A new research report from Harness, "The State of AI-Native Application Security 2025," reveals a critical visibility crisis within modern enterprises as the rapid adoption of AI outpaces security controls. The study found that the majority of organizations are already experiencing security incidents related to AI, with most security practitioners believing that "shadow AI"—the unsanctioned use of AI components—will eclipse the risks once associated with shadow IT, creating a vast and unmonitored attack surface.
Quick Intel
Harness research exposes a major AI visibility crisis in enterprises.
75% of security pros say shadow AI is riskier than shadow IT was.
62% of organizations have no visibility into where LLMs are being used.
Incidents like LLM prompt injection (76%) are already widespread.
AI apps evolve faster than security can keep up, according to 75% of respondents.
A collaboration gap exists, with only 34% of developers notifying security about AI projects.
The research highlights that AI sprawl is creating a security blind spot more significant than previous challenges like API sprawl. A overwhelming majority of security teams report having no visibility into where large language models (LLMs) are deployed across their organization. This lack of oversight has direct consequences, with a high percentage of enterprises already reporting security incidents involving prompt injections, vulnerable LLM code, and model jailbreaking, indicating that AI-native applications are already under active attack.
A central theme of the crisis is a significant collaboration breakdown between development and security teams. While the majority of new enterprise applications are now built with AI components, developers often lack the time, training, or incentive to implement comprehensive security from the start. The report shows that most developers do not notify security teams before beginning AI projects, and a prevailing perception remains among security leaders that developers view security as a blocker to innovation, widening the security gap.
According to Harness's Field CTO, the dynamic nature of AI has rendered traditional security tools inadequate. "Shadow AI has become the new enterprise blind spot," said Adam Arellano, Field CTO at Harness. "Traditional security tools were built for static code and predictable systems — not for adaptive, learning models that evolve daily. Security has to live across the entire software lifecycle — before, during, and after code — so teams can move fast without losing visibility or control."
The rapid and often ungoverned integration of AI is fundamentally redrawing the enterprise attack surface. Without immediate action to gain visibility, enforce shared governance, and embed security directly into the AI development lifecycle, organizations face an accelerating cycle of risk. Building AI-native security resilience requires a unified approach where security and development operate as one to manage this new frontier of threats.
About The Research
This report is based on a survey of 500 security practitioners and decision makers responsible for securing AI-native applications, commissioned by Harness and conducted by independent research firm Sapio Research. The sample included 200 respondents in the United States, and 100 each in the UK, Germany, and France.
About Harness
Harness is the AI DevOps Platform™ company, enabling engineering teams to build, test, and deliver software faster and more securely. Powered by Harness AI and the Software Delivery Knowledge Graph, the platform brings intelligent automation to every stage of the software delivery lifecycle after code—removing toil and freeing developers from manual, repetitive work. Companies like United Airlines, Citibank, and Choice Hotels use Harness to accelerate releases by up to 75%, cut cloud costs by 60%, and achieve 10× efficiency across DevOps. Based in San Francisco, Harness is backed by Menlo Ventures, IVP, Unusual Ventures, and Citi Ventures.
TechIntelPro empowers B2B technology decision-makers with the latest industry trends, deep insights, leadership perspectives and actionable intelligence to drive both organizational and professional milestones—and thrive on the tech pulse.