With companies in all sectors rushing to integrate AI across their organizations, there are growing concerns about AI and its impact on data security and privacy. The latest issue of Open MIC’s Material Tech reports that AI security incidents have more than doubled since 2024, with 63% of breached organizations having no AI governance mechanisms and 97% lacking basic access controls. At the same time, companies are collecting and aggregating more sensitive personal data than ever before. The combination of these two trends highlights a need for strong AI and cybersecurity governance practices
In late 2025, Open MIC worked with investors to file shareholder proposals at two companies that are using AI in ways that could impact the lives of millions of people: Equifax, the huge consumer credit reporting firm, and CVS Health, operator of CVS retail stores as well as Aetna insurance and other health-related businesses.
At Equifax, a shareholder proposal filed by the Nathan Cummings Foundation focused on the company’s increased deployment of AI “agents” and noted expert warnings that agentic AI could increase the threat of cyberattacks, reduce privacy protections for consumers, and potentially violate government regulations. The proposal requested a report from the company assessing how Equifax manages risks and opportunities associated with its development and deployment of agentic AI.
At CVS Health, a shareholder proposal filed by Open MIC focused on a reported company plan to spend more than $20 billion over the next decade on a number of AI initiatives, including AI-powered “personal health agents” that can analyze patients’ complete longitudinal data — including lab results, insurance claims, and wearable data. The proposal expressed concern that CVS Health’s board of directors may not be exercising sufficient oversight of cybersecurity threats to the company’s operations and requested changes to the company’s oversight of AI risk.
Following successful negotiations with Open MIC and its investor partners, Equifax and CVS Health both agreed to increase their disclosures regarding AI policies and practices in forthcoming shareholder filings, particularly with regard to AI risk, corporate governance and board oversight of AI. Additionally, Equifax said it would consider further disclosures regarding how it might use AI to improve credit access among consumers who have traditionally been denied it. Both Equifax and CVS Health also agreed to continued dialogue with investors in 2026 regarding cybersecurity and privacy concerns. On the basis of those representations, the shareholder proposals were successfully withdrawn.
