Organizations are rapidly embedding artificial intelligence into mobile applications, but many lack visibility into how those systems operate and the risks they introduce, according to new research from mobile application security firm NowSecure.
The company's 2026 Mobile App Risk Management Survey found that while AI has become nearly ubiquitous in enterprise mobile environments, governance and security programs are struggling to keep pace.
The survey, based on responses from 485 senior mobile security leaders across finance, healthcare, retail and technology sectors, found that:
- 95% of organizations now use AI capabilities in mobile applications. However:
- 37% said they cannot fully see what those AI systems are doing, creating potential blind spots around data handling, privacy and security.
- Generative AI emerged as the most common use case, followed by AI-powered analytics and automation features.
The findings suggest mobile security teams are facing a dual challenge: managing increasingly complex applications while simultaneously governing AI functionality that may be embedded deep within software components and third-party services.
Security incidents remain common across mobile environments. According to the survey:
- 66% of enterprises experienced a mobile application security incident during the past 12 to 24 months.
- Nearly one-third (29%) reported a major breach that resulted in data exposure, account takeover or operational disruption.
At the same time, organizations are becoming increasingly dependent on third-party software components.
- The survey found that 68% of respondents said more than half of their mobile application code now comes from third-party SDKs and libraries.
- That growing reliance appears to correlate with higher security risk. Organizations whose applications exceeded the 50% threshold for third-party code experienced incident rates more than twice as high as those with lower levels of external code dependencies.
More on AI in security:


The relationship highlights a growing software supply chain challenge for mobile security teams. Modern mobile applications frequently incorporate dozens of external libraries, analytics platforms, advertising frameworks, authentication tools and AI services, many of which operate with limited visibility into their underlying behavior. Security leaders surveyed by NowSecure indicated that understanding what those components collect, process and transmit remains a significant challenge.
The survey arrives as enterprises continue expanding mobile-first business strategies and integrating AI capabilities into customer-facing applications. While AI features can accelerate development and improve user experiences, security experts have warned that organizations often lack the tools and processes needed to monitor AI-related data flows, third-party dependencies and emerging compliance obligations.
Taken together, the findings point to a widening gap between mobile application innovation and mobile application governance. AI adoption continues to accelerate, third-party code increasingly dominates application development, and security incidents remain widespread. For many organizations, the challenge is no longer whether AI and third-party components are present in mobile apps, but whether security teams have enough visibility to understand the risks they introduce.

