July 24, 2025, Vilnius, Lithuania – As artificial intelligence becomes increasingly central to the operations of America's largest corporations, recent research reveals potential security vulnerabilities that could affect both organizations and their customers.
An analysis by cybersecurity experts at Cybernews examined AI deployments across the S&P 500 and uncovered close to 1,000 potential weak points that may lead to data exposure, theft of proprietary information, and erroneous AI actions.
The study found that 327 S&P 500 companies publicly report using AI tools in their operations in sectors including finance, healthcare, manufacturing, and energy.
While these tools have accelerated innovation and efficiency, safety measures have yet to fully catch up, leaving systems open to misuse or failure. This includes AI outputs that may be inaccurate or misleading, unintended disclosure of confidential data, and risks of corporate secrets being compromised.
Žilvinas Girėnas, head of product at nexos.ai, emphasized, “It's not enough to deploy AI and hope for the best. Businesses need to develop AI with the same safety standards as airplanes: constant oversight, clear guardrails, and a zero-trust approach. Every AI decision must be considered potentially wrong until proven correct, and every input must be monitored to prevent sensitive data from leaking or trade secrets from escaping.”
The potential vulnerabilities extend across multiple industries. Technology and semiconductor companies are especially vulnerable to data leaks and intellectual property risks. Financial institutions might face challenges protecting client data while ensuring AI does not reinforce unfair bias in lending.
Healthcare providers carry the added responsibility of protecting patients from flawed AI-driven recommendations. Meanwhile, industrial and infrastructure sectors must guard against disruptions that could affect critical services, such as power supply or supply chain operations.
For consumers, the consequences are tangible. Unsecured AI systems risk leaking private details – ranging from medical histories to financial records – while flawed AI judgments could influence decisions that directly affect people's health and finances.
As AI tools play a larger role in retail, banking, transportation, and other areas, protecting these technologies becomes essential for public protection.
The report highlights past incidents that illustrate these dangers. IBM's Watson once offered unsafe cancer treatment suggestions. Apple's credit system faced scrutiny after allegations of gender bias. Zillow's AI-driven pricing led to substantial financial losses. Additionally, Samsung experienced unintended source code disclosures due to inappropriate use of AI chatbots by employees.
“AI is becoming more deeply embedded in business operations, and the risks are multiplying. The lessons from all these incidents are clear: unchecked deployment without robust security and oversight leads to real-world failures,” said Martynas Vareikis, Security Researcher at Cybernews.
As AI further transforms businesses, past incidents and potential threats show how crucial it is to improve security strategies in parallel.
ABOUT CYBERNEWS
Cybernews is a globally recognized independent media outlet where journalists and security experts debunk cyber by research, testing, and data. Founded in 2019 in response to rising concerns about online security, the site covers breaking news, conducts original investigations, and offers unique perspectives on the evolving digital security landscape. Through white-hat investigative techniques, Cybernews research team identifies and safely discloses cybersecurity threats and vulnerabilities, while the editorial team provides cybersecurity-related news, analysis, and opinions by industry insiders with complete independence.
Cybernews has earned worldwide attention for its high-impact research and discoveries, which have uncovered some of the internet's most significant security exposures and data leaks. Notable ones include:
-
Cybernews researchers discovered multiple open datasets comprising 16 billion login credentials from infostealer malware, social media, developer portals, and corporate networks – highlighting the unprecedented risks of account takeovers, phishing, and business email compromise.
-
Cybernews researchers analyzed 156,080 randomly selected iOS apps – around 8% of the apps present on the App Store – and uncovered a massive oversight: 71% of them expose sensitive data.
-
Recently, Bob Dyachenko, a cybersecurity researcher and owner of SecurityDiscovery.com, and the Cybernews security research team discovered an unprotected Elasticsearch index, which contained a wide range of sensitive personal details related to the entire population of Georgia.
-
The team analyzed the new Pixel 9 Pro XL smartphone's web traffic, and found that Google's latest flagship smartphone frequently transmits private user data to the tech giant before any app is installed.
-
The team revealed that a massive data leak at MC2 Data, a background check firm, affects one-third of the US population.
-
The Cybernews security research team discovered that 50 most popular Android apps require 11 dangerous permissions on average.
-
They revealed that two online PDF makers leaked tens of thousands of user documents, including passports, driving licenses, certificates, and other personal information uploaded by users.
-
An analysis by Cybernews research discovered over a million publicly exposed secrets from over 58 thousand websites' exposed environment (.env) files.
-
The team revealed that Australia's football governing body, Football Australia, has leaked secret keys potentially opening access to 127 buckets of data, including ticket buyers' personal data and players' contracts and documents.
-
The Cybernews research team, in collaboration with cybersecurity researcher Bob Dyachenko, discovered a massive data leak containing information from numerous past breaches, comprising 12 terabytes of data and spanning over 26 billion records.
-
The team analyzed NASA's website, and discovered an open redirect vulnerability plaguing NASA's Astrobiology website.
-
The team investigated 30,000 Android Apps, and discovered that over half of them are leaking secrets that could have huge repercussions for both app developers and their customers.