Gartner is projecting a harder security environment for enterprise generative AI. Gartner’s new prediction said 25% of all enterprise GenAI applications will experience at least five minor security incidents per year by 2028, up from 9% in 2025. Gartner said the rise will be linked to the spread of agentic AI applications and the wider use of technologies such as the Model Context Protocol (MCP).
15% of enterprise GenAI apps will experience at least one major security incident per year by 2029, up from 3% in 2025. That forecast points to a risk curve that is still moving up as companies move GenAI from pilot projects into production systems.
Why GenAI apps will face security incidents
Gartner’s main explanation is straightforward: many of these systems are being deployed faster than their security controls are maturing. MCP was designed first for interoperability, ease of use and flexibility, not for security enforcement by default. That means mistakes can slip through normal use unless teams keep a close watch on how the systems are configured and used.
Risk increases when AI agents can access sensitive data, ingest untrusted content, and communicate externally in the same workflow. Gartner described that combination as a “no-go zone” because it raises exfiltration risk. In practice, that means some enterprise GenAI projects may be technically functional but still unsafe to scale without stricter guardrails.
Type of security incidents
Gartner said the risk profile includes data exposure incidents, problems in widely used third-party components, content injection attacks, supply chain threats, and disclosure of sensitive data or privilege escalation when AI systems make mistakes while trying to be helpful. It also warned that insecure use of third-party MCP components can create gaps that are not obvious at deployment time.
In March 2026, Gartner said AI security platforms are increasingly needed to secure third-party AI services and custom-built AI applications. Prompt injection and data misuse as emerging risks, and said centralized controls are becoming important because many organizations still lack clear procedures for AI-related incidents.
More about the predictions
In March, Gartner said 50% of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI-driven applications by 2028. That is a significant shift because it implies AI will not just be a software category to secure; it will become one of the main sources of security operations work.
Gartner also said more than 50% of enterprises will use AI security platforms by 2028 to manage risks from third-party AI services and custom applications. Another prediction in the same release said 33% of IT work through 2030 will be spent remediating AI data debt. Taken together, those forecasts suggest that AI adoption is creating a second layer of infrastructure work: securing the data, workflows and access paths that AI depends on.
What this matters
GenAI security risk is moving from theory to operations, Gartner’s numbers show that the problem is no longer limited to model accuracy or output quality. Cybersecurity teams now have to think about how GenAI systems handle data, how agents connect to other systems, and how third-party components are monitored over time.
For software and security leaders, the forecast is a warning to build controls early rather than add them later. Companies should start with rigorous security review processes, focus first on low-risk use cases, and define guardrails before giving AI agents access to real business data. That approach is less about slowing adoption and more about avoiding a future where GenAI incidents become routine.
At a broader level, the report shows how quickly enterprise AI is changing the security baseline. The new risk is not just that GenAI systems may fail; it is that they may fail in ways that create repeated operational noise, data exposure and response overhead.
[ Related Post: Anthropic Launches ‘Project Glasswing’ with Tech Giants to Boost Global Cybersecurity ]
