

Manual workload

Despite wider use of AI in security operations, many teams still depend heavily on manual work. Respondents reported medium to high levels of manual intervention across detection, alert triage, investigation and response.

Investigation was the most manual stage, with 49% saying it still required substantial human input. The survey found security operations centre analysts spend only 44% of their time on proactive tasks such as threat hunting and detection engineering, with the rest absorbed by triage and data gathering.

AI tools were not always reducing the burden. Nearly 30% of respondents said AI-generated alerts had produced false positives that negatively affected investigation timelines.

That tension sits at the centre of the report's argument: companies are deploying more AI in both business operations and cyber defence, but many lack the context needed to judge suspicious behaviour quickly and accurately.

Raja Mukerji, Co-founder and Chief Scientist at ExtraHop, said the main challenge was visibility, not automation alone.

"When you look at the big picture of modern cyber risk, the thread connecting every major challenge, from missed detections and prolonged dwell times to AI false positives, is a fundamental lack of situational awareness, or ground truth," said Raja Mukerji, Co-founder and Chief Scientist at ExtraHop.

"As threat actors leverage AI to scale their operations, defenders are countering with automated operations that don't have the context required to make definitive decisions. The network bridges this critical gap, revealing exactly how threats are moving and communicating so security teams have the full picture. Until we enrich our security tooling and AI agents with deep, real-time network context, attackers will continue to have the upper hand," Mukerji said.