Multiple reports highlighted escalating enterprise AI security risk driven by rapid adoption, weak governance, and widespread shadow AI use. Zscaler research reported that 90% of tested enterprise AI systems had critical vulnerabilities discoverable in under 90 minutes, with a median 16 minutes to first critical failure, enabling fast data loss and defense bypass; the same reporting noted sharp growth in AI/ML activity across thousands of apps and rising corporate data transfers into AI tools such as ChatGPT and Grammarly. Separately, CSO Online reported that roughly half of employees use unsanctioned AI tools and that enterprise leaders are significant contributors, reinforcing the risk that sensitive data and workflows are being exposed outside approved controls.
Governance and control gaps were further underscored by coverage of NIST AI guidance pushing organizations to expand cybersecurity risk management to AI systems, and by reporting on AI infrastructure abuse (criminals hijacking/reselling AI infrastructure) and Hugging Face infrastructure being abused to distribute an Android RAT at scale. Several other items in the set were not about enterprise AI risk specifically, including a ShinyHunters vishing campaign, critical RCE flaws in the n8n automation platform, an article on the EU’s alternative to CVE and potential fragmentation, a piece on a startup’s Linux security overhaul, and an opinion column on human risk management; these are separate topics and should not be treated as part of the same AI-risk story.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
7 events from the most recent confirmed update back to the earliest known activity.
A Bitdefender report published on July 1, 2026 said many organizations still lack full visibility into employee use of both sanctioned and unsanctioned AI tools, with practitioners reporting less visibility than managers. The report also said more than half of respondents who experienced an incident were told to keep it confidential rather than report it to authorities.
Research reported on February 2, 2026 found 58% of workers use unapproved AI tools and 63% believe doing so without IT approval is acceptable. The findings highlighted risks from employees sharing sensitive business data with public or unsanctioned AI services.
On January 30, 2026, reporting said Hugging Face infrastructure was abused in a large-scale malware campaign to distribute an Android remote access trojan. The item identified the activity as a mobile malware and endpoint security concern.
A January 29, 2026 news item flagged critical remote code execution vulnerabilities in the n8n automation platform that could enable host-level compromise. The disclosure raised concern about the security impact on organizations using the platform.
Late-January 2026 reporting said roughly half of employees were using unapproved AI tools for work, with enterprise leaders also identified as major contributors. The issue was presented as a growing governance and data exposure risk for businesses.
Research cited on January 29, 2026 found that 90% of assessed enterprise AI systems had critical vulnerabilities discoverable in under 90 minutes, with a median time to first critical failure of 16 minutes. The report warned that rapid enterprise AI adoption is creating machine-speed attack paths and recommended zero trust controls.
Coverage in late January 2026 emphasized new NIST guidance on AI and its implications for cybersecurity governance and risk management. The reporting framed the guidance as pushing cybersecurity boundaries for organizations adopting AI.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
6 references tracked. Mallory keeps watching after this page renders.
securitymagazine.com
Open sourcescworld.com
Open sourcecsoonline.com
Open sourcescworld.com
Open sourcecsoonline.com
Open sourcecsoonline.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.