Fastly's Global Security Research Report and the AI security gap: When innovation grows faster than defense – Image: Xpert.Digital
Warning or sales ploy? What's really behind the major AI security vulnerability?
Shadow AI in the office: The enormous security risk that no one controls
A widely discussed study by cybersecurity provider Fastly is now sounding the alarm with alarming figures – from drastically higher costs of damages to months of downtime in the DACH region (Germany, Austria, and Switzerland). But how much of this dire scenario is a justified warning, and how much is simply clever sales hype from a company that profits handsomely from precisely these fears? A critical look behind the scenes of this fear-driven PR reveals that the real risk doesn't lie in AI technology itself. It's the uncontrolled proliferation of "shadow AI" in offices, a glaring shortage of skilled workers, and the worrying misconception that innovation can be conducted safely without comprehensive governance structures. It's time for a sober assessment of the real vulnerabilities behind the widespread AI euphoria.
Those who warn the loudest sell the fire extinguishers – a critical assessment of the Fastly study and the real weaknesses behind the AI-first euphoria
The digitalization of the economy has reached a new level of escalation with the AI revolution. Companies that call themselves AI-first—that is, those that integrate artificial intelligence into their core processes and business models from the outset—face a paradox: The technology that is supposed to give them a competitive edge simultaneously makes them more vulnerable than ever before. The fourth Global Security Research Report by Fastly Inc., published in February 2026, provides alarming figures: 123 days longer recovery times in the DACH region (Germany, Austria, and Switzerland), 140.5 percent higher damage costs, and an attack surface that is expanding uncontrollably due to agentic workflows and decentralized data flows. But before these figures are accepted as irrefutable truth, it is worth taking a closer look at the source of the message, the methodological foundations, and the deeper structural causes that extend far beyond a single study.
The sender as beneficiary: Fastly's business model in the context of its own warnings
Fastly Inc., a publicly traded company headquartered in San Francisco, positions its edge cloud platform as a solution for content delivery, compute, and, most importantly, cybersecurity. In the fourth quarter of 2025, Fastly generated total revenue of $172.6 million, representing year-over-year growth of 23 percent. The momentum in the security business is particularly noteworthy: Security revenue increased by 32 percent to $35.4 million, now accounting for 21 percent of total revenue. For the full year 2025, security revenue amounted to $125.1 million, out of total revenue of $624 million. Fastly celebrated its first ever profitable fiscal year in 2025.
These figures are crucial for understanding the Global Security Research Report. Fastly sells precisely the products that, according to its own report, are urgently needed: web application firewalls, API security, bot management, and DDoS protection. When Marshall Erwin, Fastly's Chief Information Security Officer, states in the study that web application and API protection are becoming business-critical tools, he is effectively recommending his employer's own products. This doesn't automatically mean the data is inaccurate, but it creates a structural conflict of interest that must be considered during interpretation. A company whose fastest-growing business segment is security solutions has a vested economic interest in portraying security threats as dramatically as possible.
This type of fear-driven marketing is not uncommon in the cybersecurity industry. It's an established pattern: security vendors publish studies painting alarming threat scenarios while simultaneously offering corresponding solutions. This doesn't render the data worthless, but it does make critical verification essential.
The methodology under scrutiny: What 2,000 respondents can actually prove
The study is based on an online survey of 2,000 IT decision-makers with influence over cybersecurity decisions in large companies across various industries. The survey was conducted in the fourth quarter of 2025 by Sapio Research, a market research company, which administered the survey via email invitation and online questionnaire. 200 participants were surveyed in the DACH region (Germany, Austria, and Switzerland).
Several methodological aspects warrant critical examination. First, the sample size: 200 respondents across the entire DACH region is a relatively small cross-section, especially when specific conclusions about AI-first versus non-AI-first companies are drawn from it. Dividing the sample into two subgroups significantly reduces the statistical power of each individual subset. A result such as the claimed figure of zero percent AI utilization among non-AI-first companies in the DACH region appears less like an empirical finding and more like a methodological artifact: those who do not use AI cannot report AI-specific compromises, but this does not mean that these companies are more secure.
