AI is no longer a niche technology. By 2025, it is becoming a fundamental part of your business strategy for most Fortune 500 companies. Currently, they are all using AI, but the approach they implement is different. CyberNews researchers warn The risks when the rulebook is not written yet.
AI is already integrated with core operations, from customer service to strategic decision-making. And there are some serious risks to this.
“Large companies are jumping quickly to the AI bandwagon, but the risk management section is lagging behind. Companies are exposed to new risks associated with AI,” warns Aras Nazarovas, senior security researcher at Cybernews.
What does AI find about AI on the Fortune 500 company website?
CyberNews researchers analysed the websites of Fortune 500 companies and found that a third of companies (33.5%) focused on a wide range of AI and big data capabilities rather than specific LLMs. They emphasized AI for general purposes such as data analysis, pattern recognition, and system optimization.
Over a fifth of companies (22%) emphasized the adoption of AI for functional applications across a variety of specific domains. These entries explain how AI is used to address business issues such as inventory optimization, predictive maintenance, and customer service.
For example, dozens of companies are already using AI to explicitly mention it using customer service, chatbots, virtual assistants, or automating interactions with related customers. Similarly, companies say they use AI to automate “entry-level positions” in areas such as inventory management, data entry and basic process automation.
Some companies like to bring things into their own hands and develop their own models. Approximately 14% of companies specify their own internal or unique LLM as their focus, such as Walmart's Wallaby or Saudi Aramco metabolites.
“This approach is especially common in industries such as energy and finance where specialized applications, data management and intellectual property are important concerns,” says Nazarovas.
A similar number of companies have made AI strategically important and demonstrated AI integration within the organizational overall strategy.
Only 5% of companies proudly declare their dependence on external LLM services from Shird Party providers, leveraging providers such as Openai, Deepseek AI, Anthropic, and Google.
However, there are a tenth of companies that vaguely mention AI use, without specifying the actual product or its use.
“Only a small number of companies (~4%) mention hybrid or multiple approaches to AI, but blend their own open source, third-party, and other solutions, but this approach may be more common as the experimental phase is still ongoing,” says Nazarovas.
The data suggests that companies do not want to explicitly name the use of AI tools. Only 21 companies mention their use of Openai, Deepseek (19), Nvidia (14), Google (8), Anthropic (7), Meta Llama (6), and Cohere.
Meanwhile, for comparison, Microsoft boasts that over 85% of Fortune 500 companies use AI solutions. Other reports suggest that 92% of 500 companies use Openai products.
AI is here and there are risks too
YouTube's algorithm recently flagged a video by technology reviewer and developer Jeff Geerling for violating community guidelines. The automated service determined that the content would “explain how to obtain unauthorized or free access to audio or audiovisual content, software, subscription services, or games.”
The problem is that YouTubers never explained “any of such things.” He sued, but his appeal was denied. However, after the noise on social media, the video later revived after Geerling estimated it was a “human review process.”
Many small creators may never receive similar treatments.
This story is just the tip of the iceberg of AI adoption risk. CyberNews researchers have listed more:
- Data Security/Leak: This is the most commonly mentioned security concern and appears in a considerable number of entries in all industries. Issues related to protecting sensitive data, including personally identifiable information (PII), health information and operational data, are consistently highlighted.
- Quick injection: Vulnerabilities related to fast operation and unstable input are also frequently noticed, especially in the context of chatbots, search engines, and other interactive AI systems.
- Model Integrity/Addict: Concerns about LLM integrity and the potential for addiction training data exist in particular in their own models. This includes risks associated with biased output and manipulated model behavior.
- Critical Infrastructure Vulnerabilities: For organizations operating in critical infrastructure sectors (energy, utilities, etc.), the security of AI integrated into control systems and operational technologies is a major risk.
- Intellectual Property Theft: Protecting their own LLM, algorithms, and AI-related intellectual property is a concern, especially for companies that invest heavily in internal AI development.
- Supply Chain/External Risk: Risks related to third-party LLM providers, partner LLMS, and the broader AI supply chain are also mentioned, highlighting the need for secure vendor management and risk assessment.
- Bias/Algorithm Bias: There are concerns about bias in LLM output and algorithmic decision-making, highlighting the need for fairness and ethical considerations in AI development and deployment.
- Unstable output: In particular, applications where AI responses directly affect the user or system, there are recognized risks associated with LLMs that produce harmful, misleading, or unsafe output.
- Lack of transparency/governance: Issues related to the lack of transparency in LLM's decision-making processes and the need for a robust AI governance framework are also highlighted.
“For example, critical infrastructure and healthcare sectors often face unique and sophisticated security vulnerabilities,” Nazarovas said.
“If businesses begin to tackle new challenges and risks, they could have a major impact on consumers, industries and the broader economy over the next few years.”
Reckless AI adoption
“AI was rapidly adopted across the enterprise long before serious attention was paid to its security. It's like the incredible thing raised without supervision. It's very reckless. In an environment without proper governance, it publishes delicate data, introduces poisoned input, and Fortune 500 companies embrace AI, but Ruleis norbutas still writes about it.
Emmanuelis adds: “As adoption deepens, protecting model access is not enough. Organizations need to control how AI actually uses them. From setting input and output boundaries, they need to enforce role-based permissions and track how data flows through these systems.
General strategies to mitigate risk
Regulations on artificial intelligence (AI) in the United States currently feature a mix of federal and state efforts, and comprehensive federal laws have not yet been established.
Several frameworks and standards have emerged to address AI and LLM security.
The National Institute of Standards and Technology (NIST) has released the AI Risk Management Framework (AI RMF). It provides guidance on managing the risks associated with AI for individuals, organizations, and society.
The EU has passed the AI Act, a regulation aimed at establishing the legal framework for AI in the European Union. The Act raises the requirements for high-risk AI systems, including security and transparency obligations.
ISO/IEC 42001 is another international standard that specifies requirements for establishing, implementing, maintaining, and continually improving an AIMS. It focuses on risk management and ensuring the development and use of responsible AI.
“The problem with the framework is that the rapid evolution of AI surpasses the current framework, presenting additional hurdles, ambiguous guidance, compliance challenges and other limitations,” Nazarovas said. “Although frameworks don't always provide effective solutions to specific issues, they can get tensions for businesses when implemented.”
