Manufacturers’ AI adoption is outpacing cyber, compliance, and risk governance

According to a new report, manufacturers’ rapid adoption of artificial intelligence is outpacing their ability to govern AI-driven cyber and supply chain risk.

The manufacturer-specific findings are included in a report from risk management and compliance firm Kiteworks. The report, Data Security and Compliance Risk: 2026 Forecast Report, notes that while manufacturers lead many industries in operational AI controls such as human oversight and real-time monitoring, they remain underprepared for adversarial AI attacks, regulatory scrutiny, and third-party AI failures—risks that are increasingly surfacing across global supply chains.

The findings are based on a global survey of 225 security, IT, compliance, and risk leaders, including 27 from manufacturing organizations.

Strong operational controls, emerging cyber blind spots

Kiteworks’ analysis shows that manufacturing organizations outperform global peers in production-critical AI controls. Sixty-three percent of manufacturers report maintaining human oversight of AI systems, and 56% monitor AI data flows through gateways, reflecting the sector’s long-standing focus on safety, uptime, and operational reliability.

However, Kiteworks warns that these strengths are not translating into resilience against intentional cyber threats.

Only 7% of manufacturers conduct AI red teaming or adversarial testing, less than half the global average, the report found. As AI systems increasingly influence production scheduling, quality inspection, predictive maintenance, and supplier coordination, Kiteworks says this lack of adversarial testing significantly expands the manufacturing attack surface.

“Manufacturing has built AI governance for reliability, not hostility,” Tim Freestone, chief strategy officer at Kiteworks, said in a statement. “That works when failures are accidental. It fails when threats are intentional. AI systems don’t just break. They get attacked.”

SCMR has previously reported that many supply chain organizations continue to underestimate cyber risk despite increasing digital interconnectivity, noting that cybersecurity “remains one of the least mature risk domains in global supply chains.”

Compliance and audit readiness lag AI adoption

Kiteworks’ report also highlights significant compliance gaps that could leave manufacturers exposed as AI oversight expands globally.

Only 15% of manufacturing organizations conduct privacy impact assessments, and just 19% maintain evidence-quality audit trails. Without these controls, Kiteworks warns, organizations may struggle to demonstrate compliance with emerging AI regulations or defend decisions during regulatory or customer inquiries.

Related Podcast

 

Talking Supply Chain: Is AI expanding cyber risk?

In a recent episode of the Talking Supply Chain podcast, SCMR Editor-in-Chief Brian Straight sits down with Tim Freestone, chief strategy officer at Kiteworks, to unpack the report’s findings, and go further. The conversation explores why manufacturers are underestimating adversarial AI threats, where supply chain cyber risk is most likely to emerge, and what practical steps leaders can take now to protect their operations. Listen to the full episode here.

Click to Listen

 

This finding echoes broader analysis showing that many supply chain organizations lack the documentation and governance frameworks needed to manage cyber risk proactively, particularly across international operations and regulatory regimes.

Kiteworks cautions that while manufacturers may detect AI-related anomalies through monitoring, weak audit trails will limit their ability to investigate root causes, remediate incidents, or explain outcomes to regulators and customers.

Supply chain AI risk emerges as systemic threat

A central concern in the Kiteworks’ forecast is the growing gap between internal AI governance and third-party AI risk across manufacturing supply chains.

Despite mature quality and safety frameworks, AI systems used by suppliers, logistics partners, and technology vendors often operate without equivalent governance, auditability, or accountability. Kiteworks warns that failures in these external systems are increasingly likely to disrupt production environments.

“Manufacturers have world-class supply chain discipline, but AI has entered the ecosystem faster than governance,” said Patrick Spencer, SVP of Americas marketing and industry research at Kiteworks. “When supplier AI systems fail, the impact shows up on the production line, not in a policy document.”

SCMR has highlighted similar concerns, noting that supply chain cybersecurity failures frequently originate outside the enterprise, where visibility and control are weakest

Five AI risk predictions for manufacturers in 2026

Based on its analysis, Kiteworks outlines five predictions manufacturers should act on immediately:

• Adversarial AI attacks will exploit testing gaps. With 93% of manufacturers lacking adversarial testing, AI systems will be targeted through model poisoning, data manipulation, and inference attacks.
• Compliance documentation gaps will drive regulatory exposure. Limited use of privacy impact assessments and audit-quality evidence will increase enforcement and reputational risk.
• Monitoring will outpace forensic readiness. Manufacturers will detect incidents but lack the data needed to investigate or defend their actions.
• OT-AI convergence will outgrow IT-centric governance. As AI embeds deeper into operational technology, traditional IT governance frameworks will fall short.
• Third-party AI failures will disrupt production. Supplier and partner AI risks will remain under-governed, with minimal board-level oversight.

Closing the gap between operational excellence and AI resilience

Kiteworks recommends that manufacturers extend existing safety and quality disciplines to AI governance by:

• Implementing adversarial AI testing programs
• Strengthening compliance documentation and audit trails
• Building forensic-ready incident response capabilities
• Developing AI-specific OT governance models
• Elevating supply chain AI risk to board-level oversight

“Manufacturers do not need to abandon their operational DNA,” Freestone concluded. “They need to extend it. The same discipline that keeps factories safe and productive must now be applied to adversarial AI risk, regulatory proof, and supply chain accountability. Those who adapt will lead. Those who do not will be disrupted quietly, systematically, and expensively.”

SC
MR