While companies are increasingly pouring resources into LLMs and generative AI systems, many organisations are still significantly underestimating the security risks they face.
Growing at a steep pace, cybersecurity threats have increased exponentially in recent years. Now, companies trying to keep up with the Joneses that have improperly integrated AI into their existing security architectures are starting to face the consequences.
This problem is exacerbated when AI systems are connected to established ERP and CRM systems. With a lack of appropriate controls in place, this dearth of preparedness can be the precursor to AI hallucinations, unauthorised access and costly data leakage.
Staff utilising LLMs such as ChatGPT and Claude can inadvertently expose their organisations to the risk of significant data breaches, as these models retain all the information inputted, for anyone to access.
In a recent example, attackers were able to compromise one prominent consulting firm's security through its LLM infrastructure, rather than targeting its applications directly.
Sometimes referred to as shadow AI, employees using unauthorised AI products is quickly becoming a large security challenge, according to Shane Buckley, President and CEO at Gigamon.
"Appropriate use of AI technology is really important," Buckley said.
"There is almost a contradiction in terms here in that AI is intended for good purposes, good practices, can share information from people, make people smarter, wiser. On the other hand, security has to now assume intent.
"You have to assume there's nefarious actors. And one of the biggest challenges organisations have today is shadow AI.
"Even though you're told not to, you sign documents, you go up to an LLM or to other locations using VPN devices, these personal devices that are connected to work devices. So it's very hard for organisations to treat data leakage.
"Once you actually pull (data) into a public LLM solution, that data is there for the rest of humanity to see. It's no longer a secret. So that is a big challenge. Organisations are putting in place a lot of document control technologies to try and control that. It's really hard, because there are more and more services emerging."
Gigamon's recently published Hybrid Cloud Security Survey, which consulted over 1000 security and IT experts worldwide, including over 300 CISOs, found that AI is now involved in a staggering 83 per cent of cyberattacks.
As organisations race to operationalise AI, motivated in part by the fear of missing out, global spending on AI hit an eye-watering $1.5 trillion in 2025.
Nearly two-thirds of surveyed organisations experienced a breach in the preceding year, representing an 18 per cent increase year-on-year. Thirty-two per cent reported multiple breaches.
However, 27 per cent of respondents were unable to determine the root cause of a breach, with just 30 per cent confident that they are equipped with the appropriate tools for an effective response.
Buckley is adamant that this gap between perspective, and the reality of the situation, is more akin to a chasm, with a growing number of companies concerningly underprepared for contemporary threats. The trend is not necessarily new, however.
"Of course, the survey shows that (lack of preparation)," Buckley said.
"But then again, most of our hybrid cloud surveys over the last few years showed the dislocation between fact and perspective. Sixty per cent of organisations breached feel somewhat comfortable.
"A year ago, AI capabilities were, in even technological terms, probably equivalent to five or ten years older. The AI market's moving incredibly fast.
"You look at potentially frontier models like Mythos, which a lot of people are talking about security, and there's palpable fear amongst governments and big organisations, like, oh my gosh, will this compromise my infrastructure? What am I going to do if that happens?
"There is a big disconnect in organisations, because also a lot of AI security capabilities have yet to be built, because not enough is understood about AI. There's a lot of implicit trust put upon how these models work, which is dangerous, because in security you have to assume malintent."
Despite being a relatively small market in a global context, Gigamon is focused on Australia as a market showing growth potential, with customers across three main sectors. Large Australian enterprises, as well as prominent government and defence departments across the nation, rely on Gigamon.
Australia's approach to security, as well as the growing AI opportunity, closely aligns with the company's base in the United States, as well as other Western markets.
Maintaining a presence in this region is also an important consideration for Gigamon.
"Most of the top of town banks, financial institutions, and others are customers of ours, so Australia is a very important market to Gigamon," Buckley said.
"I think Australian organisations value good quality products with longevity and experience.
"There's a lot of new products emerging in different categories, but when you have the history and you have the capabilities to support customers long-term, you've got the reputation value as well, I think that's important.
"So it's very much mutually a very good fit for both Gigamon and also for Australia's businesses."