Then, the definition of the central term: What exactly makes a company an AI-first company? The study defines it as companies that integrate AI into core processes and offerings from the outset, rather than using it merely as a supplement. This definition is open to interpretation and based on self-assessment. Companies that describe themselves as AI-first tend to be larger, more technologically ambitious, and have more complex IT infrastructures. For this reason alone, they have a larger attack surface, which could at least partially explain the higher costs of damage and longer recovery times, without AI integration itself necessarily being the cause. Evidence of correlation is not the same as evidence of causation.
Furthermore, the recovery times are self-assessments by the respondents, not objectively measured values. The question of when a company considers itself fully recovered is subject to subjective criteria. AI-first companies, due to their greater technological complexity, might apply stricter standards for full recovery, which would at least partially explain the measured difference of 123 days.
Global figures versus DACH figures: Striking discrepancies
A notable aspect of the study is the significant discrepancy between the global results and the DACH-specific data. Globally, the recovery difference between AI-first and non-AI-first companies is 80 days, with damage costs that are 135 percent higher. In the DACH region, however, the difference is reported to be 123 days and costs that are 140.5 percent higher. The difference in AI utilization is even more dramatic: Globally, 44 percent of AI-first companies report direct AI utilization, compared to six percent of non-AI-first companies. In the DACH region, the AI-first figures rise to 49 percent, while the non-AI-first figures fall to zero percent.
A comparison of key performance indicators reveals significant differences between the global average and the DACH region (Germany, Austria, and Switzerland). The difference in recovery time after an incident between AI-first and non-AI-first companies is 80 days globally, but 123 days in the DACH region. Damage costs are also higher for AI-first companies in the DACH region, at 140.5%, compared to a global average of 135%.
In 44% of AI-first companies worldwide, AI was directly exploited in attacks; in the DACH region (Germany, Austria, and Switzerland), this figure was even higher at 49%. For non-AI-first companies, this was only the case in 6% of cases globally, and not a single case was reported in the DACH region (0%).
Globally, 64% of respondents consider AI scraping a cost factor, while in the DACH region (Germany, Austria, Switzerland) this figure rises to 57%. The average annual cost of scraping is approximately US$348,000 globally and around €372,059 in the DACH region.
| Key figure | Global | DACH region |
|---|---|---|
| Recovery Difference: AI-First vs. Non-AI-First | 80 days | 123 days |
| Higher damage costs AI-First | 135% | 140,5% |
| AI directly exploited (AI-First) | 44% | 49% |
| AI directly exploited (non-AI-first) | 6% | 0% |
| AI scraping as a cost factor | 64% | 57% |
| Average annual scraping costs | ~348,000 USD | ~372,059 EUR |
These discrepancies raise questions. The DACH region appears more extreme than the global average in almost all categories. This could be due to region-specific characteristics, such as a different composition of the surveyed companies, the more complex regulatory environment in Germany, Austria, and Switzerland, or simply statistical fluctuations with a sample size of only 200 respondents.
What's really behind the security vulnerability: Structural causes beyond the marketing narratives
Regardless of the justified criticism of the Fastly study, one central thesis cannot be dismissed: AI adoption is exceeding the capacity of IT security in many companies. This phenomenon is confirmed by numerous independent sources that have no comparable commercial interests.
The Allianz Risk Barometer 2026, based on a survey of 3,338 risk experts from 97 countries, reveals a remarkable shift in rankings: Artificial intelligence has climbed from tenth to second place among global business risks, surpassed only by cyber incidents, which have topped the list for the fifth consecutive year. In Germany, AI ranks fourth, accounting for 26 percent of mentions. The Allianz study notes that technological adoption often outpaces governance structures and regulation, thereby exacerbating legal risks.
IBM's Cost of a Data Breach Report 2025, based on the analysis of real-world security incidents, provides further insights. While the global average cost of data breaches decreased to $4.44 million, incidents involving so-called shadow AI cost an average of $4.63 million, $670,000 more than typical incidents. Shadow AI incidents already account for 20 percent of all data breaches. Particularly alarming is the finding that 97 percent of companies that suffered an AI-related security breach lacked adequate AI access controls.
