Data breaches are rising in AI and development environments, reflecting insufficient safeguards
Across the board, we’re seeing security crack where speed and innovation are prioritized without the guardrails. Sixty percent of organizations working in software testing, AI, and analytics environments reported a data breach or theft in the past year. That’s not noise, that’s an 11% increase from the previous year. If you’re running development cycles with sensitive data in non-production environments, you’re more exposed than you think. Encryption doesn’t solve everything. Without proper controls, you’re generating value while leaving the vault wide open.
The critical takeaway here is the structural oversight. Development, test, and analytics teams are working faster than ever. But they’re often working with real production data in places where production-grade security measures don’t apply. That’s where the threat materializes. It doesn’t make sense to accelerate AI and digital systems while lagging in foundational data protections.
We’re not talking hypothetical risk. If your test pipeline or AI training platform holds sensitive records, financials, identifiable user data, it’s a target. Attackers look for the weak links outside production, and testing environments too often fit that profile.
Business leaders need to understand the delta here: we have the capability to innovate quickly and securely, but that means shifting how we think about where data lives and how it moves internally. If you’re serious about building resilient infrastructure in the AI era, thinking ahead on security isn’t optional, it’s operational survival.
Organizations tolerate compliance risks in non-production systems to support data-driven innovation
Even knowing the risks, most companies still make exceptions. The Perforce report shows that 84% of organizations allow compliance exceptions in non-production environments. That might sound like a technical detail, but it’s not. It’s a strategic decision that leaves doors open, doors regulators and attackers are both willing to walk through.
Why do they do it? Because 65% say the data in these systems drives decisions. And yes, data matters. Real data brings accuracy to AI models, makes testing reflect market behavior, and powers insights that can feed growth. But storing that data in low-visibility environments opens up audit and compliance trouble. In fact, 32% of organizations report audit issues, and 22% have already paid the price, literally, with regulatory fines.
This is a systems-level tradeoff: innovation now, or compliance later. But it’s a false choice. You can get both, speed and safety, if you implement intelligent privacy tech. Static masking, synthetic data, and dynamic provisioning aren’t “nice-to-haves.” They’re the bridge between compliance and momentum. The assumption that these tools slow teams down is just outdated thinking.
If you’re running a company at scale, you don’t want growth built on fragile compliance workflows. You want data pipelines that move fast, legally, securely, and without manual gaps. That’s risk design. Make your systems intelligent by default, and compliance becomes automatic, baked in, not bolted on.
Organizations show contradictory views on AI data use and related security concerns
Here’s where things get inconsistent. According to the Perforce data, 91% of organizations think it’s acceptable to use sensitive data to train AI models. In parallel, 82% believe the process is safe. But then, 78% express serious concern about data theft during model training. And 68% are worried about privacy audits and compliance risks connected to AI development.
So what’s going on? It’s clear there’s confidence in the technology, but hesitation around execution. It’s not just policy friction, it’s lack of clarity. Internal teams often push hard to adopt AI initiatives, while compliance officers raise flags that leadership hasn’t fully addressed yet. This results in fast-growing AI systems with inconsistent risk frameworks sitting underneath them.
That tension is already surfacing. Companies are investing significant resources into AI, but many still don’t have baseline governance around how their data is collected, labeled, and used. Using real customer data to train models, especially personally identifiable information (PII), is a high-risk move without strict access controls and privacy filters in place. Steve Karam, Principal Product Manager at Perforce, said it well: “You should never train your AI models with personally identifiable information (PII), especially when there are secure ways to rapidly deliver realistic but synthetic data into AI pipelines.”
This isn’t about slowing AI development. It’s about making it sustainable, and making sure your AI teams aren’t building risk into the core architecture. If your model training process isn’t secure, audits and breaches aren’t theoretical outcomes, they’re just delayed outcomes.
Data privacy investments are increasing, especially in synthetic data and masking technologies
The shift is already underway. Organizations are realizing that old habits, like using real datasets in unsecured development environments, aren’t viable anymore. According to the report, 86% plan to invest in AI data privacy tech within the next one to two years. Almost half, 49%, are using synthetic data already. And 95% continue to use static masking to control access to sensitive records.
The momentum is there. These tools give your teams the ability to test, iterate, and train AI systems without putting real user data at risk. That changes the equation. When the friction between data access and data protection goes down, innovation speeds up. It’s not just about compliance, it’s about agility at scale.
The reason more companies are moving in this direction is simple. Synthetic data lets you mimic real-world patterns without exposing actual information. Masking, when done right, allows dev and test teams to work without touching sensitive records. These aren’t workarounds, they’re strategic tools that create alignment between IT, data science, and compliance.
If you’re in leadership, look at where your teams are spending most of their time: AI integration, data analytics, and continuous delivery pipelines. Every one of those processes relies on fast, secure access to usable data. Privacy tech closes that gap without forcing teams to wait or compromise. It’s a capability, not just a precaution.
