AI's Fast-Moving Ecosystem Tops Gen AI-Related Security Risks For Indian Organisations: Thales Report

Artificial intelligence, especially generative AI, relies heavily on high-quality, sensitive data for functions like training, inference and content generation. As agentic AI emerges, ensuring data quality becomes even more critical.

This fast-moving AI ecosystem is the most concerning gen AI security risk for nearly 70% of organisations in India, followed by lack of integrity (66%) and trustworthiness (55%), according to the 2025 Thales Data Threat Report.

The report was based on a survey of more than 3,100 IT and security professionals in 20 countries across 15 industries. 

While most respondents said rapid adoption of gen AI is their top security concern, respondents in the more advanced stages of AI adoption aren't waiting to fully secure their systems or optimise their tech stacks before forging ahead. Because rapid tech adoption outweighs cyber readiness, these organisations may be inadvertently creating their own biggest security vulnerabilities. 

In India, 72% of respondents reported investing in gen AI-specific security tools, with 16% using newly allocated budgets. Security for gen AI has risen as a top spending priority, securing the second spot in ranked-choice voting, just behind cloud security. This shift underscores the growing recognition of AI-driven risks and the need for specialised defences to mitigate them.

While data breaches remain a significant concern, their frequency has slightly decreased over the past few years. In 2021, 56% of surveyed global enterprises had a breach, but that has dropped to 45% in 2025.

Additionally, the percentage of respondents reporting a breach within the last 12 months has fallen from 23% in 2021 to just 14% in 2025. In India, 11% of respondents reported experiencing a data breach recently.

Globally, malware is the most prevalent threat. Phishing climbed to second place, overtaking ransomware, which now ranks third. When it comes to the most concerning threat actors, external sources dominate — hacktivists hold the top spot, followed by nation-state actors. Human error, while still significant, has dropped to third. 

Most organisations are increasingly concerned about quantum-related security risks, the study found. The top threat, cited by 68% of respondents in India, is future encryption compromise — the risk that quantum computers could break current or future encryption algorithms, exposing data once considered secure. 

Close behind, 56% identified key distribution vulnerabilities, where quantum advancements could undermine the secure exchange of encryption keys. Additionally, 58% highlighted the "harvest now, decrypt later" threat, where encrypted data intercepted today could be decrypted in the future.

In response, 55% of organisations in India are prototyping or evaluating post-quantum cryptography solutions, and 49% are assessing their encryption strategies.