Mobile AI Is Everywhere. Cyber Underwriters Should Stop Trusting Self-Assessments

Estimated reading time: 10 minutes

NowSecure found that 95% of large organizations deploy AI inside mobile applications, while 37% lack behavioral monitoring, and apps built predominantly from third-party code report more than twice the security-incident rate.

Mobile AI cyber insurance underwriting is becoming more difficult as AI and third-party code spread through enterprise applications faster than security programs can assess them. NowSecure’s latest research suggests underwriters need to ask a harder question: Can an organization prove its controls work inside the mobile application that actually shipped?

The 2026 Mobile App Risk Management Survey found that 95% of surveyed organizations use AI capabilities in their mobile apps. Generative AI appeared in 81%, while 71% reported using AI agents.

Yet 37% said they had not implemented behavioral monitoring capable of showing what the AI does once the application is running.

That leaves a large group of organizations able to describe their AI policy but unable to independently demonstrate what models, agents, and third-party components are doing with customer or corporate data.

For cyber underwriters, that is the difference between an asserted control and a verifiable one.

The Mobile App Is Now a Supply Chain

The sharper underwriting finding involves third-party code.

Some 68% of respondents said software development kits and external libraries account for more than half the code in their mobile applications. Organizations in that group reported security incidents at more than twice the rate of organizations whose apps contain less than 50% third-party code.

Despite that exposure, only 49% said they always assess SDKs for security or AI-related risks before release.

NowSecure itself questioned that number. The company added a note to its release saying its market experience suggests SDKs are rarely vetted after their initial inclusion and calling the 49% response “highly optimistic.”

That qualification matters. A mobile app may be tested when it launches, but its dependencies continue to change. An analytics SDK can add AI functionality. A library update can introduce a new data destination. A third-party service can alter what information it collects without the insured rewriting its own code.

The exposure, therefore, does not stop at initial approval. Underwriters need to know whether the organization reassesses components after updates and whether a new application release can be blocked when a dependency introduces unacceptable behavior.

A Wording Error, Not a Data Error

The original press release incorrectly said that 74% of organizations had a formal AI governance policy. NowSecure later clarified that the discrepancy was caused by wording, not the underlying survey data.

According to the company:

  • 99% of respondents reported having some form of formal AI governance policy.
  • 74% said their policy covered all AI use across the organization.

That means AI governance policies were nearly universal among respondents, but roughly one-quarter did not extend those policies across their entire AI environment.

NowSecure said it corrected the wording in the archived version of the release.

The clarification does not eliminate the broader risk. Even organizations with formal governance policies may lack technical visibility into how AI operates inside production applications. Thirty-seven percent of respondents had not implemented AI behavioral monitoring, illustrating the difference between having rules on paper and being able to verify whether employees, applications and third-party components follow them.

That gap echoes the findings in our recent examination of shadow AI among senior executives: for cyber insurers, the existence of an AI policy is not the same as evidence that AI use is controlled.

See also  AI-Powered Social Engineering Spikes in 2026, Report Warns of Compressed Attack Timelines

The AI-Versus-Humans Claim Does Not Hold Up

One of the release’s more unusual claims involved asking Claude Sonnet, ChatGPT and Gemini to predict how security leaders would answer the survey.

According to NowSecure, the models were reasonably accurate when predicting responses about external business risk. On internal maturity, monitoring, and incident readiness, however, the models predicted substantially less confidence than the security leaders reported. The difference reached 60 percentage points on some questions.

The release then went further. It said the AI predictions tracked actual incident outcomes more closely than the respondents’ assessments of their own programs.

That sounds like a significant finding. It was not supported by the analysis.

Asked what incident data had been correlated with the AI predictions and how much more accurate the models had been, NowSecure acknowledged that it had performed no such correlation. The company submitted the questions to the models and recorded their answers, but did not test their predictive accuracy against incident data.

The model comparison can therefore illustrate a gap between outside skepticism and internal confidence. It cannot be established that the models were better predictors of security incidents.

That section should be treated as an experiment or framing device, not evidence that AI can assess mobile security maturity more accurately than security professionals.

Security Leaders May Be Overrating Their Programs

The survey’s industry findings nevertheless show a meaningful disconnect between perceived maturity and reported losses.

The report landing page says 65% of organizations describing their mobile security programs as advanced still experienced a security incident. In finance, 81% rated their programs as advanced, while 44% reported an incident. In high tech, 70% reported a major incident even though the sector represented some of the survey’s most technologically sophisticated organizations.

Those figures do not prove that the controls failed. An advanced security program can detect incidents that a weaker organization misses, and businesses with valuable data attract more attacks.

They do show why maturity labels such as “advanced,” “effective” or “fully implemented” make weak underwriting evidence on their own.

NowSecure told Cyber Insurance News that underwriters “should NOT trust self-assessments,” describing them as superficial and arguing that reported incidents are more reliable because respondents are likely to remember whether an event occurred.

The conclusion is directionally persuasive, but stronger than the underlying evidence permits. The incident answers were also self-reported. They were not independently verified through claims records, forensic reports or regulatory notifications.

An incident question may be less subjective than asking a leader to grade their program, but it is still an attestation.

What Underwriters Should Request Instead

NowSecure recommended that cyber insurers ask applicants for two pieces of evidence.

The first is an OWASP Mobile Application Security Verification Standard Level 1 assessment. MASVS provides a recognized baseline covering areas including storage, cryptography, authentication, network communications, platform interaction, and code quality. OWASP describes MASVS as an industry standard for mobile application security, although it also cautions that meeting the baseline does not guarantee an application is secure.