The CrowdStrike Global Threat Report 2026 documents an 89 percent increase in AI-powered attack operations compared to the previous year. Attackers are using AI for purposes including reconnaissance, identity theft, and concealing their activities. Malicious prompts were injected into generative AI tools at more than 90 companies. Breakout time, the time from initial access to lateral movement within the network, has decreased to less than 30 minutes in some cases.
Shadow AI: The invisible epidemic in companies
One of the most significant factors behind the security problems of AI-first companies is not authorized AI use, but unauthorized use. Shadow AI, the use of AI tools without approval or oversight by the IT department, has reached a scale that most executives underestimate.
The data is clear: 98 percent of all organizations have employees using unauthorized applications, including AI tools. Nearly 90 percent of AI usage in companies is invisible to the organization. A Gartner survey of 175 employees found that 57 percent use personal GenAI accounts for work. One-third admitted to uploading confidential information to unauthorized tools. The amount of corporate data copied or uploaded to AI tools increased by 485 percent between 2023 and 2024. From 2024 to 2025, employee data flows to GenAI services increased thirtyfold.
The problem lies less in malicious intent than in a structural incentive conflict. Employees use AI tools because they want to be more productive. Sixty percent of employees agree that using unauthorized AI tools is worth the security risks if it helps them work faster. This presents IT security with a dilemma: Restrictive measures only drive usage deeper underground, while permissive attitudes further increase the attack surface.
Only 17 percent of companies have technical controls in place that can actually prevent the uploading of confidential data into AI tools. 63 percent have no formal AI governance policies whatsoever. A mere six percent of companies have an advanced AI security strategy. These figures demonstrate that the problem lies not primarily in the technology, but in a massive governance deficit.
🎯🎯🎯 Benefit from Xpert.Digital's extensive, five-fold expertise in one comprehensive service package | BD, R&D, XR, PR & Digital Visibility Optimization
Benefit from Xpert.Digital's extensive, five-fold expertise in a comprehensive service package | R&D, XR, PR & Digital Visibility Optimization - Image: Xpert.Digital
Xpert.Digital possesses in-depth knowledge across various industries. This allows us to develop tailored strategies precisely aligned with the requirements and challenges of your specific market segment. By continuously analyzing market trends and monitoring industry developments, we can act proactively and offer innovative solutions. The combination of experience and expertise generates added value and provides our clients with a decisive competitive advantage.
More information here:
The Billion-Dollar Paradox: Why Record Spending on AI Security Makes Your Business Less Secure
The skilled worker problem: An industry that cannot meet its own demand
The security gap in AI integration is exacerbated by a chronic shortage of qualified professionals. The global cybersecurity industry has a shortage of 4.8 million skilled workers. In the US alone, there is a lack of 225,000 mid-level specialists. The situation has not improved: In North America and Europe, the cybersecurity workforce has actually shrunk.
The qualitative dimension of this shortage is particularly problematic. According to an ISC2 study from 2025, 59 percent of surveyed professionals reported a critical or significant skills gap in their organizations, an increase of 44 percent compared to the previous year. AI security was cited as the most urgently needed skill (41 percent), followed by cloud security (36 percent). The impact of this shortage is directly measurable: 88 percent of professionals reported at least one negative consequence of the skills gap in their organization. A quarter stated that employees are assigned tasks that exceed their level of training.
This skills shortage explains a significant part of the Fastly study's findings. When companies integrate AI into their processes without having the personnel to modernize their security architecture at the same pace, a growing gap inevitably emerges. The problem isn't so much that AI is insecure, but rather the lack of people who can make it secure.
The economic dimension: Security spending at record levels, but misallocated?
The business world's response to the growing threat landscape is reflected in rising investments. Gartner forecasts global spending on information security to reach $240 billion by 2026, a 12.5 percent increase year-over-year. Compared to $193.5 billion in 2024, this represents an increase of nearly $47 billion in just two years. The AI-powered security market alone is projected to grow from $49 billion in 2025 to $160 billion by 2029.
