By 2027, more than 40% of AI-related data breaches will be caused by the improper use of generative AI (GenAI) across international borders, according to a new report by Gartner, Inc. The rapid adoption of GenAI has outpaced the development of robust security and governance measures, leading to growing concerns about data localization and oversight. Organizations integrating GenAI tools into their operations may unknowingly transfer sensitive data across borders, exposing themselves to compliance risks.

Joerg Fritsch, VP Analyst at Gartner, highlighted the dangers of unintended data transfers, particularly when GenAI is embedded into existing systems without clear disclosure. Many organizations have started noticing changes in the content produced by employees using AI-powered tools. While these technologies offer productivity benefits, they also pose security risks, especially when confidential information is processed through AI systems hosted in unknown locations.

The lack of standardized global AI governance frameworks is exacerbating the problem, causing operational inefficiencies and market fragmentation. Businesses are being forced to implement region-specific compliance strategies, making it difficult to scale operations globally. Managing AI-driven data transfers amid localized regulations increases complexity, creating additional challenges in ensuring data security and compliance. Gartner predicts this growing need for security will drive significant investments in AI governance, security, and compliance solutions.

By 2027, AI governance is expected to become a legal requirement under sovereign AI regulations worldwide. Organizations that fail to implement the necessary governance structures may struggle to compete, particularly those lacking the resources to adapt their data governance models quickly. Gartner warns that businesses must act now to stay ahead of regulatory mandates and avoid costly compliance failures.

To mitigate risks associated with cross-border GenAI misuse, Gartner recommends that enterprises take proactive steps to strengthen AI governance. This includes enhancing data security frameworks, establishing AI oversight committees, and leveraging advanced encryption and anonymization techniques to protect sensitive information. Additionally, organizations should invest in AI Trust, Risk, and Security Management (TRiSM) solutions to filter prompts, manage data security, and reduce misinformation in AI-generated outputs. Gartner forecasts that by 2026, companies implementing AI TRiSM controls will reduce their exposure to inaccurate or manipulated data by at least 50%, leading to more reliable decision-making.

For further insights, Gartner clients can access the report Predicts 2025: Privacy in the Age of AI and the Dawn of Quantum. Additionally, security and risk management leaders can gain expert guidance at the upcoming Gartner Security & Risk Management Summits, scheduled to take place in Sydney, India, Dubai, National Harbor, Tokyo, São Paulo, and London.