Joint study with ZK Research reveals a massive mobile AI blind spot, revealing that 63% of enterprises have already investigated severe AI-fueled data leaks.
BOSTON--(BUSINESS WIRE)--Lookout, the leader in mobile-centric security, today released the findings of an exclusive survey report conducted with ZK Research, titled “Solving for the Mobile AI Blind Spot: Executive Confidence Meets Technical Reality.” The independent study exposes a systemic architectural failure. An overwhelming 93% of security executives voice absolute confidence in their AI governance, yet traditional network perimeters are completely blind to a massive mobile shadow AI ecosystem.
The evolution of the mobile AI threat landscape
The rapid enterprise shift from desktop browsers to mobile applications has fundamentally broken traditional data security perimeters. When organizations block or throttle generative AI tools on corporate laptops, employee behavior shifts, rather than stops. To maintain productivity, employees rely on the ultimate shadow AI bypass route. Their personal devices. Today, 52% of all generative AI usage occurs on mobile endpoints, with global knowledge workers routinely uploading sensitive source code, corporate records, and intellectual property.
The technical reality: High spend, zero visibility
Driven by legacy, desktop-era security thinking, organizations are throwing an average of 19% of their 2026 security budgets at AI compliance. Despite this heavy spend, traditional security frameworks are experiencing a systemic structural failure when confronted with mobile-native generative and agentic AI:
- The Dark Traffic Route: 59% of mobile AI traffic is hidden from traditional network-discovery tools, routing directly between local apps and external clouds without ever crossing a corporate gateway.
- The Agentic Blind Spot: 68% of enterprises have zero technical visibility into autonomous AI agent workflows that inherit user identity and single sign-on (SSO) tokens to manipulate corporate records out of sight.
- The Hidden SDK Supply Chain: 72% of organizations are structurally incapable of auditing embedded AI Software Development Kits (SDKs) hidden inside benign-looking everyday mobile applications.
This absence of mobile-native visibility has immediate operational and board-level consequences. The report confirms that 63% of organizations have actively investigated severe data leaks within the past 12 months where generative AI tools were a definitive contributing factor. Furthermore, 78% of security leaders admit they cannot generate the audit-ready evidence required by emerging frameworks like the EU AI Act, exposing organizations to devastating, tiered global statutory fines that reach up to €35 million or 7% of an enterprise's total global annual turnover.
"Enterprises are burning nearly a fifth of their security budgets trying to solve a 2026 problem with desktop-era tactics," said Zeus Kerravala at ZK Research. “Relying on binary web-filtering completely destroys employee productivity and has forced 84% of IT leaders to actively stall business-led AI initiatives. Meanwhile, forcing all mobile data traffic to backhaul through heavy cloud sandboxes introduces crippling user latency and triggers massive cloud compute bills. You cannot secure data fluidly by turning the user's phone into a non-functional silo. True mobile compliance must happen natively at the edge."
Lookout AI Visibility & Governance
To bridge the gap between false security confidence and technical reality, enterprises must abandon perimeter-tied discovery models and deploy a dedicated, mobile-native architecture.
The survey’s findings directly reinforce the critical importance of Lookout’s recent launch of Lookout AI Visibility & Governance. Purpose-built to eliminate the heavy operational friction and "virtualization tax" of legacy architectures, Lookout treats the physical endpoint as the primary control point for AI risk. Operating natively and non-disruptively inside the device environment, Lookout addresses the exact blind spots revealed in the ZK Research data through three primary pillars:
- Comprehensive AI Application Discovery: Instantly unmasks every AI-enabled system, background process, and embedded SDK touching corporate data fabrics to neutralize the 72% supply chain visibility gap.
- Agentic Behavior Mapping: Tracks autonomous agent actions and single sign-on permission extensions in real-time to proactively block unsanctioned workflows before data exfiltration occurs.
- Inline Mobile Edge Data Guardrails: Enforces real-time, content-aware data loss prevention (DLP) directly on the physical device, stopping sensitive corporate properties and PII from reaching unsanctioned AI models before it can ever leave the device perimeter.
"Acceptable-use policies and passive corporate mandates are useless without active, technical enforcement at the edge," said Firas Azmeh, President of Mobile Endpoint Security at Lookout. "AI governance has escalated to a board-level priority, with 97% of leaders agreeing it is mission-critical. Lookout systematically converts these invisible mobile liabilities into fully managed enterprise assets, giving organizations the confidence to embrace the AI revolution securely."
Join the virtual panel discussion on June 11th
To help organizations navigate these findings and bridge the mobile AI visibility gap, Lookout will host an exclusive virtual panel on Thursday, June 11, 2026.
Moderated by Zeus Kerravala, Principal Analyst at ZK Research, the panel will feature top cybersecurity executives dissecting shadow permissions, embedded SDK exposure, and practical strategies for enforcing edge-based data guardrails.
- What: Solving for the Mobile AI Blind Spot (Virtual Panel)
- When: Thursday, June 11, 2026 at 8:00 am PT
- Moderator: Zeus Kerravala, ZK Research
- Registration: To secure your virtual seat, register now
About Lookout
Lookout, Inc. is the leader in mobile-centric security, purpose-built for the convergence of mobile and AI. Backed by more than 15 years of specialized expertise and one of the industry’s most comprehensive mobile threat telemetry datasets, Lookout empowers organizations to secure and govern the modern, mobile-driven enterprise.
By delivering deep visibility into mobile endpoints, applications, network traffic, and AI-driven interactions, Lookout enables organizations to detect threats earlier, enforce policies in real time, and protect sensitive data wherever work happens. Its platform extends beyond traditional device security to address human-targeted threats, application-layer risk, and the growing impact of autonomous AI systems—helping enterprises reduce risk, maintain compliance, and operate with confidence in an increasingly mobile and AI-powered world. To learn more, visit www.lookout.com and follow Lookout on our blog, LinkedIn and X.
About ZK Research
ZK Research provides independent research and analysis on enterprise infrastructure, cloud computing, and digital operations, helping enterprises make informed technology decisions.
Founder and principal analyst, Zeus Kerravala. Kerravala provides tactical advice and strategic guidance to help his clients in both the current business climate and the long term. He delivers research and insight to the following constituents: end-user IT and network managers; vendors of IT hardware, software and services; and members of the financial community looking to invest in the companies that he covers.
© 2026 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.
Contacts
Contact Lookout PR: press@lookout.com
