Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

The race to adopt AI agents has created a massive, unmonitored blind spot in the enterprise software supply chain. At the heart of this revolution is the Model Context Protocol (MCP) – an open connectivity standard designed to move AI models (LLMs) out of their passive “chat box” and give them direct active access to your company’s internal systems.

This week, we released our 2026 State of Agentic AI Risk Report, a global survey of 250 senior cybersecurity leaders examining how enterprises are approaching agentic AI as it moves closer to production. The findings point to a clear reality. While AI agents are advancing quickly, security leaders are deliberately slowing adoption. In fact, 98% of respondents say security and data concerns have already slowed deployments, added scrutiny, or reduced the scope of agentic AI initiatives.

Researchers at Google’s Threat Intelligence Group (GTIG) warn that nation-state threat actors have adopted Gemini and other AI tools as essential components of their operations. The threat actors are using tools to conduct research and reconnaissance, target victims, and rapidly create phishing lures.

AI is not just another workload category. It is the first category of workloads that decides what to do at runtime. And that changes everything about how security must work in the cloud. For years, cloud security evolved around deterministic systems. You deploy code. That code follows defined logic paths. If something unexpected happens, such as a new process, an unusual outbound connection, or privilege escalation, you investigate and respond.

Google Threat Intelligence Group recently released its latest report, “GTIG AI Threat Tracker: Distillation, Experimentation, and (Continued) Integration of AI for Adversarial Us,” on how malicious adversaries are using AI to commit cybercrimes.

AI adoption isn’t slowing down. It’s accelerating, quietly, unevenly, and often outside formal control. To separate assumption from reality, CultureAI commissioned an independent research study of 300 senior technology, security, and risk leaders across North America and Europe. Respondents included CISOs, CIOs, CTOs, Data Protection Officers, and senior IT and security leaders across finance, healthcare, technology, legal, and professional services.

A Chief Information Officer’s (CIO) life is rarely simple or easy. Many are concerned about threat actors using AI to attack their organization, while at the same time attempting to convince their leadership to invest in AI as a defensive measure. A recent LevelBlue report Persona Spotlight: CIO, found that CIOs understand the threat, but many organizations are still behind the curve when it comes to certain aspects of their cyber defense.