What executives fear—and how to respond
Our survey of enterprise leaders finds that AI’s biggest dangers sit at the intersection of business and security: data leaks, IP exposure, adversarial threats, and the strategic risk of falling behind. Data and privacy rated as the top concern, with security close behind, while leaders also flagged governance gaps and model reliability as growing pain points. The takeaway is clear: success hinges on pairing adoption with practical controls, adversarial testing, and a staged roadmap.
Points clés
- The study was authored by Keri Pearlson (MIT Sloan School of Management) and Rajiv Dattani (AIUC) and published August 25, 2025, with support from MIT Sloan and AIUC.
- The June 2025 survey captured 28 executives via ASFAI: 36% CEOs/partners, 32% technical executives (CTO/CISO/CRO), 32% other executives; sectors included technology (32%), finance (25%), healthcare/pharma (21%), and media (7%).
- Six risk constructs framed the research: Data & privacy, Security, Safety, Society, Accountability, and Reliability.
- Business risks most cited were data security & privacy (8 mentions), adoption & scaling challenges (4), compliance & governance (3), competitive/strategic risk (3), and reliability/model risk (3).
- Security risks most cited were data security & breaches (9 mentions), IP risks (4), malicious actors & threats (3), privacy risks (3), and ransomware/cyberattacks (2).
- Data & privacy ranked as the top concern with 82% selecting strong/significant concern and an average score of 4.25/5; security followed with 75% strong/significant and a 3.96/5 average.
- At least 80% expressed concern across all areas; only two categories registered any “no concern”: Society (7%) and Reliability (4%); none rated Data & privacy, Security, Safety, or Accountability as “no concern.”
- Consolidated risk categories showed data security, privacy & IP risks dominating (20 mentions), followed by governance/compliance/oversight (9), model reliability & safe deployment (7), people/skills/culture (7), adoption/scaling/competitive risk (7), malicious actors & threats (5), and financial/reputation risk (2).
- Real-world signals underscore the stakes: McDonald’s AI hiring platform exposed 64 million applicant records; Microsoft Copilot faced a zero-click flaw enabling data access without user interaction.
- Immediate actions recommended: strengthen data governance and access controls, institutionalize adversarial resilience testing (red-teaming, prompt-injection simulations), and balance competitive adoption with capability building via sequenced, lower-risk pilots.
À retenir
Start with the unglamorous bits: lock down data, tighten access, and please don’t paste your “secret sauce” into public models—no matter how charming the chatbot. Run regular AI red teams and fire drills so the first time you meet a prompt injection isn’t on a Tuesday at 3 a.m. And pace yourself: pilot low-risk use cases, train your people, and grow the governance as you scale—because “move fast and break things” is less cute when the thing is your IP.
Sources
Quiz sur le document: 10 questions
