AI is a Ticking Time Bomb for Your Data, Reveals New Report From Varonis

Rhea-AI Summary

A new report from Varonis (VRNS) reveals alarming statistics about AI-related data security risks across 1,000 organizations. The study analyzed nearly 10 billion cloud resources, encompassing over 20 petabytes of data across major platforms like AWS, Azure, and Google Cloud. Key findings show that 99% of organizations have sensitive data unnecessarily exposed to AI tools, while 90% of sensitive cloud data, including AI training data, remains accessible to AI tools. Additionally, 98% have unverified apps including shadow AI, 1 in 7 organizations don't enforce MFA across their cloud environments, and 88% have ghost users in their systems. The report emphasizes the critical need for data-centric security approaches to prevent AI-related data breaches while organizations rapidly adopt AI technologies.

Positive

• Comprehensive analysis of 10 billion cloud resources and 20 petabytes of data provides reliable insights
• Company demonstrates leadership in identifying critical AI security risks
• Research spans major cloud platforms and services, showing broad market coverage

Negative

• Report reveals severe security vulnerabilities in most organizations' AI implementations
• 90% of sensitive cloud data exposed to AI tools indicates widespread security gaps
• High prevalence of unverified apps and ghost users shows significant security risks
• 14% of organizations lack basic MFA security measures

News Market Reaction

+0.43%

1 alert

+0.43% News Effect

On the day this news was published, VRNS gained 0.43%, reflecting a mild positive market reaction.

Data tracked by StockTitan Argus on the day of publication.

The State of Data Security Report shares findings from 1,000 real-world IT environments to uncover the dark side of the AI boom

MIAMI, May 20, 2025 (GLOBE NEWSWIRE) -- A new report from Varonis reveals 99% of organizations have sensitive data exposed to AI. The State of Data Security Report: Quantifying AI’s Impact on Data Risk examines how much sensitive information is exposed and vulnerable to AI tools due to misconfigurations, overly permissive access, and other data security gaps.

“The productivity gains of AI are real — and so is the data security risk,” said Varonis CEO, President, and Co-Founder Yaki Faitelson. “CIOs and CISOs face enormous pressure to adopt AI at warp speed, which is driving the adoption of data security platforms. AI runs on data, and taking a data-centric approach to security is critical to avoid an AI-related data breach.”

Varonis analyzed data risk assessments from 1,000 organizations — providing empirical evidence of risk, not conclusions based on AI readiness surveys and polls. The dataset included nearly 10 billion cloud resources — over 20 petabytes of data — within popular IaaS and SaaS applications and services, including AWS, Microsoft Azure, Google Cloud, Box, Salesforce, Microsoft 365, Okta, Databricks, Slack, Snowflake, Zoom, and many others.

In the organizations examined, Varonis found:

• 99% have sensitive data unnecessarily exposed to AI tools.
• 90% of sensitive cloud data, including AI training data, is open and accessible to AI tools.
• 98% have unverified apps, including shadow AI, within their environments.
• 1 in 7 do not enforce MFA across SaaS and multi-cloud environments.
• 88% have ghost users lurking in their environments.
  

Get the State of Data Security Report: Exposing Data at Risk in the Age of AI.

Additional Resources:

• See Varonis in action: schedule a 30-minute demo.
• Check out these Varonis integrations.
• For more information on Varonis' solution portfolio, please visit www.varonis.com.
• Visit our blog and join the conversation on X, LinkedIn, and YouTube. 

About Varonis
Varonis (Nasdaq: VRNS) is the leader in data security, fighting a different battle than conventional cybersecurity companies. Our cloud-native Data Security Platform continuously discovers and classifies critical data, removes exposures, and detects advanced threats with AI-powered automation.

Thousands of organizations worldwide trust Varonis to defend their data wherever it lives — across SaaS, IaaS, and hybrid cloud environments. Customers use Varonis to automate a wide range of security outcomes, including data security posture management (DSPM), data classification, data access governance (DAG), data detection and response (DDR), data loss prevention (DLP), AI security, and insider risk management.

Varonis protects data first, not last. Learn more at www.varonis.com.

Investor Relations Contact:
Tim Perz
Varonis Systems, Inc.
646-640-2112
investors@varonis.com

News Media Contact:
Rachel Hunt
Varonis Systems, Inc.
877-292-8767 (ext. 1598)
pr@varonis.com

A photo accompanying this announcement is available at https://www.globenewswire.com/NewsRoom/AttachmentNg/0989355e-d00a-4995-af49-2693bb46ad1b

FAQ

What are the main findings of Varonis (VRNS) 2025 State of Data Security Report?

The report found that 99% of organizations have sensitive data exposed to AI, 90% of sensitive cloud data is accessible to AI tools, 98% have unverified apps, 1 in 7 don't enforce MFA, and 88% have ghost users in their environments.

How much data did Varonis analyze in their 2025 AI security report?

Varonis analyzed nearly 10 billion cloud resources, comprising over 20 petabytes of data across various cloud platforms including AWS, Azure, Google Cloud, and other major SaaS applications.

What percentage of organizations have sensitive data exposed to AI according to Varonis?

According to Varonis's 2025 report, 99% of organizations have sensitive data unnecessarily exposed to AI tools.

What security risks did the Varonis (VRNS) report identify in cloud environments?

The report identified several risks including widespread exposure of sensitive data to AI tools, presence of unverified apps and shadow AI, lack of MFA enforcement in 1 in 7 organizations, and ghost users in 88% of environments.

Which cloud platforms were included in Varonis's 2025 AI security analysis?

The analysis included AWS, Microsoft Azure, Google Cloud, Box, Salesforce, Microsoft 365, Okta, Databricks, Slack, Snowflake, Zoom, and many other IaaS and SaaS applications.