However, the sheer amount of spending says little about its effectiveness. A worrying finding from the Thales study of 2025 shows that in 52 percent of the companies surveyed, AI security spending is cannibalizing existing security budgets. This means that funds for protecting AI systems are not being allocated additionally, but rather diverted from the budget for traditional security measures such as cloud data protection and identity management. This reallocation creates new vulnerabilities elsewhere.
IBM's data provides an insightful counterpoint. Companies that fully integrate AI and automation into their security architecture save an average of $1.9 million per security incident, with average costs of $3.62 million compared to $5.52 million for companies without such investments. The paradox is striking: The same technology that creates new attack surfaces simultaneously offers the most effective defense, provided it is deployed with appropriate controls.
Agentic AI: The next level of escalation of the attack surface
While the Fastly study documents the current state of affairs, the next escalation is already looming on the horizon. Agentic AI, meaning autonomous AI systems that independently perform tasks, access databases, and communicate across systems, is considered by 48 percent of cybersecurity experts to be the most important attack vector for 2026. This risk thus surpasses both deepfake threats and other AI-related dangers.
The fundamental problem: Every AI agent deployed in an enterprise environment generates a non-human identity that requires API access and machine-to-machine authentication. Traditional identity management systems were designed to authenticate humans, not machines. If a marketing team uses an AI agent to automate campaign analytics, it needs access to the CRM, the email platform, customer databases, and advertising APIs—four different systems, each with its own authentication requirements. Multiply this by the number of teams testing similar tools, and you can see how quickly the attack surface can spiral out of control.
In December 2025, the Open Web Application Security Project (OWASP) published its first top 10 list of agent-based applications, compiled by over 100 security experts from industry, academia, and government. Real-world attacks like EchoLeak and ForcedLeak, with critical CVSS scores of 9.3 and 9.4 respectively, demonstrate that these are not merely theoretical scenarios. The threat of compromised agents that autonomously replicate and exfiltrate data is already a reality.
The race between attackers and defenders: A structural imbalance
The security problems of the AI-first transformation ultimately reflect a fundamental structural imbalance. AI is lowering costs and barriers to entry for attackers faster than defenders can adapt their countermeasures. Generative AI makes it possible to create convincing phishing campaigns in minutes instead of days. The time required to create phishing bait has been dramatically reduced. Sixteen percent of all data breaches now involve the malicious use of AI tools by attackers, with 37 percent of these being AI-generated phishing campaigns and 35 percent being deepfake attacks.
On the defense side, there is a lack of not only personnel but also speed. While the average recovery time has decreased from 7.34 months in 2024 to 6.08 months in 2025, a reduction of 17 percent, this improvement was primarily achieved through post-incident reviews (52 percent of organizations) and the automation of response measures (43 percent). The fundamental architectural problems, particularly the lack of transparency regarding AI deployment and data flows, persist.
The real causes: Four systemic problems
The root causes of the security problems of the AI-first transformation can be traced back to four systemic flaws that go far beyond what the Fastly study addresses.
The first problematic development is the organizational decoupling of innovation and security. In many companies, AI projects are driven by business units or innovation teams, while IT security is treated as a secondary control process. The study shows that 51 percent of AI-first companies report a lack of clarity regarding who is responsible for incident response, compared to 23 percent of non-AI-first companies. This confusion is symptomatic of a lack of governance structures that embed AI security as an integral part of the AI strategy.
The second problem is the lack of technical controls coupled with an excess of policies. The data clearly shows that human-dependent measures such as training (used by 40 percent of companies), warning emails (20 percent), and written policies (10 percent) offer no demonstrable protection. Only technical controls—that is, automated blocking, real-time data classification, and unified governance platforms—provide measurable protection. Yet only 17 percent of companies have such controls in place.
The third problematic development is budget migration instead of budget expansion. When 52 percent of companies finance AI security expenditures from existing security budgets, the problem is not solved, but merely postponed. Securing new AI systems must not come at the expense of protecting existing infrastructure. Yet, this is precisely what is happening in practice.
