Vanta, the AI-powered trust management platform, has released its third annual State of Trust Report for 2025, revealing a growing gap between the pace of AI-driven cyber threats and organizations’ ability to respond. The report, based on a survey of 3,500 IT and business leaders across the U.S., U.K., France, Germany, and Australia, highlights that 72% of organizations now believe their security risks are higher than ever—a significant jump from 55% in 2024. The surge in AI-powered threats is undeniable. Nearly half of all organizations reported increases in AI-generated phishing (49%), AI-driven malware (48%), and AI-facilitated identity theft or fraud (47%) over the past year. Despite these escalating dangers, 59% of leaders say AI threats are advancing faster than their teams’ ability to counter them. In response, organizations are turning to AI for defense. Eight in 10 leaders either already use AI agents or plan to adopt them within the year. However, this rapid adoption comes with growing concerns—65% admit their use of agentic AI outpaces their understanding of how it works, raising risks around control, transparency, and accountability. “AI has completely changed the security equation,” said Jeremy Epling, Chief Product Officer at Vanta. “It’s creating new risks at unprecedented speed, but it’s also one of the most powerful tools we have to strengthen defenses and reduce burnout. The real challenge is balance—using AI to enhance security without losing visibility or control. To build lasting trust, we need reliable, secure, and verifiable AI systems.” The report also uncovers a troubling paradox: as customers demand more proof of security, many teams are spending more time demonstrating compliance than actually improving it. Despite 80% of leaders believing that better security and compliance directly boost customer trust, most organizations underinvest—allocating only 10% of their IT budgets to security, well below the recommended 17%. This results in 12 weeks per year spent on compliance tasks and 9 weeks on vendor risk assessments—up from 11 and 7 weeks respectively in 2024. As a result, 61% of leaders say they spend more time proving security than improving it, and 64% describe current security frameworks as “security theater”—more about appearances than real protection. On a positive note, AI is helping ease the burden on overworked security teams. By automating repetitive, manual tasks, AI is freeing up time for strategic work, reducing burnout, and enabling teams to focus on high-impact security initiatives. Vanta will further explore these themes at VantaCon 2025: How AI is Rewriting Trust, taking place on November 19. The event will bring together leaders from companies like Duolingo, Anthropic, 1Password, Ramp, Ironclad, and Pendo to discuss the future of trust, risk, and compliance in the age of AI. The 2025 report was based on a July 2025 survey conducted by Sapio Research, with data from 2,500 respondents across the U.S., U.K., and Australia. The findings are compared to the 2024 report, which included 1,000 respondents in the U.S. and U.K. and 500 in Australia.