Misconceptions about the complexity and cost of data protection hinder the adoption of safer practices
A significant blocker to real progress in data protection comes down to perception. Many teams still view processes like data masking or synthetic generation as complex, manual, and too resource-intensive. That misconception is driving inaction across industries and leaving security gaps wide open.
Ross Millenacker, Senior Product Manager at Perforce, pointed out that too many organizations treat these solutions as more trouble than they’re worth. The result? Sensitive data continues to move through non-production environments without safeguards. That’s not just inefficient, it’s dangerous. These environments often have weaker controls, but they’re used regularly in development, testing, and AI pipelines. The longer this continues, the more exposed your data becomes.
For leadership, this is where clarity is critical. Most masking and synthetic data tools today are built for speed and scale. They don’t require workforce expansion or major infrastructure shifts. The tools are getting smarter, automated where possible, integrated with DevOps workflows, and built to minimize drag on development. Getting past the noise around difficulty or downtime is essential.
Real data protection isn’t about technology slowdowns. It’s about eliminating manual bottlenecks and controlling access to high-risk records from the start. That means investing in scalable tools that your teams can actually use without needing weeks of training. Misjudging these tools as cost centers rather than accelerators is a strategic error. If you’re not automating risk mitigation now, you’re stockpiling risk for later.
Companies are caught between the urgency of AI innovation and the pressures of regulatory compliance
This is the tension most executive teams are dealing with right now. On one side, pressure to move fast with AI adoption, get insights, automate processes, create competitive edges. On the other, rules around data use are getting tighter. Regulators are watching closely, and non-compliance is expensive, financially and reputationally.
Most companies fall into a middle zone. They understand the urgency to innovate but haven’t fully aligned their AI and compliance strategies. That leads to fragmented decisions, some teams pushing ahead with real-time model training, others flagging privacy issues too late. The result is confusion and operational conflicts that slow everyone down.
That gap has to close. You don’t need to pick between speed and security, you need to structure your systems so both are assumed. That means applying data control policies at the point of access. It means using synthetic data where real data isn’t necessary. And it means rethinking how risk factors into your product and AI delivery timelines.
Steve Karam, Principal Product Manager at Perforce, put it plainly: “The rush to adopt AI presents a dual challenge… Teams are feeling both immense pressure to innovate with AI and fear about data privacy.” His advice? Never train your AI models with personally identifiable information (PII). Use smarter alternatives. Synthetic data offers high fidelity without exposing anyone’s actual identity, and it supports scaling securely.
When you treat compliance as part of your product infrastructure, automated, integrated, and real-time, your systems don’t lag behind innovation. They stay ahead of it.
Integrated solutions like Perforce’s Delphix platform provide a unified approach to data compliance challenges
One of the most effective moves a company can make right now is simplifying how it handles sensitive data across AI and software development workflows. Fragmented tools and manual processes introduce risk, increase lag, and create inconsistencies that compound over time. Platforms that unify data security functions, masking, synthetic generation, delivery, are closing this gap.
Perforce’s Delphix DevOps Data Platform is an example of this shift. It now includes AI-powered synthetic data generation alongside established masking and delivery features. That means organizations can generate realistic, secure data for development, AI training, and testing without compromising compliance. It’s not stitched together, it’s architected for coordination across workflows.
Enterprise adoption is pointing in this direction because integrated platforms eliminate the disconnect between development velocity and privacy standards. With security functions running inline, teams don’t need workarounds or access exceptions. They get compliant data fast, configured to match policy automatically, not manually. That reduces exposure and increases scalability at the same time.
For leadership teams, this is where strategy and operations meet. It’s not just about checking a compliance box, it’s about building infrastructure that can support high-velocity innovation without turning every privacy requirement into a blocker. Alignment between AI, DevOps, and data privacy gives you leverage. It lowers risk, accelerates deployment, and pushes your organisation closer to technical maturity. When the tools are built to work together, the system aligns and scales naturally. That’s what high-performing environments look like.
Final thoughts
If you’re leading a company right now, you’re managing two opposing forces, move fast on AI, and don’t trip regulatory wire. Most organisations are still figuring out how to do both at once. But the ones who get ahead will treat privacy, security, and innovation as integrated, not competing, priorities.
Using sensitive data in unsecured environments isn’t a calculated risk. It’s a clear exposure, one that compounds with every development sprint, AI iteration, and dataset copy. The tools to fix this aren’t theoretical. Synthetic data, automated masking, and unified compliance platforms exist and work at scale.
The decision isn’t whether to invest in secure AI development, it’s when. And if you wait until an audit or breach forces the issue, you’ve already lost time, money, and trust.
Smart leaders understand that scalable innovation requires scalable protection. Build your systems with that in mind from the start, and you won’t need to pause when the pressure to deliver rises. You’ll already be moving.