The report should identify the exact application, operating system, production version, and assessment date. A certificate covering an old build tells an underwriter little about what is currently in the app store.

The second is an AI Bill of Materials, or AI SBOM, showing the models, agents, SDKs, libraries and external services used by the application, ideally accompanied by the associated data flows.

See also  UK Longitudinal Cyber Survey Flags Cyber Insurance Uptick And Supplier Risk

That recommendation fits the larger underwriting problem we examined in When an AI Agent Causes the Loss and Agent Identity Becomes an Underwriting Question. Insurers need to know which identity initiated an action, which AI component handled it, what data it accessed, and where that data went.

AI Bill of Materials

AI Bills of Materials are developing quickly, but they are not yet a single universally adopted insurance artifact. OWASP and CycloneDX have created initiatives and machine-readable formats for documenting models, datasets, and AI dependencies. Underwriters will still need to specify what fields, evidence, and update frequency they expect.

At a minimum, a useful mobile AI submission should show:

  • The AI models, agents, SDKs, and APIs present in the production application.
  • The data that each component can collect, process, or transmit.
  • External endpoints and jurisdictions receiving that data.
  • The application version and date on which the evidence was produced.
  • Runtime monitoring or testing demonstrating actual behavior.
  • The process for reassessing dependencies after an update.

A static inventory without runtime evidence can show what developers intended to include. It may not reveal what the shipped application actually does.

App-Store Disclosures Are Not Enough

NowSecure also told Cyber Insurance News that underwriters should not rely on the data-use and privacy declarations displayed in the Apple and Google app stores. The company claimed that more than 90% were incorrect.

NowSecure did not provide supporting data for that figure in its response, so it should be treated as a vendor claim rather than an established survey finding.

The warning is still relevant. App Store disclosures are supplied by developers. They are not substitutes for independent testing, particularly when third-party SDKs can collect or transmit information outside the application owner’s direct code.

That creates the same evidence problem found throughout AI underwriting: organizations often report what their systems are supposed to do, while insurers need evidence of what they actually do.

The Coverage Question Comes Next

Better technical evidence will not by itself settle whether an AI-related loss is covered.

As our analysis of AI cyber insurance coverage gaps found, policies may cover AI-assisted ransomware or data theft while failing to respond to model restoration costs, harmful output, performance deterioration, or regulatory action when no covered network event occurred.

Mobile AI also complicates attribution. An incident may originate in first-party code, an external SDK, an AI service provider or an agent acting through a legitimate user’s permissions. That is part of the wider agentic AI authorization gap: the system can be authorized to act while still producing an unintended loss.

The application inventory, AI Bill of Materials, and runtime logs become important not only at underwriting. They may determine whether investigators can reconstruct the event and whether insurers can identify the responsible component after a claim.

Treat the Questionnaire as a Starting Point

NowSecure commissioned TrendCandy to survey 485 senior mobile application security leaders at North American organizations with at least 1,000 employees. The research covered finance, healthcare, high tech, and retail and was conducted during April and May 2026. Respondents were compensated, and the reported margin of error was plus or minus four percentage points.

The research is also vendor-sponsored. NowSecure sells mobile application testing and products designed to identify hidden AI, map data flows, and assess third-party components. Its commercial interest does not invalidate the findings, but it should inform how the recommendations are read.

See also  Envelop Risk Launches Envelop Underwriting, Appoints Dom Peters as CEO

The survey’s strongest contribution is not that AI models know more than security leaders. The company did not establish that.

It is evidence that mobile applications have become complex AI and third-party software supply chains, while cyber underwriting continues to depend heavily on broad questions answered by the organizations being insured.

A questionnaire can identify where to investigate. It cannot establish what is inside a shipped application, what data it moves, or whether the stated controls work.

For mobile AI risk, policy is not proof. The production application is.

FAQ – Mobile AI Cyber Insurance

How widely is AI being used in enterprise mobile applications?

NowSecure’s survey found that 95% of organizations use AI capabilities in their mobile apps. Generative AI was reported by 81% of respondents, while 71% said their applications use AI agents. However, 37% had not implemented AI behavioral monitoring.

Did NowSecure prove that AI models assessed mobile security risk more accurately than humans?

No. NowSecure asked Claude Sonnet, ChatGPT and Gemini to predict how security leaders would answer the survey, but the company did not correlate those predictions with independently verified incident data. Alan Snyder, CEO of NowSecure, said: “NowSecure did not correlate against any incident data, we just asked AI and AI answered.”

Why does third-party code matter to cyber insurers?

Sixty-eight percent of respondents said third-party SDKs and libraries account for more than half of their mobile application code. Organizations above that threshold reported security incidents at more than twice the rate of organizations whose apps contained less than 50% third-party code. Only 49% said they always assessed SDKs for security or AI-related risks before release.

Should cyber underwriters trust mobile security questionnaires and self-assessments?

They should not rely on them without supporting evidence. Snyder told Cyber Insurance News: “Underwriters should NOT trust self-assessments. They are superficial at best and the survey breach data confirms that point.” Self-reported answers can help identify areas for further review, but they should not be treated as proof that controls are effective.

What evidence should underwriters request when assessing mobile AI risk?

Snyder recommended requesting an OWASP MASVS Level 1 Standards Compliance report and an AI Bill of Materials, or AI SBOM. The evidence should identify the production application version, embedded AI models, agents, SDKs, external services and associated data flows. Underwriters should also seek runtime testing and evidence that third-party components are reassessed after updates.

Leave a Comment

×