In just three years, AI has revolutionized how employees accomplish everyday work, and most businesses now have AI tools integrated to increase their effectiveness. However, as with every quickly spreading innovation, AI tools also attract cybercriminals who love to swim in unmonitored waters.
ESET’s 2026 SMB Cyber Readiness Index shows that small and medium-sized businesses (SMBs) widely integrate AI tools into their systems and are aware of threats vectoring from them. Still, many businesses lack policies on AI tools and admit to struggling to keep up with the latest cyber threats.
Key points of this article:
- Most SMBs are integrating AI tools into their operations and recognize their benefits but also acknowledge the new cybersecurity risks AI introduces.
- AI tools create new and serious attack vectors. Threats include misconfigured AI agents, prompt injection attacks, shadow AI, and agents bypassing security controls, making AI tools attractive targets for attackers.
- Real-world abuse of AI tools is already occurring as demonstrated by ESET research that has found thousands of malicious or suspicious AI skills.
- Many SMBs lack policies and struggle with preparedness. But the basics are important: secure data, manage access, and choose trusted vendors.
AI tools as threats
AI tools and agents can be effective “colleagues,” but attackers can trick them and abuse their privileges, just like human employees. Check out this list of threats vectoring from AI integration:
Misconfigured AI agents can access or move sensitive data, trigger workflows, or perform privileged cloud operations.
Many AI agents bypass security procedures like MFA and run 24/7, making them attractive targets.
Prompt-injection attacks can turn AI agents into insider threat actors who, for example, steal their company’s data.
Shadow AI: When employees use ChatGPT-like tools without company approval, they risk leakage of sensitive data, reputational damage, and legal problems caused by a lack of visibility into where sensitive data is being processed.
These are no theoretical threats; AI tools are already a high-value target. IBM’s Cost of a Data Breach Report 2025 analyzed 600 organizations impacted by breaches between March 2024 and February 2025 and found that 13% of organizations reported breaches that involved their AI models or applications. And among those that did, almost all (97%) lacked proper AI access control.
Most of these incidents occurred in the AI supply chain through compromised apps, APIs, or plug-ins, leading to broad data compromise (60%) and operational disruption (31%).
Real-world AI tools abuse
Recently, ESET researchers published a blog documenting AI-related attacks abusing agentic skills—sets of instructions, scripts, and reference materials that can act as a substitute for a complicated series of prompts—effectively simplifying work with AI agents. These skills are often publicly available for free, posing a threat to tech-savvy users who want to improve their workflows.
For example, ESET researchers found a weather forecasting skill that allows the AI agent to query a free service such as Open‑Meteo. However, this skill secretly operated as an infostealer, gathering user secrets such as session tokens and API keys, and then exfiltrated the data to an attacker‑controlled server.
There are thousands of such skills being added daily. So far, ESET has scanned over 800,000 skills, finding that around 25,000 of them are at least suspicious; more than 3,000 were blocked as clearly malicious.
Here is what ESET found in checked skills:
Trojans: Malware disguised as legitimate software that tricks users into installing it, allowing attackers to gain unauthorized access or perform harmful actions.
Downloaders: Malicious programs designed to secretly download and install additional malware onto a compromised system.
Backdoors: Hidden methods of bypassing normal authentication to gain remote control of a system without the user's knowledge.
Spyware: Software that covertly collects information about a user’s activities and sends it to a third party.
Keyloggers: Programs or devices that record keystrokes to capture sensitive information like passwords and credit card details.
Cryptominers: Malware that hijacks a system’s resources to mine cryptocurrency without the user’s consent.
Social engineering and phishing techniques: Deceptive tactics that manipulate individuals into revealing confidential information or performing unsafe actions, often through fake messages or websites.
Some SMBs still ignoring AI to their doom
According to the ESET 2026 SMB Cyber Readiness Index, 73% of surveyed businesses are integrating AI, though 70% acknowledge it introduces new risks.
At the same time, 40% of surveyed SMBs do not have policies restricting the use of AI applications outside approved processes or platforms, i.e., shadow AI.
The ESET data also revealed that most businesses (73%) which don’t integrate AI tools also tend to ignore the relevance of AI policies. However, as stated at the beginning of this blog, employees can still use publicly available tools to improve their workflow without their company knowing, despite—or perhaps, because—the company does not integrate any AI tools.
