AI risk is no longer just a hypothetical concern for North America’s largest companies. Autonomy Institute’s latest analysis shows that three out of four S&P 500 firms increased their AI risk disclosures this year, highlighting how deeply AI security issues are impacting corporate strategies.
The technology, software, and semiconductor industries face the greatest exposure. According to Cybernews research, this sector alone has 202 documented AI security risks across 61 companies – the highest in the index.
These risks include 40 flagged cases of potential intellectual property theft, 34 insecure AI outputs, and 32 instances of data leakage. The Autonomy Institute’s accompanying analysis highlights how widespread the issue is: one in five companies in the S&P 500 now list proprietary data or IP exposure as a top AI risk, and every single semiconductor company in the index updated its filings in 2025 to acknowledge significant AI threats.
Cybernews’ investigation reviewed public disclosures of AI use across 327 S&P 500 companies, finding nearly 1,000 real-world AI deployments, from internal analytics tools to customer-facing chatbots, and identifying 970 potential AI security issues in total. Each case included specific examples and was categorised into risks such as prompt injection, model extraction, and accidental data exposure.
For tech and semiconductor companies, the risk isn’t hypothetical. One malicious prompt can trick a model into revealing confidential code or unreleased design files. A continuous model-extraction attack can reconstruct algorithms and expose trade secrets. Cybernews warns that since these companies hold “a high concentration of proprietary algorithms and sensitive code,” they are “especially vulnerable to both data leaks and IP theft”.
“AI is now a core business driver. Without the right guardrails, it carries strategic risks, especially in tech and semiconductors,” explained Žilvinas Girėnas, Head of Product, nexos.ai. “IP theft, insecure outputs, and prompt-driven leaks are no longer theoretical. The solution is proactive: policy-first design, prompt redaction at the edge, strict model access controls, and audit-ready logs. This is how companies can protect their most valuable asset, their innovation, while still moving fast with AI.”
Why it matters
For technology and semiconductor companies, intellectual property isn’t just valuable — it is the core of the business. A single leak of source code, chip schematics, or proprietary algorithms can wipe out years of competitive advantage.
Recent incidents demonstrate how quickly things can go wrong. At Samsung, engineers pasted confidential code into ChatGPT, and that code became part of the model’s training data — leading to a corporate ban on generative AI.
In 2024, meanwhile, an EDA software company encountered a serious exposure: internal design automation prompts, used to guide the AI-assisted design of chip layouts and verification logic, were found circulating in developer forums after being entered into an unsecured third-party AI model. In multiple semiconductor companies, misconfigured AI assistants have exposed unreleased product specifications during internal testing.
These aren’t isolated mistakes. They indicate that without enforced AI policies, redaction during use, and strict model oversight, every AI query risks becoming a security breach.
“Tech companies are racing to ship AI features. That pace often skips the guardrails protecting code and designs. Centralised controls like policy, redaction, routing, and clear audit trails are the only way to keep innovation from becoming an IP liability,” added Girėnas.
Industry best practices
Girėnas recommends that organisations handling sensitive code, algorithms, or design files adopt:
- Centralised policy enforcement to block risky prompts and apply consistent output filters
- Automated PII and token-level redaction to strip or mask secrets before they reach AI models
- Strict model access controls and routing to keep sensitive workloads on private or approved systems
- Comprehensive audit logs to support IP tracking, compliance, and post-incident investigation