The fourth negative development is market-driven haste. Competitive pressure to quickly deploy AI to avoid falling behind leads to security audits being skipped or shortened. Developers are using agentic AI with minimal security checks, including untested open-source MCP servers and code generated through so-called vibe coding. The result is a growing amount of vulnerable infrastructure that attackers will inevitably target.
The regulatory framework: The EU AI Act as a double-edged sword
The regulatory response to AI security challenges is taking shape, but it brings its own set of complexities. With 59 new AI-related regulations in 2024 alone, more than double the number from the previous year, companies face a perfect combination of security gaps, compliance violations, and competitive risks. The EU AI Act further intensifies the pressure and creates new liability issues, particularly regarding automated decision-making processes.
The Allianz study emphasizes that many companies now perceive AI not only as a strategic opportunity, but also as a complex source of operational, legal, and reputational risks. In many cases, implementation is progressing faster than governance, regulation, and corporate culture can keep pace. Nearly 55 percent of companies are unprepared for AI-related regulatory compliance.
The regulation addresses real problems, but it risks exacerbating the competitive disadvantage of European companies if compliance costs fall asymmetrically on innovative AI users. Companies that deeply integrate AI and thus reap greater economic benefits also bear the highest compliance burdens. Paradoxically, this could lead to European companies adopting AI more slowly without becoming more secure, because attackers do not adhere to European regulations.
The cost-benefit analysis: What AI-First really costs
A sober economic analysis of the AI-first strategy requires comparing the higher security costs with the productivity gains. The Fastly study highlights the cost side but largely ignores the benefits. AI-first companies are often more innovative, efficient, and competitive. The question is not whether AI integration incurs security costs, but whether the net effect remains positive.
IBM data provides an important clue here: Companies that fully adopt AI and automation reduce their average incident costs to $3.62 million, compared to $5.52 million for companies without AI-powered security. The savings of $1.9 million per incident, combined with an 80-day reduction in detection time, demonstrates that the solution lies not in less AI, but in better-managed AI.
Agentic AI can increase productivity five to tenfold. These enormous efficiency gains must be weighed against the additional costs of longer recovery times and higher damage costs. For most companies, the calculation should be positive, provided they simultaneously invest in security architecture. The real risk lies not in the use of AI itself, but in the illusion of reaping the benefits of AI without investing in AI security.
Opportunism or justified warning: A nuanced assessment
The initial question of whether the Fastly report represents opportunistic marketing or a justified warning cannot be answered in a binary way. Both elements are present, and their weight depends on the perspective.
The report is opportunistic, as it comes from a company that directly profits from the uncertainty it creates. Positioning WAAP solutions as the answer to the problems described is barely disguised product advertising. The DACH-specific data, with its small sample size and strikingly more extreme values than the global average, should be interpreted with caution.
At the same time, the report is a justified warning because the fundamental thesis that AI adoption is outpacing security modernization is supported by numerous independent sources. The Allianz Risk Barometer, IBM's Cost of a Data Breach Report, CrowdStrikes Threat Report, BigID's AI Risk Report, and Gartner's spending forecasts paint a consistent picture: The attack surface is growing faster than the defense capability.
The true causes of security problems at AI-first companies run deeper than Fastly suggests. It's not primarily about a lack of readily available security products, but rather organizational shortcomings: inadequate governance structures, insufficient personnel, misallocated budgets, and a cultural prioritization of speed over security. These structural problems cannot be solved by purchasing a web application firewall, however necessary such tools may be. They require a fundamental shift in how companies plan, approve, and monitor AI projects. The technology itself is not the issue. The problem lies in the lack of, and indeed the necessary, willingness to treat security as an equal partner to innovation.
Your global marketing and business development partner
☑️ Our business language is English or German
☑️ NEW: Correspondence in your native language!
Konrad Wolfenstein
I and my team are happy to be available to you as your personal advisor.
You can contact me by filling out the contact form here wolfenstein@xpert.digital:or simply call me at +49 7348 4088 965. My email address is
I'm looking forward to our joint project.
