Gigamon survey: AI now implicated in 83% of security breaches

AI is now a factor in 83 per cent of reported security breaches, according to Gigamon's 2026 Hybrid Cloud Security Survey, which polled more than 1,000 security and IT leaders across Australia, France, Germany, Singapore, the UK and the US. The annual study — now in its fourth year — also found that 65 per cent of organisations experienced at least one breach in the past twelve months, a figure the company says represents a 40 per cent increase over three years.

The headline finding points to a compounding problem: despite the majority of respondents (93 per cent) reporting increased investment in security tooling, defenders remain structurally behind attackers who are using AI to accelerate the speed and scale of intrusions. Shane Buckley, president and chief executive at Gigamon, said that "many still lack visibility into how data moves across their environments, creating confidence without control."

The confidence gap

The survey surfaces what Gigamon labels a security illusion: 64 per cent of organisations describe their ability to secure new AI technologies as "defined" or "integrated," yet one in three of those same organisations suffered multiple breaches in the same period. The gap between self-assessed posture and actual outcome is the central finding the report sets out to quantify.

AI-related incidents span a range of categories. External AI-driven attacks account for 41 per cent of cases; direct attacks on large language model systems, 33 per cent; and both internal data leaks and unsanctioned AI use, 30 per cent each. The survey also found that 94 per cent of respondents now rely on AI to autonomously initiate security functions — most commonly alert triage and prioritisation (53 per cent) — meaning the technology is simultaneously a primary threat vector and a core component of the defensive stack.

Trust in public cloud environments for AI workloads continues to deteriorate. Seventy per cent of leaders said they are reluctant to deploy AI in public cloud settings, up markedly from 54 per cent the previous year. A majority (72 per cent) now favour data lakes as a more secure alternative for AI workloads, a shift that carries significant implications for cloud-infrastructure procurement decisions.

Network visibility and the quantum horizon

Gigamon positions deep observability — using network-derived telemetry including packets, flows and application metadata — as the primary answer to the visibility deficit. Of organisations that suffered a breach, only 30 per cent said they had the tools required to respond effectively, a stark indictment of investment strategies that have prioritised tool count over network-level insight. The survey reports that 93 per cent of respondents agreed that packet-level data and rich application metadata are essential to detecting modern threats, and 90 per cent said their boards now actively support deep observability initiatives.

Looking further out, 87 per cent of respondents expressed concern about "harvest now, decrypt later" attacks — the strategy of exfiltrating encrypted data today in anticipation of future quantum-computing capability sufficient to break classical encryption. This finding aligns with an accelerating policy trajectory: NIST published its first post-quantum cryptography standards in 2024, and the UK's National Cyber Security Centre has issued migration guidance urging organisations to begin planning transitions now, with a target horizon of 2035 for the most sensitive systems.

Market context

The network-visibility and deep-observability segment is occupied by a small number of specialists — Gigamon among the most established — alongside NDR (network detection and response) vendors such as ExtraHop and Vectra AI, and a broader set of SIEM and XDR platforms from CrowdStrike, Microsoft, Palo Alto Networks and Elastic, all of which increasingly incorporate AI-driven analytics. The competitive pressure is significant: hyperscalers bundle observability tooling into their native cloud consoles, making it harder for independent vendors to justify standalone deployments. Gigamon's argument — that cloud-native telemetry alone leaves encrypted and east-west traffic insufficiently monitored — is the core of its differentiation, and the survey data is plainly constructed to support that commercial narrative. Buyers should weight the findings accordingly while recognising that the underlying visibility problem it identifies is widely corroborated by independent threat-intelligence research.