The hasty integration of generative artificial intelligence tools into the corporate environment is creating a new and dangerous front of vulnerability. A recent report by
This growing risk scenario is evidenced by the significant increase in the volume of digital threats. The research shows that global organizations faced an average of 2,027 cyber attacks per week over the last year, a number that represents a growth of 9% compared to the previous period.
The main concern lies in the phenomenon known as “shadow AI”, where employees use public AI platforms for work tasks, entering confidential company information. From source code snippets to strategic plans and customer data, this information can be stored insecurely and eventually accessed by unauthorized third parties.
The escalation of cyber attacks in numbers
The 9% increase in weekly attacks reflects a global trend of intensifying digital threats. Digital transformation, accelerated in recent years, has expanded companies’ attack surface, making them more susceptible to different types of security incidents.
Regions with high digitalization, such as Estados Unidos and Reino Unido, are at the epicenter of this escalation. In Nestes markets, more than 1,440 organizations suffered weekly attacks, an alarming increase of 39% compared to the previous year, demonstrating that digital maturity also increases the complexity of the threat landscape.
The role of generative AI in information exposure
The ease of use and apparent efficiency of generative AI tools have led to mass adoption, but without due diligence on security. Funcionários, in search of productivity, often enter confidential corporate data into system prompts such as ChatGPT and other similar platforms. The problem is that many of these tools do not guarantee the privacy of the data entered, which can be used to train language models or be stored on external servers without adequate encryption. Estudos indicate that approximately one in every 80 queries made by employees to generative AIs contains information that could be considered critical or proprietary. The lack of governance and clear policies on the use of these technologies creates a blind spot for security teams, who are unable to monitor or control the flow of information to these external platforms, increasing the risk of leaks that can lead to financial losses, reputational damage and compliance violations.
Ransomware groups stand out in the threat landscape
In the threat ecosystem, ransomware attacks continue to be one of the biggest concerns for companies of all sizes. Grupos specialists have improved their tactics, exploiting flaws in operating systems, virtualization environments and cloud infrastructures.
Among the most active, the group Qilin, of Russian origin, demonstrated aggressive and consistent activity, leading the number of published victims. The organization is known for its double extortion techniques, which involve encrypting data and threatening to leak it publicly.
Other notorious groups include LockBit5, which showed great resilience by quickly returning after police operations aimed at dismantling it, and Akira, which focuses its efforts on medium and large enterprise systems, causing significant disruption.
The strategy of these groups has evolved to maximize pressure on victims. By exfiltrating large volumes of data before encrypting systems, they ensure a second form of coercion, making paying the ransom a more likely option to prevent public exposure of sensitive information.
Sectoral and geographic vulnerabilities
Incident analysis reveals that certain sectors are preferred targets for cyber criminals. The government and education sectors, along with non-profit institutions, have seen a high incidence of attacks. Essa vulnerability is often attributed to outdated IT infrastructures, limited security budgets, and a shortage of qualified professionals to manage digital defenses.
In these environments, inappropriate use of data in AI models further exacerbates the risk, as the lack of strict controls allows attackers to exploit loopholes with relative ease. Modernizing legacy systems and investing in security therefore becomes a critical priority to protect public information and data of citizens, students and donors.
The alarming growth of ransomware
The end of last year saw a worrying spike in ransomware attacks. Dezembro marcou o maior volume anual de incidentes públicos, com um aumento de 60% em comparação com o mesmo mês do ano anterior.
This growth was driven by the ability of attackers to improve their infiltration techniques. A exploração de vulnerabilidades de dia zero em softwares corporativos e o uso de credenciais roubadas continuam sendo os vetores de entrada mais comuns.
Additionally, criminals themselves are using artificial intelligence to optimize their campaigns. AI is used to create more convincing phishing emails, automate network reconnaissance, and identify high-value targets faster and more efficiently.
Mitigation strategies for corporate environments
To combat this new wave of threats, companies need to take a proactive approach to AI governance. Isso includes implementing clear usage policies that define what types of information can and cannot be fed into external AI tools.
Automatic classification of sensitive data is another fundamental measure, as it allows security solutions to identify and block attempts to send critical information in real time. Continuous employee training on the risks of shadow AI is also essential to strengthen the first line of defense.
The need for unified security platforms
Faced with the increasing complexity of threats, the use of multiple isolated and isolated security solutions proves to be ineffective. Organizations that adopt unified and consolidated cybersecurity platforms gain greater visibility across their entire IT environment, from the network to the cloud and endpoint devices. Essa integrated approach allows for faster threat detection and more agile and coordinated incident response, which is crucial for containing the damage of an attack in its early stages.
