Australian firms race ahead of AI security controls
Thu, 16th Jul 2026 (Today)
DigiCert has released Australian research on AI security incidents and vulnerabilities in enterprises. The survey found that 81% of organisations had either experienced an AI-related incident or identified an AI-related vulnerability.
The figures point to a broad gap between the pace of AI adoption and the controls many businesses have in place to manage it. According to the research, 76% of Australian organisations had deployed four or more AI-powered systems in the past six months, while 14% reported only partial or no formal monitoring of those systems.
Executive attention appears high. The research found that 87% of organisations discuss AI governance at executive or board level, yet only 46.4% have established formal AI governance programmes.
That gap extends to technical oversight. Nearly half of respondents, or 46%, said they cannot fully trace AI decisions back to the models and source data behind them, limiting their ability to understand how those systems produce outcomes.
Liability and access control are also emerging as practical concerns for companies using AI in day-to-day operations. Almost 84% of organisations have assessed AI-related liability exposure, while 84% have formal or informal processes to revoke access or trust when AI systems are compromised.
Another theme in the findings is the growing need to manage AI systems as distinct actors within corporate technology environments. The research found that 81% of organisations have assigned unique digital identities to at least some AI agents, and 44% are using those identities to improve oversight and accountability.
Governance gap
The findings suggest many Australian companies are trying to bring governance structures into line with the spread of AI tools across their operations. Half of the organisations surveyed said they have dedicated budgets for AI security, indicating that spending is beginning to follow board-level concern.
Still, the numbers suggest governance remains uneven. Formal discussion at senior level is now common, but the lower share of organisations with established programmes indicates that policy, accountability and monitoring frameworks are still being built in many businesses.
For security teams, that creates a familiar problem in a new setting: technology adoption is moving faster than the systems designed to control it. As AI systems are used across customer service, internal workflows, software development and decision support, gaps in oversight can create both operational and security risks.
Daniel Sutherland, Area Vice President, ANZ, at DigiCert, linked the findings to the wider shift from early experimentation to broader organisational use of AI.
"AI is rapidly becoming embedded into the way Australian organisations operate, but trust and security must remain central to this transformation. As businesses move from experimentation to enterprise-wide adoption, they need the right foundations in place to understand, manage and secure their AI environments," said Daniel Sutherland, Area Vice President, ANZ, DigiCert.
Board scrutiny
The survey suggests AI governance is becoming a standing issue in senior management discussions rather than a specialist topic left to technology teams. With nearly nine in 10 respondents saying the subject is discussed at executive or board level, AI oversight has moved into the mainstream of corporate risk management.
That shift comes as regulators and policymakers in several markets increase scrutiny of how companies deploy AI, manage data and assign responsibility for automated decisions. The research suggests Australian organisations are preparing for that environment, even if internal structures remain incomplete.
The inability of 46% of respondents to fully trace AI decisions back to source models and data may prove especially important in sectors where explainability, audit trails and accountability are becoming business requirements. Without that visibility, companies may find it harder to investigate errors, respond to incidents or meet compliance demands.
At the same time, the use of unique digital identities for AI agents suggests some organisations are treating non-human systems more like managed users within security frameworks. That approach can help define what an AI agent is allowed to access and make it easier to remove trust if a system is compromised.
Sutherland said the organisations that gain the most from AI will be those that can maintain control as use expands.
"The organisations that will benefit most from AI will be those that can confidently govern these systems, maintain visibility into how they operate and ensure they remain trusted as they scale. That is why DigiCert is committed to advising, supporting and safeguarding Australian businesses throughout this AI-driven sea-change," said Sutherland.
The research was based on an independent survey by Propeller Insights of 1,001 IT and cybersecurity decision-makers across Australia, the United Kingdom and the United States. The Australian findings were presented as a snapshot of how local enterprises are handling AI risk.