Organizations that were experimenting with Applied-AI in isolated pilot programs just two years ago are now embedding it into core workflows, customer-facing products, and business-critical infrastructure.
But as technology matures, a troubling pattern is emerging: speed of deployment is consistently outpacing the security discipline required to protect it.
A new Gartner market study exposes the risk that many technology leaders have instinctively sensed but struggled to quantify.
GenAI Security Market Development
By 2028, 25 percent of all enterprise generative AI (GenAI) applications will experience at least five minor security incidents per year, that's up from just 9 percent in 2025.
That represents nearly a threefold increase in less than three years, and the trend does not stop there. Gartner further projects that by 2029, 15 percent of all enterprise GenAI apps will experience at least one major security incident per year, compared to only 3 percent in 2025.
Meanwhile, the downstream pressure on IT security operations will be significant.
By 2028, fully 50 percent of all enterprise cybersecurity incident response efforts will focus on incidents involving custom-built AI-driven applications.
For financial services and healthcare firms, the stakes are even more direct.
Through 2027, manual AI compliance processes will expose 75 percent of regulated organizations to fines exceeding 5 percent of their global revenue.
For a company generating $1 billion in annual revenue, that translates to a potential $50 million fine. The numbers at larger enterprise scale become genuinely alarming.
MCP Convenience Versus Control
MCP has become increasingly popular as a connective tissue between AI agents and enterprise data systems, and its appeal is understandable.
But as Aaron Lord, senior director analyst at Gartner, explains, "MCP was built for interoperability, ease of use, and flexibility first, so security mistakes can manifest without continuous oversight for agentic AI."
This is the classic innovator's dilemma applied to infrastructure design.
MCP optimizes for what developers and business stakeholders want most in the short term, namely speed and flexibility, while deferring the harder security questions.
The result is a framework that is powerful and extensible, but that creates compounding risk when agents can simultaneously access sensitive data, ingest un-trusted content, and communicate externally within the same workflow.
Gartner specifically flags that combination as a "no-go zone" due to elevated data exfiltration risk. The practical implication for software engineering leaders is that they cannot rely on inherited security controls designed for human users.
AI agents require a distinct authentication and authorization architecture, with tightly scoped permissions that reflect the agent's role rather than the broader access of the developer who built it.
A Cultural and Organizational Gap
Beyond the technical challenges, there is a measurable human dimension to this problem.
A Gartner survey of 175 employees conducted between May and November 2025 found that over 57 percent use personal GenAI accounts for work purposes, and 33 percent admit to inputting sensitive information into unapproved tools.
No amount of technical guardrails can compensate for a workforce that is working around official AI governance channels.
This underscores the need for organizations to move beyond security awareness campaigns toward adaptive, behavior-based programs that treat AI usage as a primary risk vector rather than an afterthought.
Organizations that have not yet invested in AI-specific incident response playbooks are not simply unprepared. They are accumulating a deficit that will become increasingly expensive to close as incident volumes rise.
Growth in Both Risk and Opportunity
The good news is that the IT security industry is beginning to respond.
By 2028, more than 50 percent of enterprises are expected to use AI security platforms to secure third-party AI service usage and protect custom-built AI applications.
These platforms, which centralize visibility and apply consistent guardrails across Applied-AI deployments, represent a significant growth opportunity for established security vendors and emerging challengers alike.
The broader trend is clear. AI application security is transitioning from a niche specialty into a mainstream enterprise IT priority.
Organizations that treat it as such today, by investing in formal MCP security review processes, establishing domain-driven ownership of AI agents, and building proactive compliance infrastructure, will be better positioned to innovate.
That being said, I believe the lesson here is not to slow down AI adoption. It is to recognize that the most durable competitive advantage will belong to organizations that make security a foundational Applied-AI design principle rather than a post-deployment patch.
The window of opportunity to get ahead of this trend is narrowing fast.