We've watched this movie before. The opening act is always the same: a new and powerful enterprise technology capability arrives, and its benefits are so compelling that organizations sprint into adoption without adequately considering, let alone addressing, the risks. This same plot unfolded with the PC and networking, then with the rise of e-commerce and the Internet, mobile computing, and, more recently, virtualization and cloud computing.
Now, another sequel has reached the enterprise: AI is becoming ubiquitous. The antagonist, as always, reveals itself fully in the second act: security controls meant to govern the new capability fail to keep pace with accelerating, evolving risk. The foreshadowing is never subtle: cybersecurity warnings are issued early, but like the mayor in Jaws and the cast of every horror movie, the characters never listen. And so the third act plays out predictably and on schedule: the criminals and adversaries take full advantage.
The 2026 State of Analytics Engineering report from Dbt Labs, released today, shines a light on how this plot is unraveling again with AI, inside the data pipelines that power nearly every major business decision. AI is outpacing trust and governance, and the consequences for cybersecurity, audit, and data protection are mounting.
AI acceleration is real. So is the widening governance gap.
Dbt Labs' survey of 363 data practitioners and leaders found 72% of respondents prioritize AI-assisted coding in their development workflows. Among data leaders (defined as executives and managers who oversee data teams) that number climbs to 77%. What was aspirational in 2024 is now operational, embedded in how teams write SQL and Python, draft documentation, and generate stakeholder-facing insights from natural-language prompts.
"AI has done for data what Amazon Prime did for shopping — speed is now the expectation," the report quoted Kasey Mazza, director of data science at HubSpot, as saying. The survey bears that out: the share of respondents who cite speed as an important performance priority jumped from 50% in 2025 to 71% in 2026. The implication for security teams is that the velocity of data moving through the enterprise has fundamentally shifted, and the controls governing that data were built for a slower tempo.
Related:
George V. Hulme
, and CYBR.SEC.Media
The problem is what's not keeping pace. While 72% of respondents prioritize AI-assisted coding, only 24% prioritize AI-assisted pipeline management: the validation, testing, observability, and quality controls that determine whether AI-generated output can be trusted. That's a three-to-one ratio of acceleration to governance, and it represents exactly the kind of gap adversaries exploit.
"In so many data initiatives, many organizations realize they can't do what they need because the data foundation is not where it needs to be," Jonathan Feldman, CIO at Wake County, says. That foundation includes data hygiene, data governance, and data security. None of which are optional when AI is operating on enterprise data at scale. "AI has created a real business case for data governance," Feldman adds. For years, governance has been a hard sell internally: necessary but unglamorous, easy to deprioritize when budgets tighten. AI may be changing that calculus, because the cost of ungoverned AI outputs reaching executives, customers, or regulators is too visible to ignore.
"Data governance and data security are going to continue to grow just because of the sheer amount of data that AI needs to consume to be any good," adds Joe Batista, founder of M37 Advisory. The more data AI ingests, the larger the attack surface and the more consequential every gap in ownership, classification, and access control becomes.
The people closest to the risk are the most worried
The consequences of the governance gap are not theoretical. A striking 71% of respondents say they are concerned about hallucinated or incorrect data reaching stakeholders or executives. But the more telling finding is the split between those who build the pipelines and those who oversee them: 68% of practitioners, the people closest to the actual work, are worried about sensitive data being exposed to large language models or other security risks. Their leaders are somewhat less concerned, at 61%. Proximity to implementation sharpens the perception of risk, and that seven-point gap should concern any CISO whose threat assessments depend on executive buy-in.
Data confidentiality is threatened when sensitive business data flows into poorly governed LLMs. Integrity is exposed when AI-generated insights reach executive dashboards without proper validation. And data availability faces pressure from a widening gap between rising infrastructure costs and flat team budgets: 57% of teams report increased warehouse and compute spend, while only 36% report increased budgets. Teams are being asked to do more, move faster, and govern better, with resources that aren't expanding at the same rate.
Meanwhile, 41% of respondents cite ambiguous data ownership as an ongoing challenge, and poor data quality remains the most frequently reported obstacle at 53%. When AI systems operate on data with unclear ownership and inconsistent quality controls, the outputs inherit those flaws and deliver them faster, at greater scale, to more stakeholders than any human analyst ever could.
"AI won't fix a messy foundation. It just makes the lack of discipline much more visible," the report quoted Bruno Lima, lead data engineer at phData, as saying. For cybersecurity teams, the translation is direct: AI doesn't create new categories of data risk so much as it accelerates and amplifies the ones that already exist. Unresolved ownership disputes become unauthorized access paths. Poor data quality becomes poisoned model input. Inadequate testing becomes undetected data exfiltration.
The third act doesn't have to end the same way
This is the point in the movie where the audience already knows how it ends. The technology is embedded. The governance hasn't caught up. The warnings have been issued. If the script follows the pattern set by every previous wave of enterprise technology — PCs, the Internet, mobile, cloud — the next scenes involve breaches, regulatory penalties, and a belated scramble to bolt on controls that should have been built in from the start.
But the Dbt Labs survey also reveals something the previous sequels didn't have: awareness at scale. Trust in data has surged as an organizational priority, climbing from 66% to 83% year over year. The steepest single-year increase of any measured objective. The practitioners closest to the data are raising alarms, not ignoring them. The gap between what teams are doing and what they know they should be doing is not a gap of ignorance; it's a gap of execution and resources.
That distinction matters because it means cybersecurity teams' opportunity is not to sound the alarm. It's already sounding. They need to sell the revised script to management and close the gap between awareness and action. The 72% of teams prioritizing AI-assisted coding need security embedded in those workflows, not bolted on after. The 24% prioritizing pipeline management needs to become the majority. And the seven-point perception gap between practitioners and leaders needs to narrow, because the people building the pipelines see risks their executives don't yet fully appreciate.
Once again, the characters in this movie are aware they're in a horror film. The question is whether they act on that awareness, or whether the third act plays out the same way it always has.
