At the World Economic Forum in Davos, Switzerland, top executives from EY and KPMG have raised urgent concerns about AI security vulnerabilities, particularly around the emerging threat of AI agents and their lifecycle management. These concerns are overshadowing discussions about potential AI market bubbles, signaling a fundamental shift in how business leaders are approaching AI implementation.
Raj Sharma, EY’s global managing partner of growth and innovation, highlighted a critical gap in AI security infrastructure, specifically regarding AI agents that operate with access to sensitive corporate data but lack the identity tracking and accountability measures applied to human users. Unlike traditional computer systems where every human interaction is logged and monitored, AI agents currently operate in a security gray zone. “We have to build industrial-level security for AI agents in that particular area,” Sharma emphasized, noting that despite industry rhetoric, the security framework remains immature.
Tim Walsh, CEO of KPMG US, echoed these concerns, revealing that cyber risk related to AI is now the most frequent topic he discusses with CEOs. The security challenges posed by AI agents have become so significant that some companies are delaying their AI deployment timelines to ensure proper security measures are in place. Walsh noted that organizations are even choosing to keep data on-premises longer than planned to maintain better control over data security.
Adding another layer of complexity, Walsh identified quantum computing as a looming threat that could fundamentally undermine current security infrastructure. “Quantum breaks everything,” Walsh warned, referring to quantum computing’s potential to crack all existing encryption methods. While acknowledging that fully developed quantum computing is still years away, the threat is serious enough that companies are already beginning the massive undertaking of re-encrypting their systems.
KPMG is actively helping clients navigate these challenges, advising on security architecture, implementation strategies, and realistic timelines for securing AI systems against both current and future threats. The message from Davos is clear: AI security is no longer a secondary consideration but a primary barrier to widespread AI adoption in enterprise environments.
Key Quotes
It has access to your data. It has no name, so there is no identity or anything associated with that.
Raj Sharma, EY’s global managing partner of growth and innovation, explained the fundamental security problem with AI agents—they operate with data access but without the identity tracking and accountability measures that govern human users in corporate systems.
We have to build industrial-level security for AI agents in that particular area. To me, that’s still a gap that somebody needs to work on. Everybody’s talking a good game. But if you look under the covers, it’s still not mature.
Sharma’s assessment reveals that despite industry claims, the security infrastructure for AI agents remains underdeveloped, representing a critical vulnerability that keeps executives awake at night.
Quantum breaks everything. I mean, all encryption.
Tim Walsh, CEO of KPMG US, described the existential threat quantum computing poses to current cybersecurity measures, emphasizing that this future technology could render all existing encryption methods obsolete.
It’s not that they’re not moving forward, but they are taking a moment to make sure that their environment is secure, and perhaps even leaving data on-prem a little bit longer so they’re confident that got their data security in place.
Walsh revealed that security concerns are causing companies to pause or slow their AI deployment plans, with some choosing to delay cloud migration to maintain better control over data security during the transition to AI systems.
Our Take
The convergence of AI agent vulnerabilities and quantum computing threats represents a perfect storm for enterprise security. What’s particularly striking is how these concerns are translating into real business decisions—delayed deployments, extended on-premises infrastructure, and significant consulting engagements. This suggests we’re entering a phase where AI security becomes a competitive differentiator rather than just a compliance checkbox.
The irony that AI must be used to fight AI-related threats highlights the recursive nature of this challenge. We’re essentially in an arms race where both attack and defense vectors are being AI-powered simultaneously. The companies that solve AI agent identity management and quantum-resistant encryption first will likely capture enormous market value. This also suggests that AI adoption curves may be flatter than predicted, not due to lack of interest but due to necessary security infrastructure buildout.
Why This Matters
This story reveals a critical inflection point in enterprise AI adoption, where security concerns are actively reshaping deployment strategies and timelines. The fact that top executives from two of the world’s largest consulting firms are prioritizing AI security over bubble concerns indicates that the industry is maturing beyond hype into practical implementation challenges.
The AI agent security gap represents a fundamental architectural problem that could slow the AI revolution if not addressed quickly. As companies increasingly deploy autonomous AI systems with access to sensitive data, the lack of identity management and accountability frameworks creates unprecedented risk exposure. This is particularly significant as AI agents become more sophisticated and autonomous.
The quantum computing threat adds urgency to an already complex security landscape, forcing companies to think years ahead about encryption strategies. The combination of immediate AI security gaps and looming quantum threats could create a multi-billion dollar security industry focused specifically on AI protection. For businesses, this means AI implementation costs and timelines may need significant adjustment, while for cybersecurity companies, it represents a massive growth opportunity.
Related Stories
- CEOs Express Insecurity About AI Strategy and Implementation
- How to Comply with Evolving AI Regulations
- OpenAI Lost Nearly Half of Its AI Safety Team, Ex-Researcher Says
- Business Leaders Share Top 3 AI Workforce Predictions for 2025
- IBM CEO’s Vision on AI’s Future and Business Impact
Source: https://www.businessinsider.com/ai-security-risks-worry-ey-kpmg-execs-cybersecurity-davos-2026-1