TL;DR: AI tools are already in use across IT infrastructure for 60% of organisations, according to Netwrix research from a survey of 2,150 IT professionals across 121 countries. The real issue is not AI adoption itself but the governance gap between fast-moving AI use and incident response, identity control, and recovery discipline, with 51% reporting an incident requiring a dedicated security response and 75% reporting financial damage.
NHIMG editorial — based on content published by Netwrix: 2025 Cybersecurity Trends Report
By the numbers:
- 60% of organizations are already leveraging AI tools in their IT infrastructure.
- 51% of respondents confirmed experiencing a security incident in the past 12 months that demanded a dedicated response from security teams.
- 75% of respondents reported financial damage due to attacks.
Questions worth separating out
Q: How should security teams govern AI tools embedded in IT infrastructure?
A: They should treat AI-enabled infrastructure as an identity governance problem, not just a tooling problem.
Q: Why do incidents involving AI tools often need dedicated security response?
A: Because automated remediation rarely resolves the full scope of access, data, or configuration impact on its own.
Q: What breaks when AI adoption outpaces identity governance?
A: The gap usually appears in approval, visibility, and recovery.
Practitioner guidance
- Inventory AI-touching identities and workflows Identify every AI tool that can access infrastructure, secrets, or administrative interfaces, then map which human, service, or delegated identities it relies on.
- Add identity steps to incident runbooks Require responders to check credential use, service account activity, token scope, and privileged access changes before declaring containment.
- Measure recovery against access scope Track whether incidents that involve AI, automation, or machine access are taking longer to close because of delayed privilege review or unclear ownership.
What's in the full report
Netwrix's full report covers the operational detail this post intentionally leaves for the source:
- Survey methodology and respondent breakdown across 121 countries
- Year-over-year comparisons with 2024, 2023, and 2020 trend data
- Full section-by-section findings on AI security posture, cyberattack consequences, and cyber insurance
- The source report's own framing of how IT priorities are shifting as AI adoption grows
👉 Read Netwrix's 2025 Cybersecurity Trends Report on AI and incident response →
AI in IT infrastructure: what the 2025 trends report shows?
Explore further
AI adoption has become an identity governance problem before it becomes an AI governance problem. Once 60% of organisations are already using AI tools in IT infrastructure, the practical question shifts from adoption to control coverage. The identity layer has to account for people, service accounts, secrets, and increasingly delegated tool use in the same operational environment. Practitioners should read this as a governance convergence point, not a technology milestone.
A few things that frame the scale:
- 19% of organisations give AI systems dramatically more access than human employees, nearly one in five granting unrestricted privilege, according to the 2026 Infrastructure Identity Survey.
- Only 44% of organisations have implemented any policies to manage their AI agents, despite 92% agreeing that governing AI agents is critical to enterprise security.
A question worth separating out:
Q: Who should own incident response when AI and infrastructure controls overlap?
A: Ownership should sit with the team that can see both identity behaviour and infrastructure impact, typically security operations working with IAM, PAM, and platform owners. If the incident involves access scope, credentials, or privileged workflows, accountability has to include revocation and recovery decisions, not just alert handling.
👉 Read our full editorial: AI adoption is exposing cybersecurity response gaps in IT teams