AI moves fast. Stay in the know.

A new KPMG study reveals that while 74% of global leaders plan to maintain AI as a top investment priority despite economic uncertainty, three-quarters remain concerned about data security and privacy, exposing a critical gap between AI spending and value realization. Only 11% of organizations qualify as "AI leaders" who see meaningful business value, while the majority struggle with foundational challenges, including data quality, governance, compliance, and risk management that have persisted since early AI adoption.

Source: TechRadar

What to know:

• Two-thirds (64%) of organizations agree AI delivers meaningful business value, but 75% express concerns about data security and privacy without comprehensive risk management frameworks in place.
• Only 11% qualify as "AI leaders" who see meaningful value (82% vs 62% among non-leaders), with 32% deploying agentic AI at scale and 27% using multiple AI agents.
• Early-stage firms show low confidence in managing AI risks; only 20% feel prepared compared to nearly 50% of AI leaders, highlighting a significant capability gap.
• Organizations investing in workforce training and AI-specific hiring are nearly four times more likely to see AI value, yet many continue to treat AI as a bolt-on rather than a transformation.
• Persistent challenges remain unchanged from earlier GenAI investments: data quality, governance frameworks, compliance requirements, and security/privacy concerns continue to hinder scalable deployment.

Why it matters:
The research underscores a fundamental tension in enterprise AI adoption: investment enthusiasm without operational readiness creates risk exposure rather than competitive advantage. The shift from generative AI to agentic AI amplifies this challenge; autonomous AI agents require robust governance frameworks and trust mechanisms that most organizations have not yet built. For mid-sized businesses, this study validates the need to prioritize foundational capabilities: comprehensive data governance, proactive risk assessment, and continuous monitoring, before scaling AI deployments, ensuring that increased spending translates into measurable business value rather than expanded security vulnerabilities.

A critical ChatGPT vulnerability allowed attackers to silently exfiltrate sensitive user data through a DNS-based covert channel that bypassed all platform guardrails and security warnings. Security researchers discovered the flaw that exploited the fact that DNS queries were treated as harmless infrastructure, creating a blind spot that enabled data theft without triggering any user alerts or consent prompts.

Source: TechRadar

What to know:

• The vulnerability combined prompt injection with DNS abuse to exfiltrate data through domain name queries rather than monitored HTTP or API channels.
• DNS traffic was treated as "harmless infrastructure" by ChatGPT's security systems, creating a blind spot that did not trigger approval dialogs or risk warnings.
• Attackers could initiate the exploit through malicious prompts embedded in emails, PDFs, websites, or even through custom GPTs posing as legitimate tools (such as "personal doctors").
• Users unknowingly shared highly sensitive information, medical conditions, payment slips, contracts, and private conversations, assuming ChatGPT's environment was fully isolated.
• OpenAI deployed a fix towards the end of February 2026, marking the second major vulnerability patched that week after a separate Codex command injection flaw.

Why it matters:
This incident exposes a fundamental assumption gap in AI security: organizations trust that GenAI platforms prevent unauthorized data extraction, but novel attack vectors continue to emerge. The use of DNS, a protocol designed for basic name resolution, as a data exfiltration channel demonstrates that AI guardrails focused on policy and intent can miss infrastructure-level exploits. For mid-sized businesses deploying ChatGPT across teams, this vulnerability underscores the need for continuous monitoring of AI interactions at the network level, real-time anomaly detection across all data transmission protocols, and proactive risk assessment of GenAI tools before sensitive data enters the conversation.