AI and Cybersecurity: The Hidden Risks Companies Miss
Expert Insights

AI and Cybersecurity: The Hidden Risks Companies Miss

Expert Insights

Most companies can tell you how fast they are adopting AI. Far fewer can describe what that adoption did to their security posture.

The adoption numbers are settled. McKinsey found that 88% of organizations now use AI in at least one business function, up from 78% a year earlier. Protection has not kept pace. IBM’s 2025 Cost of a Data Breach Report found that 63% of breached organizations had no AI governance policy in place or were still writing one. That distance between fast arrival and slow protection is where the damage happens.

To understand the gap, we sat down with Yair Gaon, a Strategic Solution Partner at Euvic US who has spent decades at the intersection of software engineering and enterprise security. After years away from the public eye, he returned to technology for this specific moment.

When I looked at where the market is heading, at the speed of AI adoption and the risks that come with it, I realized this is exactly the moment where my experience is most relevant."

Yair Gaon
Strategic Solution Partner

His return traces to a relationship that predates most of today’s AI companies. Gaon first worked with Leszek James, who now leads Euvic US, as a student at James’s U.S. startup Metrosoft more than 35 years ago.

The Security Question Most Companies Skip

Every leader Gaon meets wants to talk about speed. How quickly can we implement AI, where does it fit, how do we stay competitive. That urgency makes sense. One question rarely comes up alongside it.

In my experience, there is a critical question that most of these companies are not asking: what are the security implications of integrating AI into our core business systems? Every AI implementation, whether it touches customer data, intellectual property, or operational infrastructure, creates new points of vulnerability."

Yair Gaon
Strategic Solution Partner

The data supports him. Among organizations that reported an AI-related breach, 97% lacked proper AI access controls, according to IBM. Thirteen percent reported a breach of their AI models or applications, the first year IBM tracked the category, a sign AI is already a high-value target.

The cost of skipping the question tends to surface late.

The companies that move quickly on AI without addressing security at the architecture level are not just taking a risk. They are creating exposures they may not discover until well after the damage is done."

Yair Gaon
Strategic Solution Partner

Teams weighing that tradeoff can borrow the lens from our 15-point outsourcing risk assessment, where security and compliance gaps sit as a named category to score.

What the Wrong AI Partner Leaves Behind

Demand has produced a crowded field. Gaon watches new AI firms surface every week, each promising enterprise-grade delivery.

The AI market right now is flooded with new companies. Small studios, boutique agencies, startups, all positioning themselves as the partner that will bring AI into your enterprise. Many of them have genuine engineering talent, and I do not question that. What I question is whether a small, recently formed team has the depth to handle what enterprise AI actually demands. Data governance, access controls, encryption standards, regulatory compliance. These are not features you add later. They need to be part of the architecture from the very beginning."

Yair Gaon
Strategic Solution Partner

Skip the groundwork and a familiar pattern follows: the solution performs on the surface while quietly opening holes in systems that used to be secure.

That pattern carries a measurable price. Breaches tied to shadow AI, the unsanctioned tools employees adopt without oversight, ran roughly $670,000 above the average incident in IBM’s data, and one in five breached organizations traced an incident back to it. Attackers have joined the same wave, with 16% of breaches involving AI on the offensive side, most often AI-generated phishing and deepfake impersonation. Gaon reduces the equation to a single sentence.

Regulated sectors feel this first. Our writing on cybersecurity in the financial sector and cloud computing security shows where those access points open.

How Euvic Builds AI Securely

The counterweight to a rushed rollout is a partner that has protected regulated systems for years. Gaon frames the choice plainly.

If the security risk in AI adoption is real, and I believe it very much is, then the natural question becomes: who do you trust to get this right? That is exactly where Euvic operates. Euvic has been delivering software for over 20 years, across finance, healthcare, manufacturing, and other highly regulated industries."

Yair Gaon
Strategic Solution Partner

His method reads as a sequence rather than a bolt-on.

Our engineering teams in Poland carry security certifications, follow established governance protocols, and treat the protection of client data and systems as a foundational requirement, not an afterthought. When we integrate AI into a client’s business, we approach it methodically. We assess the risk landscape, we map the potential attack surfaces, and we build with encryption, access controls, and compliance requirements embedded from the very first stage."

Yair Gaon
Strategic Solution Partner

Experience anchors the distinction he draws.

That same security-first posture shapes our broader AI solutions and the industries we serve.

How to Adopt AI Without Widening Your Attack Surface

Security discipline in AI comes down to sequencing. A handful of practices separate careful adopters from the organizations IBM keeps counting.

  • Map the attack surface before you build: List every system the AI will touch, every data flow it opens, and every new access point it creates. Choices made at the architecture stage cost far less than the ones forced after an incident.
  • Write the governance policy first: With 63% of breached organizations missing one, a documented standard for approved tools, access, and audits is table stakes.
  • Vet partners on security depth, not demo polish: Ask how a vendor handles data governance, encryption, and regulatory compliance on day one. Thin answers there are a signal worth trusting.
  • Treat shadow AI as an active threat: Give teams sanctioned tools and clear guardrails so productivity stops routing around security.

End-to-End Services: See How We Can Help You Get Better Results.

6000+ Polish software developers and IT experts are ready to level up your business
Learn About Our Services

Build AI on a Secure Foundation with Euvic

AI adoption will keep accelerating. The organizations that come out ahead pair that speed with security built in from the first line of code. Gaon left an open door for leaders wrestling with the tradeoff.

If your company is exploring AI and you want to have a thoughtful conversation about doing it responsibly, I would welcome that."

Yair Gaon
Strategic Solution Partner

For more than 20 years, Euvic has built and secured software for finance, healthcare, and manufacturing clients, with 6,000+ engineers in specialized teams. Review our case studies, explore our services across custom development, cloud, data, and cybersecurity, or reach out to run a security-first read on your AI roadmap.

Talk to Your Local Euvic Team

We respond within 24h. Get Your Project Estimate & Initial Consultation!
Get in Touch Now

Insights

See Us In Action Before You Commit

Start With Results

Start with a focused, risk-free workshop before committing to full delivery.

Test AI Use Cases

For AI use cases, turn an idea into a working prototype in 2–3 weeks.

Scale What Works

Move forward with clear scope, a realistic budget, and a plan based on evidence.
For detailed data processing rules, see the privacy policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
I will get back to you within 24h!
COO Portrait
Christopher Krzoska
COO at Euvic, Inc.
Prefer a conversation? Book a quick intro call instead.
Big Euvic logoBig Euvic logo