The latest data from Verizon’s 2026 Data Breach Investigations Report, published this May, shows that 45% of employees are now considered regular users of AI. At the same time, 67% of GenAI services’ users have non-corporate accounts on their corporate devices to access AI services.
To some degree, it looks like SMBs know that they lack awareness of these kinds of threats. Although 75% of surveyed businesses are confident about their cybersecurity (and the number is even higher in North America—86%), 34% are concerned mostly about keeping up with the latest threats.
AI tools – How to use them safely
At this point, it is worth summarizing the basics of safe AI tool use (at least for that one-third of SMBs found in the ESET report that still don’t ban shadow AI).
Protect sensitive data: Avoid inputting confidential information (customer data, financial records, trade secrets) into public AI tools. Use tools that support data encryption, access controls, and data residency options. Give preference to enterprise-grade AI solutions with clear data usage policies.
Set clear usage policies: Create internal guidelines for employees, including which AI tools are approved and what data can and cannot be shared, and set acceptable use cases. Train staff regularly to prevent accidental misuse.
Verify AI outputs: AI makes mistakes—a lot of them. For example, research conducted by the European Broadcasting Union (EBU) and the BBC from October 2025 found that AI assistants misrepresent news content 45% of the time. Always fact-check outputs.
Control access and permissions: Restrict AI tool access based on your staff member’s roles (least-privilege principle), use multi-factor authentication (MFA), and regularly review who has access.
Choose compliant and trusted vendors: Select AI providers that comply with standards like GDPR, ISO 27001, or SOC 2. Review vendor policies on data storage, retention, and model training.
Staying ahead with ESET
ESET has long been a pioneer in artificial intelligence, adopting emerging AI technologies even before they gained worldwide recognition.
Did you know?
The AI journey at ESET began with early implementation in 1997 focused on improving the detection of macro viruses, testing and confirming that machine learning algorithms could improve their customers’ protection.
Recently we introduced the ESET AI Skills Checker, which analyzes the behavior of AI agents’ skills. This functionality is bundled into ESET endpoint security software and its XDR solution, and has also been made publicly available as a free tool.
In May 2026, ESET announced a €40 million investment in the future of AI-powered cybersecurity. This includes strengthening its research and development team, accelerating the development of cybersecurity-focused foundational AI models, advancing a new generation of AI-driven Security Operations Center (SOC) technologies, and building a protection layer to secure communication between users, AI agents, business applications, and AI models.
“ESET has long led the way in applying AI to cybersecurity,” said Juraj Jánošík, ESET VP of Artificial Intelligence. “What’s changing now is the role that AI plays. AI tools are becoming part of everyday work, agentic systems are expanding the attack surface, and security teams need faster ways to respond to threats. This investment lets us work across the full horizon: securing AI use, building AI models for cybersecurity, and bringing autonomous capabilities into security operations under human oversight.”
Progress. Protected.
With the worldwide adoption of AI tools, humanity, including cybercriminals, have entered a new chapter. AI technologies will increasingly be integrated into business systems, driving employee productivity while also introducing risks of misuse.
To stay safe, SMBs should adopt these technologies with caution, educate themselves about potential threats, and protect their data with advanced solutions that use AI to defend against AI-driven threats.
Find out more in the ESET SMB Cyber Readiness Index 2026.
Frequently Asked Questions (FAQs)
Why are AI tools risky for SMBs?
AI tools can be exploited by attackers through vulnerabilities such as misconfigurations, prompt injections, and a lack of access controls, potentially leading to data leaks, unauthorized actions, or system compromise.
What is “shadow AI” and why is it dangerous?
Shadow AI refers to employees using unauthorized AI tools without company approval. This can result in sensitive data exposure, compliance issues, and a lack of visibility over how data is handled.
What types of attacks are commonly seen in AI environments?
Common threats include prompt injection attacks, malware hidden in AI skills (trojans, spyware, cryptominers), compromised APIs or plugins, and the abuse of AI agents’ privileges.
Are SMBs prepared to deal with AI-related threats?
Not fully. While many SMBs are confident in their cybersecurity, a significant portion lack formal AI policies and struggle to keep up with rapidly evolving threats.
How can SMBs use AI tools safely?
They should protect sensitive data, enforce clear usage policies, verify AI outputs, control access with the least-privilege principle and MFA, and choose trusted, compliant AI vendors.
