During the June 2026 Gartner Security & Risk Management Summit in National Harbor, Md., several analysts identified a need for organizations to evaluate and strengthen their security controls against four specific threat vectors. According to John Watts, VP analyst at Gartner, the most pressing issues for enterprises are deepfakes, software supply chain risks, prompt injections, and AI application compromises.
These four areas rank at the top of Gartner's 2026-27 ThreatScape chart, which measures threat actor signals against the effectiveness of current enterprise security capabilities. In these specific areas, threat actors currently hold an advantage because many standard security solutions are not yet calibrated for these methods. Throughout the conference, analysts advised organizations to refine their security postures and update internal policies to better protect their environments.
Deepfakes and software supply chain risks
Deepfakes are now a confirmed operational risk for enterprises. Gartner data shows that 62% of organizations have encountered some form of deepfake social engineering or attempts to bypass facial and voice recognition systems. Zachary Smith, director analyst at Gartner, noted that the AI market evolves so rapidly that detection tools currently in use may quickly lose their efficacy.
To protect systems, Smith recommends a layered security approach. Organizations should implement additional authentication requirements and deploy tools that detect caller ID spoofing and SIM swapping. Relying solely on deepfake detection is unnecessary; a failed authentication check will independently prevent an incident. Bryson Byrd, cybersecurity adviser at Huntress, also emphasizes that multifactor authentication must now extend beyond standard passwords to all verification processes.
Supply chain risks also continue to evolve. Watts pointed out that the environment now includes automated worms like Shai-Hulud, which act as a force multiplier for threat actors sweeping for credentials, secrets, and repository access. Organizations frequently struggle to secure code on third-party platforms. While platforms like GitHub offer native security features such as secrets scanning, development teams sometimes bypass them, exposing sensitive data. Watts noted that despite recent improvements, the NPM ecosystem remains highly complex and challenging to secure.
Organizations must apply strict controls around their software and development environments to mitigate these risks. Recommended controls include enforcing strong version-control policies, implementing structured secrets management, and applying the principle of least privilege throughout CI/CD pipelines.
Prompt injections and AI application security
Prompt injections present an ongoing challenge, significantly compounded by the rapid adoption of AI agents. Watts detailed the risk of indirect injection techniques, where threat actors plant unauthorized prompts in webpages and wait for autonomous agents to process them. Google data indicates a 32% increase in indirect prompt injection attempts between November 2025 and February 2026. Watts warned that once an autonomous execution chain processes unauthorized instructions, the system state becomes exceedingly difficult to recover.
Relying on security vendors that simply filter for known malicious keywords is insufficient for this threat model. Dennis Xu, research VP at Gartner, noted that preventing 100% of prompt injections and jailbreaking attempts remains technically impractical. Instead, organizations should perform rigorous security assessments and red teaming exercises on their AI systems to identify and resolve injection vulnerabilities.
Finally, AI application compromises are expanding rapidly. Watts reported 2,130 AI-related CVEs disclosed in 2025, representing a nearly 35% year-over-year increase. These compromises often originate from memory poisoning techniques or insecure infrastructure resources. Scaling AI applications inherently expands an organization's exposure area.
The rapid deployment of popular open-source AI frameworks, such as OpenClaw, illustrates this risk. Since its launch earlier in the year, OpenClaw has been widely deployed, often without secure baseline configurations—leading to multiple critical vulnerabilities. Watts noted that external scans still reveal internet-facing OpenClaw instances running with administrative rights. Organizations must establish firm deployment controls and security standards for integrating these frameworks safely.
About the original reporting
The data and event coverage referenced in this summary stem from original reporting by Rob Wright, Senior News Director at Dark Reading. Wright holds a journalism and English degree from the University of Richmond (1997) and has more than 25 years of experience in technology journalism, previously working at TechTarget's SearchSecurity, CRN, Tom's Hardware Guide, and VARBusiness Magazine. A winner of three Virginia Press Association awards and several Azbee awards. Including the 2026 National Silver Award for a series on vibe coding—he currently covers security operations, cloud security, and Internet infrastructure.